Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Firewall schaltet sich ab, diverse weitere Probleme

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.11.2016, 01:39   #1
the_clown
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Hallo zusammen!

Ich habe mir Anfang September ein Lenovo X1 Carbon gekauft, und von Win8 auf Win10 upgegraded. Seit ca. 2 Wochen treten einige Seltsamkeiten auf:

- Nach dem Start wird mir angezeigt, dass die Windows Firewall ausgeschaltet ist und ich sie einschalten solle (ich habe sonst keine andere Firewall installiert, so dass Windows die systemeigene firewall ausschalten wuerde).

- Mein WiFi Adapter verliert regelmaessig nach 30 Minuten die Verbindung (Verbindung zum Router besteht noch, aber kommt nicht mehr ins Internet). Die Problembehanldung funktioniert nicht, da Windows den Wifi-Adapter nicht zuruecksetzen kann.

- Die Optionen meines Wireless-Adapters im Geraetemanager kann ich nicht bearbeiten - aendere ich Einstellungen oder will ich den Geraetetreiber deinstallieren, so haengt sich das Dialogfeld auf.

- Neustart funktioniert nicht mehr - der Computer zeigt mir an, dass er runterfaehrt aber beendet das nicht.

- Kann auf zahlreiche Einstellungen nicht zugreifen, zB das Passwort des windows-eigenen Bitlocker aendern ("Aus Sicherheitsgruenden koennen einige Einstellungen nur durch den Systemadministrator geaendert werden"). Ich bin definitv Admin, und auch im Admin-Account erscheint das Dialogfeld.


Das sind zu viele Auffaelligkeiten als dass ich es nur auf normale Softwareprobleme schieben wuerde. Habe schon nach fehlerhaften Systemdateien gescannt ohne Ergebnis. malewarebites habe ich heruntergeladen und gescannt, kein Ergebnis. Ich koennte mir gut vorstellen, dass ich mir etwas eingefangen habe, was Malewarebites evtl. nicht erkennt. Ich wuerde Windows natuerlich sofort neu installieren, aber das beseitigt ja nicht saemtliche Maleware und ich haette weiterhin die gleichen Probleme.

Bin sehr dankbar fuer Vorschlaege! Toll, dass es so eine hilfreiche Community gibt.

Die Logfiles haben leider zu viele Zeichen, daher muss ich sie anhaengen.
Angehängte Dateien
Dateityp: zip FRST_Logss.zip (32,4 KB, 5x aufgerufen)

Geändert von the_clown (15.11.2016 um 01:59 Uhr)

Alt 15.11.2016, 12:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 15.11.2016, 15:54   #3
the_clown
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Alles klar! Ich dachte, das widerspricht dann der Regel, nicht auf seinen Beitrag zu anworten, da dieser sonst als "bereits bearbeitet" gilt. Sorry!

Hier kommen die Logfiles:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Flo (administrator) on FLO-PC (14-11-2016 19:51:32)
Running from C:\Users\Flo\Downloads
Loaded Profiles: Flo (Available Profiles: Flo & Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\InstantOn\InstantOnSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Node.js) C:\Windows\Prey\versions\1.6.3\bin\node.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.6.3\node_modules\triggers\bin\lightevt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\tpfsm.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
() C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Flux Software LLC) C:\Users\Flo\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\Lenovo\OneLink Plus Dock\onelinkpromgn.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [555688 2015-08-21] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [296648 2015-09-29] (Lenovo Group Limited)
HKLM\...\Run: [Intel(R) WiDi Receiver Updater] => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [89600 2015-10-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-15] (Microsoft Corporation)
HKLM-x32\...\Run: [OneLinkManager] => C:\Program Files (x86)\Lenovo\OneLink Plus Dock\onelinkpromgn.exe [1083904 2015-05-29] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25673776 2016-11-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1209344 2016-07-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-09-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Run: [Spotify Web Helper] => C:\Users\Flo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-10] (Spotify Ltd)
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Run: [Spotify] => C:\Users\Flo\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-10] (Spotify Ltd)
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Run: [f.lux] => C:\Users\Flo\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-09-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2e783c49-88ea-42d2-abf2-20773d4b53ca}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{410e1da1-adce-4c86-bc03-bb749a8bc665}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{b0453f8d-2581-40d0-9d4b-f11d4f9dc3f6}: [DhcpNameServer] 172.168.127.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001 -> DefaultScope {B0CBF6BF-5D86-418F-861A-FB36709F999B} URL = 
SearchScopes: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001 -> {B0CBF6BF-5D86-418F-861A-FB36709F999B} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: h7t66pve.default
FF ProfilePath: C:\Users\Flo\AppData\Roaming\Zotero\Zotero\Profiles\h7t66pve.default [2016-11-06]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2016-09-13] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2016-09-13] [not signed]
FF ProfilePath: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948 [2016-11-14]
FF Session Restore: Mozilla\Firefox\Profiles\1jensfee.default-1476142928948 -> is enabled.
FF Extension: (InvisibleHand) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2016-11-09]
FF Extension: (Honey) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2016-10-10]
FF Extension: (Dict.cc Translation) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\searchdictcc@roughael.xpi [2016-10-11]
FF Extension: (LastPass) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\support@lastpass.com [2016-10-11]
FF Extension: (Zotero) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\zotero@chnm.gmu.edu.xpi [2016-11-02]
FF Extension: (Video DownloadHelper) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-11]
FF Extension: (Adblock Plus) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28]
FF Extension: (Greasemonkey) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-10-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-10-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2505514951-2072466002-1266771838-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\Flo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.96\npGatewayNpapi.dll [2016-08-18] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2505514951-2072466002-1266771838-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\Flo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.96\npGatewayNpapi-x64.dll [2016-08-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Flo\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-09-23] (Cisco WebEx LLC)

Chrome: 
=======
CHR Profile: C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default [2016-11-11]
CHR Extension: (Google Docs) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-15]
CHR Extension: (Google Drive) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-15]
CHR Extension: (Adobe Acrobat) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-15]
CHR Extension: (Chrome Media Router) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-10-15] (Fork, Ltd.) [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-05-12] (Conexant Systems, Inc.) [File not signed]
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [154816 2016-07-18] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-13] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-11-07] (Dropbox, Inc.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [125032 2015-06-26] (Intel Corporation)
S3 IEEtwCollectorService; C:\windows\system32\IEEtwCollector.exe [114688 2016-08-31] (Microsoft Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [61256 2016-10-05] (Lenovo Group Limited)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 Lenovo Instant On; C:\Program Files\Lenovo\InstantOn\InstantOnSrv.exe [3123728 2016-07-20] (Lenovo Group Limited)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197320 2015-09-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [114632 2015-07-13] (Lenovo Group Limited)
S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Aviata, Inc.)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-09-06] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [1725952 2015-12-12] (Pharos Systems International) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 SAService; C:\WINDOWS\system32\SAsrv.exe [416256 2016-07-05] (Conexant Systems, Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28544 2016-09-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [275032 2016-10-25] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d62x64.sys [519680 2015-12-08] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [47896 2015-11-05] (Intel)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [258832 2015-07-06] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation)
R1 InstantOn; C:\Program Files\Lenovo\InstantOn\InstantOn.sys [25856 2015-10-14] (Lenovo Group Limited)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [135448 2015-11-08] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [71448 2015-11-08] (Intel)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-08-18] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3119360 2016-05-25] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [80992 2016-10-25] (Synaptics Incorporated)
S1 SMIDriver; C:\WINDOWS\system32\DRIVERS\SynaSmi.sys [46896 2016-07-26] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 SynaMetSMI; C:\WINDOWS\system32\DRIVERS\SynaSmi.sys [46896 2016-07-26] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-07-10] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 19:51 - 2016-11-14 19:52 - 00032248 _____ C:\Users\Flo\Downloads\FRST.txt
2016-11-14 19:50 - 2016-11-14 19:51 - 00000000 ____D C:\FRST
2016-11-14 19:50 - 2016-11-14 19:50 - 02411520 _____ (Farbar) C:\Users\Flo\Downloads\FRST64.exe
2016-11-13 22:55 - 2016-11-13 22:55 - 93742208 _____ (Intel(R) Corporation) C:\Users\Flo\Downloads\Wireless_19.20.0_PROSet64_Win10.exe
2016-11-13 19:46 - 2016-11-13 19:46 - 00996238 _____ C:\Users\Flo\Downloads\BEDE15_0989_BPM_Mgmt_Summary_final_web.pdf
2016-11-13 19:30 - 2016-11-13 19:30 - 00002584 _____ C:\Users\Flo\Downloads\HSoG_Academic_Transcript.pdf
2016-11-12 15:01 - 2016-11-12 15:14 - 330916357 _____ C:\Users\Flo\Downloads\quantico.s01e04.dvdrip.x264-demand.mkv
2016-11-11 18:48 - 2016-11-11 18:48 - 00249393 _____ C:\Users\Flo\Downloads\your-ticket(1).pdf
2016-11-11 18:47 - 2016-11-11 18:47 - 00257280 _____ C:\Users\Flo\Downloads\your-ticket.pdf
2016-11-11 18:19 - 2016-11-11 18:19 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-11 17:49 - 2016-11-11 17:49 - 913269832 _____ C:\WINDOWS\MEMORY.DMP
2016-11-11 17:49 - 2016-11-11 17:49 - 00938604 _____ C:\WINDOWS\Minidump\111116-5421-01.dmp
2016-11-11 17:49 - 2016-11-11 17:49 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-11 11:25 - 2016-11-11 11:26 - 320241408 _____ C:\Users\Flo\Downloads\quantico.s01e03.dvdrip.x264-demand.mkv
2016-11-11 11:22 - 2016-11-11 11:23 - 03127765 _____ C:\Users\Flo\Desktop\stratfor.pdf
2016-11-11 11:21 - 2016-11-11 11:22 - 09191788 _____ C:\Users\Flo\Desktop\FP.pdf
2016-11-10 17:36 - 2016-11-10 17:36 - 00015060 _____ C:\Users\Flo\Desktop\Week 12 Readings.txt
2016-11-10 15:58 - 2016-11-10 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-10 15:37 - 2016-11-14 19:23 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-10 15:37 - 2016-11-10 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-11-10 15:37 - 2016-11-10 15:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-10 15:37 - 2016-11-10 15:37 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-11-10 15:37 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-10 15:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-10 15:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-10 15:36 - 2016-11-10 15:36 - 22851472 _____ (Malwarebytes ) C:\Users\Flo\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-10 15:35 - 2016-11-10 15:36 - 177912864 _____ (Kaspersky Lab) C:\Users\Flo\Downloads\kis17.0.0.611en_10743.exe
2016-11-10 15:34 - 2016-11-10 15:34 - 00029179 _____ C:\ProgramData\agent.1478810036.bdinstall.bin
2016-11-10 15:29 - 2016-11-10 15:29 - 00000000 ____D C:\Users\Flo\AppData\Local\TempOfficeC2R4B6C70D2-6839-4002-B705-9E8628A729A5
2016-11-10 15:28 - 2016-11-10 15:28 - 00020434 _____ C:\ProgramData\agent.1478809723.bdinstall.bin
2016-11-10 15:14 - 2016-11-10 15:36 - 381971213 _____ C:\Users\Flo\Downloads\quantico.s01e02.dvdrip.x264-demand.mkv
2016-11-10 11:42 - 2016-11-10 11:42 - 00000000 ____D C:\Users\Flo\AppData\Local\TempOfficeC2R6F8D2ECE-FDDA-46CE-AF23-E0B25F9CFEC7
2016-11-09 20:01 - 2016-11-09 20:09 - 1096836983 _____ C:\Users\Flo\Downloads\Interstellar.2014.720p.BluRay.x264.YIFY.mp4
2016-11-08 21:20 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-08 21:20 - 2016-11-02 07:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-08 21:20 - 2016-11-02 06:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-08 21:20 - 2016-11-02 06:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-08 21:20 - 2016-11-02 06:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-08 21:20 - 2016-11-02 06:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-08 21:20 - 2016-11-02 06:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-08 21:20 - 2016-11-02 06:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-08 21:20 - 2016-11-02 06:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-08 21:20 - 2016-11-02 06:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-08 21:20 - 2016-11-02 06:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-08 21:20 - 2016-11-02 06:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-08 21:20 - 2016-11-02 06:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-08 21:20 - 2016-11-02 06:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-08 21:20 - 2016-11-02 06:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-08 21:20 - 2016-11-02 06:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-08 21:20 - 2016-11-02 06:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-08 21:20 - 2016-11-02 06:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-08 21:20 - 2016-11-02 06:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-08 21:20 - 2016-11-02 06:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-08 21:20 - 2016-11-02 06:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-08 21:20 - 2016-11-02 06:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-08 21:20 - 2016-11-02 06:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-08 21:20 - 2016-11-02 06:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-08 21:20 - 2016-11-02 06:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-08 21:20 - 2016-11-02 06:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-08 21:20 - 2016-11-02 06:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-08 21:20 - 2016-11-02 06:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-08 21:20 - 2016-11-02 06:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-08 21:20 - 2016-11-02 06:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-08 21:20 - 2016-11-02 06:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-08 21:20 - 2016-11-02 06:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-08 21:20 - 2016-11-02 06:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-08 21:20 - 2016-11-02 06:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-08 21:20 - 2016-11-02 06:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-08 21:20 - 2016-11-02 06:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-08 21:20 - 2016-11-02 06:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-08 21:20 - 2016-11-02 06:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-08 21:20 - 2016-11-02 05:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-08 21:20 - 2016-11-02 05:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-08 21:20 - 2016-11-02 05:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-08 21:20 - 2016-11-02 05:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-08 21:20 - 2016-11-02 05:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-08 21:20 - 2016-11-02 05:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-08 21:20 - 2016-11-02 05:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-08 21:20 - 2016-11-02 05:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-08 21:20 - 2016-11-02 05:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-08 21:20 - 2016-11-02 05:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-08 21:20 - 2016-11-02 05:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-08 21:20 - 2016-11-02 05:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-08 21:20 - 2016-11-02 05:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-08 21:20 - 2016-11-02 05:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-08 21:20 - 2016-11-02 05:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-08 21:20 - 2016-11-02 05:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-08 21:20 - 2016-11-02 05:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-08 21:20 - 2016-11-02 05:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-08 21:20 - 2016-11-02 05:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-08 21:20 - 2016-11-02 05:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-08 21:20 - 2016-11-02 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-08 21:20 - 2016-11-02 05:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-08 21:20 - 2016-11-02 05:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-08 21:20 - 2016-11-02 05:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-08 21:20 - 2016-11-02 05:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-08 21:20 - 2016-11-02 05:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-08 21:20 - 2016-11-02 05:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-08 21:20 - 2016-11-02 05:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-08 21:20 - 2016-11-02 05:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-08 21:20 - 2016-11-02 05:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 21:20 - 2016-11-02 05:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-08 21:20 - 2016-11-02 05:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-08 21:20 - 2016-11-02 05:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-08 21:20 - 2016-11-02 05:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-08 21:20 - 2016-11-02 05:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-08 21:20 - 2016-11-02 05:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-08 21:20 - 2016-11-02 05:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-08 21:20 - 2016-11-02 05:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-08 21:20 - 2016-11-02 05:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-08 21:20 - 2016-11-02 05:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-08 21:20 - 2016-11-02 05:37 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2016-11-08 21:20 - 2016-11-02 05:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-08 21:20 - 2016-11-02 05:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-08 21:20 - 2016-11-02 05:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2016-11-08 21:20 - 2016-11-02 05:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-08 21:20 - 2016-11-02 05:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-08 21:20 - 2016-11-02 05:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-08 21:20 - 2016-11-02 05:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-08 21:20 - 2016-11-02 05:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-08 21:20 - 2016-11-02 05:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-08 21:20 - 2016-11-02 05:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-08 21:20 - 2016-11-02 05:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-08 21:20 - 2016-11-02 05:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-08 21:20 - 2016-11-02 05:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-08 21:20 - 2016-11-02 05:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-08 21:20 - 2016-11-02 05:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-08 21:20 - 2016-11-02 05:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-08 21:20 - 2016-11-02 05:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-08 21:20 - 2016-11-02 05:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-08 21:20 - 2016-11-02 05:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-08 21:20 - 2016-11-02 05:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-08 21:20 - 2016-11-02 05:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-08 21:20 - 2016-11-02 05:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-08 21:20 - 2016-11-02 05:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-08 21:20 - 2016-11-02 05:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-08 21:20 - 2016-11-02 05:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-08 21:20 - 2016-11-02 05:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-08 21:20 - 2016-11-02 05:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-08 21:20 - 2016-11-02 05:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-08 21:20 - 2016-11-02 05:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-08 21:20 - 2016-11-02 05:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-08 21:20 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-08 21:20 - 2016-11-02 05:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-08 21:20 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-08 21:20 - 2016-11-02 05:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-08 21:20 - 2016-11-02 05:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-08 21:20 - 2016-11-02 05:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-08 21:20 - 2016-11-02 05:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-08 21:20 - 2016-11-02 05:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-08 21:20 - 2016-11-02 05:18 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-11-08 21:20 - 2016-11-02 05:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-08 21:20 - 2016-11-02 05:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-08 21:20 - 2016-11-02 05:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-08 21:20 - 2016-11-02 05:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-08 21:20 - 2016-11-02 05:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-08 21:20 - 2016-11-02 05:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-08 21:20 - 2016-11-02 05:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-08 21:20 - 2016-11-02 05:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-08 21:20 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-08 21:20 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-08 21:20 - 2016-11-02 03:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-08 21:20 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-08 17:16 - 2016-11-08 17:16 - 00512140 _____ C:\Users\Flo\Desktop\BearingPoint.pdf
2016-11-07 17:49 - 2016-11-07 17:49 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-11-07 17:49 - 2016-11-07 17:49 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-11-07 17:49 - 2016-11-07 17:49 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-11-07 17:49 - 2016-11-07 17:49 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-11-03 10:33 - 2016-11-03 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-03 10:33 - 2016-11-03 10:33 - 00000000 ____D C:\Program Files\iTunes
2016-11-03 10:33 - 2016-11-03 10:33 - 00000000 ____D C:\Program Files\iPod
2016-11-02 23:27 - 2016-11-02 23:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\Aviata
2016-11-02 23:26 - 2016-11-09 01:08 - 00000000 ____D C:\Users\Administrator
2016-11-02 23:26 - 2016-11-03 07:53 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2016-11-02 23:26 - 2016-11-02 23:27 - 00002435 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-02 23:26 - 2016-11-02 23:27 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-11-02 23:26 - 2016-11-02 23:26 - 00002343 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2016-11-02 23:26 - 2016-11-02 23:26 - 00001203 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2016-11-02 23:26 - 2016-11-02 23:26 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Lenovo
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Conexant
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Bitdefender Antivirus Free
2016-11-02 23:26 - 2016-09-14 22:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2016-11-02 23:26 - 2016-09-14 22:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-11-02 23:26 - 2016-07-10 11:37 - 00002111 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-11-02 17:27 - 2016-11-02 17:32 - 398900104 _____ C:\Users\Flo\Downloads\quantico.s01e01.dvdrip.x264-demand.mkv
2016-11-02 17:19 - 2016-11-02 17:19 - 01294175 _____ C:\Users\Flo\Desktop\Desktop.zip
2016-11-02 15:55 - 2016-11-02 15:55 - 00028749 _____ C:\ProgramData\agent.1478120101.bdinstall.bin
2016-11-01 22:05 - 2016-11-01 22:05 - 00141320 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2016-11-01 22:05 - 2016-11-01 22:05 - 00112136 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2016-11-01 22:05 - 2016-11-01 22:05 - 00101384 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2016-11-01 18:20 - 2016-11-01 18:27 - 1138656761 _____ C:\Users\Flo\Downloads\13.Hours.The.Secret.Soldiers.of.Benghazi.2016.720p.WEBRip.x264.AAC-ETRG.mp4
2016-11-01 16:34 - 2016-11-01 16:39 - 1180962509 _____ C:\Users\Flo\Downloads\Gravity.2013.720p.BluRay.H264.AAC-RARBG.mp4
2016-10-29 15:55 - 2016-10-29 15:57 - 00233472 _____ () C:\Users\Flo\Downloads\colorpicker.exe
2016-10-28 19:15 - 2016-10-28 19:15 - 00200286 _____ C:\WINDOWS\system32\gpreport.html
2016-10-28 19:01 - 2016-10-28 19:24 - 00000404 __RSH C:\ProgramData\ntuser.pol
2016-10-28 05:17 - 2016-11-11 17:57 - 00000000 ____D C:\Users\Flo\AppData\Local\ElevatedDiagnostics
2016-10-27 13:28 - 2016-10-14 23:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-27 13:28 - 2016-10-14 23:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-27 13:28 - 2016-10-14 23:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-27 13:28 - 2016-10-14 23:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-27 13:28 - 2016-10-14 23:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-27 13:28 - 2016-10-14 23:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-27 13:28 - 2016-10-14 23:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-27 13:28 - 2016-10-14 23:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-27 13:28 - 2016-10-14 23:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-27 13:28 - 2016-10-14 23:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-27 13:28 - 2016-10-14 23:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-27 13:28 - 2016-10-14 23:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-27 13:28 - 2016-10-14 23:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-27 13:28 - 2016-10-14 23:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-27 13:28 - 2016-10-14 23:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-27 13:28 - 2016-10-14 23:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-27 13:28 - 2016-10-14 23:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-27 13:28 - 2016-10-14 23:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-27 13:28 - 2016-10-14 23:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-27 13:28 - 2016-10-14 23:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-27 13:28 - 2016-10-14 23:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-27 13:28 - 2016-10-14 23:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-27 13:28 - 2016-10-14 23:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-27 13:28 - 2016-10-14 23:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-27 13:28 - 2016-10-14 23:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-27 13:28 - 2016-10-14 23:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-27 13:28 - 2016-10-14 23:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-27 13:28 - 2016-10-14 23:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-27 13:28 - 2016-10-14 23:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-27 13:28 - 2016-10-14 23:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-27 13:28 - 2016-10-14 22:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-27 13:28 - 2016-10-14 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-27 13:28 - 2016-10-14 22:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-27 13:28 - 2016-10-14 22:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-27 13:28 - 2016-10-14 22:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-27 13:28 - 2016-10-14 22:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-27 13:28 - 2016-10-14 22:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-27 13:28 - 2016-10-14 22:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-27 13:28 - 2016-10-14 22:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-27 13:28 - 2016-10-14 22:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-27 13:28 - 2016-10-14 22:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-27 13:28 - 2016-10-14 22:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-27 13:28 - 2016-10-14 22:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-27 13:28 - 2016-10-14 22:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-27 13:28 - 2016-10-14 22:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-27 13:28 - 2016-10-14 22:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-27 13:28 - 2016-10-14 22:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-27 13:28 - 2016-10-14 22:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-27 13:28 - 2016-10-14 22:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-27 13:28 - 2016-10-14 22:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-27 13:28 - 2016-10-14 22:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-27 13:28 - 2016-10-14 22:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-27 13:28 - 2016-10-14 22:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-10-27 13:28 - 2016-10-14 22:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-27 13:28 - 2016-10-14 22:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-27 13:28 - 2016-10-14 22:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-27 13:28 - 2016-10-14 22:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-27 13:28 - 2016-10-14 22:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-27 13:28 - 2016-10-14 22:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-27 13:28 - 2016-10-14 22:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-27 13:28 - 2016-10-14 22:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-27 13:28 - 2016-10-14 22:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-27 13:28 - 2016-10-14 22:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-27 13:28 - 2016-10-14 22:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-27 13:28 - 2016-10-14 22:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-27 13:28 - 2016-10-14 22:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 13:28 - 2016-10-14 22:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-27 13:28 - 2016-10-14 22:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-27 13:28 - 2016-10-14 22:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 13:28 - 2016-10-14 22:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-27 13:28 - 2016-10-14 22:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-27 13:28 - 2016-10-14 22:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-27 13:28 - 2016-10-14 22:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-27 13:28 - 2016-10-14 22:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-27 13:28 - 2016-10-14 22:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-27 13:28 - 2016-10-14 22:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-27 13:28 - 2016-10-14 22:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 13:28 - 2016-10-14 22:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-27 13:28 - 2016-10-14 22:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-27 13:28 - 2016-10-14 22:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-27 13:28 - 2016-10-14 22:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-27 13:28 - 2016-10-14 22:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-27 13:28 - 2016-10-14 22:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-27 13:28 - 2016-10-14 22:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-27 13:28 - 2016-10-14 22:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-27 13:28 - 2016-10-14 22:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-27 13:28 - 2016-10-14 22:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-27 13:28 - 2016-10-14 22:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-27 13:28 - 2016-10-14 22:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-27 13:28 - 2016-10-14 22:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-27 13:28 - 2016-10-14 22:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-27 13:28 - 2016-10-14 22:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-27 13:28 - 2016-10-14 22:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-27 13:28 - 2016-10-14 22:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-27 13:28 - 2016-10-14 22:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-27 13:28 - 2016-10-14 22:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-27 13:28 - 2016-10-14 22:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-27 13:28 - 2016-10-14 22:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-27 13:28 - 2016-10-14 22:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-27 13:28 - 2016-09-10 08:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-27 13:28 - 2016-08-27 00:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-27 13:28 - 2016-08-05 23:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-27 13:27 - 2016-10-14 23:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-27 13:27 - 2016-10-14 23:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-27 13:27 - 2016-10-14 23:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-27 13:27 - 2016-10-14 23:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-27 13:27 - 2016-10-14 23:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-27 13:27 - 2016-10-14 23:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-27 13:27 - 2016-10-14 23:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-27 13:27 - 2016-10-14 23:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-27 13:27 - 2016-10-14 23:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-27 13:27 - 2016-10-14 23:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-27 13:27 - 2016-10-14 23:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-27 13:27 - 2016-10-14 23:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-27 13:27 - 2016-10-14 23:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-27 13:27 - 2016-10-14 23:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-27 13:27 - 2016-10-14 23:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-27 13:27 - 2016-10-14 23:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-27 13:27 - 2016-10-14 23:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-27 13:27 - 2016-10-14 23:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-27 13:27 - 2016-10-14 23:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-27 13:27 - 2016-10-14 23:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-27 13:27 - 2016-10-14 23:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-27 13:27 - 2016-10-14 23:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-27 13:27 - 2016-10-14 23:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-27 13:27 - 2016-10-14 23:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-27 13:27 - 2016-10-14 23:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-27 13:27 - 2016-10-14 23:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-27 13:27 - 2016-10-14 22:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-27 13:27 - 2016-10-14 22:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-27 13:27 - 2016-10-14 22:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-27 13:27 - 2016-10-14 22:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-27 13:27 - 2016-10-14 22:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-27 13:27 - 2016-10-14 22:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-27 13:27 - 2016-10-14 22:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-27 13:27 - 2016-10-14 22:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-27 13:27 - 2016-10-14 22:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-27 13:27 - 2016-10-14 22:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-27 13:27 - 2016-10-14 22:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-27 13:27 - 2016-10-14 22:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-27 13:27 - 2016-10-14 22:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-27 13:27 - 2016-10-14 22:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-27 13:27 - 2016-10-14 22:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-27 13:27 - 2016-10-14 22:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-27 13:27 - 2016-10-14 22:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-27 13:27 - 2016-10-14 22:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-27 13:27 - 2016-10-14 22:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-27 13:27 - 2016-10-14 22:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-27 13:27 - 2016-10-14 22:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-27 13:27 - 2016-10-14 22:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-27 13:27 - 2016-10-14 22:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-27 13:27 - 2016-10-14 22:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-27 13:27 - 2016-10-14 22:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-27 13:27 - 2016-10-14 22:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-27 13:27 - 2016-10-14 22:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 13:27 - 2016-10-14 22:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 13:27 - 2016-10-14 22:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-27 13:27 - 2016-10-14 22:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 13:27 - 2016-10-14 22:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-27 13:27 - 2016-10-14 22:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-27 13:27 - 2016-10-14 22:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-27 13:27 - 2016-10-14 22:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-27 13:27 - 2016-10-14 22:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-27 13:27 - 2016-10-14 22:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-27 13:27 - 2016-10-14 22:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-27 13:27 - 2016-10-14 22:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-27 13:27 - 2016-10-14 22:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-27 13:27 - 2016-10-14 22:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-27 13:27 - 2016-10-14 22:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-27 13:27 - 2016-10-14 22:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-27 13:27 - 2016-10-14 22:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-27 13:27 - 2016-10-14 22:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-27 13:27 - 2016-10-14 22:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-27 13:27 - 2016-10-14 22:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-27 13:27 - 2016-10-14 22:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-27 13:27 - 2016-10-14 22:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-27 13:27 - 2016-10-14 22:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-27 13:27 - 2016-10-14 22:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-26 20:19 - 2016-10-26 20:19 - 00000000 ____D C:\Users\Flo\Documents\My PDFill
2016-10-26 20:19 - 2016-10-26 20:19 - 00000000 ____D C:\ProgramData\PlotSoft
2016-10-26 20:19 - 2016-10-26 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-10-26 20:19 - 2016-10-26 20:19 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-10-26 18:56 - 2016-10-27 18:30 - 00000000 ____D C:\Users\Flo\AppData\Roaming\mIRC
2016-10-26 18:56 - 2016-10-26 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2016-10-26 18:56 - 2016-10-26 18:56 - 00000000 ____D C:\Program Files (x86)\mIRC
2016-10-25 17:19 - 2016-10-25 17:19 - 00443992 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2016-10-25 17:19 - 2016-10-25 17:19 - 00353368 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo50-4.dll
2016-10-25 17:19 - 2016-10-25 17:19 - 00080992 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2016-10-25 17:19 - 2016-10-25 17:19 - 00077408 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2016-10-25 17:19 - 2016-10-25 17:19 - 00074848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2016-10-21 04:37 - 2016-10-26 08:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 12:19 - 2016-10-20 12:19 - 02365296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2016-10-19 08:06 - 2016-10-19 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2016-10-18 20:45 - 2016-10-18 21:29 - 54303977 _____ C:\Users\Flo\Downloads\1482240556.pdf
2016-10-18 13:30 - 2016-10-18 14:29 - 00000000 ____D C:\Users\Flo\AppData\Local\Tableau
2016-10-18 13:30 - 2016-10-18 13:31 - 00000000 ____D C:\ProgramData\FLEXnet
2016-10-18 13:30 - 2016-10-18 13:30 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau 10.0.lnk
2016-10-18 13:30 - 2016-10-18 13:30 - 00000000 ____D C:\Users\Flo\Documents\My Tableau Repository
2016-10-18 13:30 - 2016-10-18 13:30 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2016-10-18 13:29 - 2016-10-18 13:29 - 00000875 _____ C:\WINDOWS\ODBCINST.INI
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\WINDOWS\system32\1033
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Redshift ODBC Driver (64-bit)
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files\Tableau
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files\psqlODBC
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files\MySQL
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files\Amazon Redshift ODBC Driver
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-10-16 10:58 - 2016-10-16 10:58 - 00026830 _____ C:\ProgramData\agent.1476633478.bdinstall.bin
2016-10-15 23:55 - 2016-10-15 23:55 - 00001207 _____ C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2016-10-15 23:55 - 2016-10-15 23:55 - 00000000 ____D C:\Users\Flo\AppData\Local\Bitdefender Antivirus Free
2016-10-15 23:54 - 2016-10-15 23:54 - 00000000 ____D C:\ProgramData\Bitdefender
2016-10-15 23:47 - 2016-10-15 23:47 - 00000000 ____D C:\Users\Flo\AppData\Roaming\QuickScan
2016-10-15 23:46 - 2016-11-10 11:24 - 00000000 ____D C:\ProgramData\BDLogging
2016-10-15 23:46 - 2016-10-15 23:46 - 00044444 _____ C:\ProgramData\1476593178.bdinstall.bin
2016-10-15 23:46 - 2016-10-15 23:46 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-10-15 23:38 - 2016-10-15 23:39 - 00000000 ____D C:\WINDOWS\Prey

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 19:49 - 2016-09-15 23:57 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Spotify
2016-11-14 19:44 - 2016-09-15 23:58 - 00000000 ____D C:\Users\Flo\AppData\Local\Spotify
2016-11-14 19:38 - 2016-10-10 18:46 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B8D6DBD2-655C-4443-A7A1-B8768FCBD1AF}
2016-11-14 19:25 - 2016-09-14 22:36 - 01580588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-14 19:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-14 19:23 - 2016-09-14 05:23 - 00000000 __SHD C:\Users\Flo\IntelGraphicsProfiles
2016-11-14 19:23 - 2016-09-13 17:34 - 00000000 ___RD C:\Users\Flo\Dropbox
2016-11-14 19:22 - 2016-09-14 22:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-14 19:21 - 2016-09-14 22:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-14 19:21 - 2016-09-14 22:35 - 00000000 ____D C:\ProgramData\Validity
2016-11-14 19:19 - 2016-09-14 22:37 - 00000000 ____D C:\Users\Flo
2016-11-14 19:07 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-14 18:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-14 11:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-14 11:23 - 2016-10-06 07:25 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-11-14 11:19 - 2016-09-14 16:41 - 00000000 ____D C:\Users\Flo\AppData\Roaming\vlc
2016-11-13 22:57 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-11-13 22:56 - 2016-09-14 22:34 - 00000000 ____D C:\Program Files\Intel
2016-11-13 22:56 - 2016-07-10 11:03 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-11-13 22:56 - 2016-07-10 10:59 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-13 22:56 - 2016-07-10 10:57 - 00000000 ____D C:\ProgramData\Intel
2016-11-13 22:56 - 2016-07-10 10:57 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-13 22:51 - 2016-09-13 17:32 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-13 22:51 - 2016-09-13 17:32 - 00000898 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-13 11:23 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-12 15:00 - 2016-09-14 22:41 - 00003962 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-12 15:00 - 2016-09-14 22:41 - 00003730 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-12 13:16 - 2016-09-14 22:49 - 00000000 ____D C:\Users\Flo\AppData\Local\Packages
2016-11-11 16:25 - 2016-09-13 21:38 - 00000000 ____D C:\Users\Flo\AppData\Local\Google
2016-11-11 05:53 - 2016-09-23 04:02 - 00000000 ____D C:\Users\Flo\AppData\LocalLow\WebEx
2016-11-11 05:31 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 22:47 - 2016-09-15 06:56 - 00000000 ____D C:\Users\Flo\Citrix
2016-11-10 22:43 - 2016-09-13 21:39 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-10 15:58 - 2016-09-13 17:32 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-11-10 09:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Catroot2.old
2016-11-09 17:12 - 2016-09-14 22:41 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 17:07 - 2009-07-13 22:20 - 00000000 ____D C:\Users\Default.migrated
2016-11-09 10:03 - 2016-09-14 22:34 - 00340240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-09 10:03 - 2016-09-13 17:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 01:14 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 01:09 - 2016-09-14 16:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 01:05 - 2016-09-14 16:27 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-08 18:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-08 18:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-08 16:22 - 2016-10-02 18:47 - 00000000 ____D C:\Users\Flo\AppData\Local\Microsoft Help
2016-11-06 23:22 - 2016-09-13 20:04 - 00000000 ____D C:\Users\Flo\AppData\Roaming\RStudio
2016-11-06 23:22 - 2016-09-13 20:03 - 00000000 ____D C:\Users\Flo\AppData\Local\RStudio-Desktop
2016-11-06 18:05 - 2016-09-13 20:04 - 00000614 _____ C:\Users\Flo\Documents\.Rhistory
2016-11-06 15:03 - 2016-09-14 18:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 22:38 - 2016-10-06 07:24 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-11-03 10:33 - 2016-09-13 21:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-02 16:43 - 2016-07-10 11:01 - 00000000 ____D C:\Intel
2016-11-01 22:05 - 2016-09-14 22:34 - 00113672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-11-01 22:05 - 2016-07-28 00:27 - 00271368 _____ C:\WINDOWS\system32\igfxCPL.cpl
2016-11-01 22:05 - 2016-07-28 00:27 - 00113672 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2016-11-01 22:05 - 2016-07-28 00:27 - 00104464 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2016-11-01 22:05 - 2016-07-16 09:29 - 00104464 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2016-10-28 19:02 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-28 19:00 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-10-28 18:56 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 18:56 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 20:31 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-27 20:31 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-10-27 20:30 - 2016-07-16 06:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-27 08:37 - 2016-10-11 19:06 - 00000000 ____D C:\Users\Flo\Desktop\Lectures
2016-10-26 08:58 - 2016-09-13 17:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-25 22:33 - 2016-09-14 22:55 - 00000000 ____D C:\Users\Flo\AppData\Local\Comms
2016-10-25 17:19 - 2016-07-10 11:00 - 00923232 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2016-10-25 17:19 - 2016-07-10 11:00 - 00819808 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2016-10-25 17:19 - 2016-07-10 11:00 - 00296544 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2016-10-25 17:19 - 2016-07-10 11:00 - 00080992 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2016-10-20 20:35 - 2016-09-13 19:08 - 00000000 ____D C:\ProgramData\Oracle
2016-10-20 20:15 - 2016-10-10 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-20 20:15 - 2016-10-10 18:45 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-20 20:14 - 2016-10-10 18:45 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-10-19 17:21 - 2016-07-10 11:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-19 08:07 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-15 23:51 - 2016-07-10 11:25 - 00000000 ____D C:\ProgramData\McAfee
2016-10-15 23:49 - 2016-07-16 06:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-10-15 23:49 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-10-15 01:00 - 2016-10-14 20:31 - 819649050 _____ C:\Users\Flo\Downloads\Citizenfour.mkv

==================== Files in the root of some directories =======

2016-09-20 22:16 - 2016-09-20 22:16 - 0000218 _____ () C:\Users\Flo\AppData\Local\recently-used.xbel
2016-10-15 23:46 - 2016-10-15 23:46 - 0044444 _____ () C:\ProgramData\1476593178.bdinstall.bin
2016-10-16 10:58 - 2016-10-16 10:58 - 0026830 _____ () C:\ProgramData\agent.1476633478.bdinstall.bin
2016-11-02 15:55 - 2016-11-02 15:55 - 0028749 _____ () C:\ProgramData\agent.1478120101.bdinstall.bin
2016-11-10 15:28 - 2016-11-10 15:28 - 0020434 _____ () C:\ProgramData\agent.1478809723.bdinstall.bin
2016-11-10 15:34 - 2016-11-10 15:34 - 0029179 _____ () C:\ProgramData\agent.1478810036.bdinstall.bin
2016-09-14 22:35 - 2016-09-14 22:35 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\CrInstHelper.dll
C:\Users\Flo\AppData\Local\Temp\del.EXE
C:\Users\Flo\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Flo\AppData\Local\Temp\SCC.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-12 13:22

==================== End of FRST.txt ============================
         
--- --- ---
__________________

Alt 15.11.2016, 15:55   #4
the_clown
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Und hier die Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Flo (14-11-2016 19:52:21)
Running from C:\Users\Flo\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-15 03:49:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2505514951-2072466002-1266771838-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2505514951-2072466002-1266771838-503 - Limited - Disabled)
Flo (S-1-5-21-2505514951-2072466002-1266771838-1001 - Administrator - Enabled) => C:\Users\Flo
Guest (S-1-5-21-2505514951-2072466002-1266771838-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2505514951-2072466002-1266771838-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.2 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amazon Redshift ODBC Driver 64-bit (HKLM\...\{788C401A-726B-4CE7-8BC2-89FD7967A6ED}) (Version: 1.2.1 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{E287031B-230C-4127-AA44-598FA9CE3478}) (Version: 2.69.0 - Kovid Goyal)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{28425B7B-3C4A-4A12-94B1-A4B018CB7C39}) (Version: 4.3.01095 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.01095 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.01095 - Cisco Systems, Inc.) Hidden
Cisco AnyConnect Start Before Login Module (HKLM-x32\...\{78171889-02DB-4545-BCE5-997291076A43}) (Version: 4.3.01095 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.27.58 - Conexant)
Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 14.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.57.1 - Dropbox, Inc.) Hidden
f.lux (HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Integrated Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11196 - Realtek Semiconductor Corp.)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6C02A234-7A14-4737-9D89-B0C47A64F94E}) (Version: 6.0.52.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R)(patch version 18.1.1525.1421) (HKLM\...\{302600C1-6BDF-4FD1-1504-148929CC1385}) (Version: 18.1.1504.0518 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{755abcd0-2942-482b-a27d-22921a5849f0}) (Version: 3.0.14.3056 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{544ecb18-5d76-44bb-ac33-8d06719e39e7}) (Version: 19.20.0 - Intel Corporation)
ISS_Drivers_x64 (Version: 3.0.14.3056 - Intel Corporation) Hidden
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
IZArc 4.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.2 - Ivan Zahariev)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lenovo Active Protection System (Version: 1.81.00.07 - Lenovo) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.20 - Lenovo)
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.18.0 - Lenovo)
Lenovo On Screen Display (Version: 8.80.13 - Lenovo) Hidden
Lenovo Power Management Driver (Version: 1.67.12.16 - Lenovo) Hidden
Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.)
Lenovo Scaling Utility (Version: 3.10 - Lenovo) Hidden
Lenovo Settings - Power (x32 Version: 2.00.000 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0037 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
mIRC (HKLM-x32\...\mIRC) (Version: 7.46 - mIRC Co. Ltd.)
Mozilla Firefox 49.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 de)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MySQL Connector/ODBC 5.3 (HKLM\...\{17E48BE8-F0F8-42B6-82D3-7A5840694D79}) (Version: 5.3.6 - Oracle Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 13.0 - PlotSoft LLC)
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Prey Anti-Theft (x32 Version: 1.6.3 - Prey, Inc.) Hidden
psqlODBC_x64 (HKLM\...\{C0249921-2C35-47C1-83D8-8EABC438A96F}) (Version: 09.03.0400 - PostgreSQL Global Development Group)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 7.18.602.2015 - Realtek)
RStudio (HKLM-x32\...\RStudio) (Version: 0.99.903 - RStudio)
Skype Meetings App (HKLM-x32\...\{69A802E3-8264-43D0-B160-6D25CD7AFB1A}) (Version: 16.2.0.96 - Microsoft Corporation)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version:  - )
Synaptics WBF Fingerprint Reader Drivers (HKLM\...\{83FB3716-E9E5-454D-A020-88A019340639}) (Version: 5.0.87.6 - Synaptics Incroporated)
Tableau 10.0 (10000.16.1004.1720) (HKLM-x32\...\{aecfbd24-46fa-444a-ad83-d81d307979da}) (Version: 10.0.1354 - Tableau Software)
Tableau 10.0 (10000.16.1004.1720) (Version: 10.0.1354 - Tableau Software) Hidden
ThinkPad OneLink Plus Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.10.11 - Lenovo)
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.18.602.2015 - Lenovo)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Windows Driver Package - Lenovo 1.67.10.20 (08/06/2015 1.67.10.20) (HKLM\...\6FC04F7E6E5B13D46033821EF4DBEC1883D331B9) (Version: 08/06/2015 1.67.10.20 - Lenovo)
Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Flo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.96\GatewayActiveX-x64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Flo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001_Classes\CLSID\{FE2EC208-BECF-4E83-8BF4-E35DBA4EB6A1}\localserver32 -> C:\Users\Flo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.96\GatewayVersion-x64.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A2E5B0-0261-4FA9-8E7D-6D29F237F467} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {072DADC8-2BF8-452C-9B25-F6E61A619E8F} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {09B82FCC-B549-42EB-9191-9DEF44BEDCD7} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {09D69D3C-55E5-4403-ADFD-A006C40D9B03} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {0B262C91-C14F-42AA-88A3-A4500FA68EEE} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {213FA684-8118-4772-BEE0-2DB1716C8624} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {252B190A-1DC6-4277-9B76-23B26CB2D2F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)
Task: {2E5A7345-4A94-4D24-BDC6-F5ACA5C982F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {32018E5B-E4C4-4C3E-958F-B47AE006F34F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E5936DB-C1EA-4601-A135-BF6BAA8D1337} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {40588481-BF89-473B-9262-7A1A100B72AB} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-04-17] (Lenovo)
Task: {4463DBDC-281E-4EDA-826C-EE7DFF10083D} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe [2016-05-25] (Realtek Semiconductor Corp.)
Task: {44D052CA-E735-455B-9518-2684F2A3A5E1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {46CEFB92-86B3-4D06-99FB-5B8069E136BD} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {55BACBD3-6D27-4F87-A340-5EEB5EFC7865} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56C1878D-01EA-48E2-A4D3-0C59BACF0761} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {57FBBC1E-E92B-4F63-A91A-EE4A422FD05B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6148CFD1-28BC-4025-A84C-AC91AD1FE40B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {70486FAC-2C28-44A1-93CD-624F3809CB39} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {72C51BA9-B6C8-4CE3-AC43-5D2BFBB3D503} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7744D39F-F4DF-44F4-8956-E75F3A901AA4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {7AA8DBED-41C7-4824-9F16-AA941BCD3498} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8319A1CB-EAD9-4E2E-85C6-20746314E97D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {84C668A0-2A8A-4B50-B602-2F1ABBAAF5DE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {85EA8ED4-6E65-4371-BF08-8E6C8B4106FB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8BD47924-4F1B-4B84-8244-E07EF3E53122} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8E3D3F33-67F9-4362-AE9D-042AA9FB187B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9204417B-DBBE-485E-B63A-B7C83CD249DE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {921CB249-2FC9-404C-A171-81A99DE1E985} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9865BBFE-0007-4926-9412-F0D7C7819B0B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {99F9AF50-F538-43C8-9FB8-F4F63790520D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {9EBCF1DE-C9F1-48B8-9606-2D3CF10E7496} - \PMTask -> No File <==== ATTENTION
Task: {9F5934EB-3242-4AF8-A732-5EA94C830016} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AF75DE69-8E53-4046-B476-45AC0536CC38} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {B15C986D-A7E7-4869-98EB-482CAB82298B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {B3D5EA9C-4161-4D06-8A74-D25E6FD9347A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B3DF749A-221B-43A6-A597-84212868A352} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {B56AC725-C8D4-4E55-A06E-8A34044AC531} - System32\Tasks\TVT\LaunchFR => C:\Program Files (x86)\Lenovo\Factory Recovery\FRReminder.exe
Task: {B6AE0B2C-1018-4C03-B6DC-B75894009F21} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9490033-A99C-4996-B3DC-D2910450074D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BFB62013-C3FC-45D4-A64C-4A58A588A141} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {C24F63BC-9A15-4C83-AB1D-58D541BB72FC} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {C8D88663-7EBB-4B1F-AE66-747E7DAE4397} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {C8FE45E6-71B2-427C-836D-9A873533DD1D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CED67565-7E82-4BE4-AD0D-FE292E2869D0} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {D1B62E7F-B9E4-4CF0-9C3A-BE6C7CF43622} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {D219FF56-BA00-4E19-A131-13086E9B4131} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)
Task: {D2D578B2-F1B4-4743-9852-FC20BBDB0ED6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D55472F3-DC65-409E-B3FC-EDD46BD38CC3} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {D685AEAF-6BE6-4D9A-AF6D-A08B0DCB9259} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DAC55196-5CEF-4314-AB45-D2B9AB1160A5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DAFAC30D-54C1-421A-A3F5-BF7F28A31379} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {DE29511C-4FC0-4350-BAE0-E1DC40DB3A01} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-13] (Dropbox, Inc.)
Task: {DF6E1D4E-AC65-49AA-B93A-1C5CAD4FBEA3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E44DA060-68F4-408D-B43B-74F07CF9EA02} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {E5CA1373-3C63-4D16-B7CF-A1F323CE496C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EC211FDF-91A5-4BB8-A68E-C82DE0834920} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {EEFADA99-7C77-4338-B6D6-038D8A4CC2DB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2A81047-3E9F-46E5-B441-4E235A33F705} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F49CF4B5-6C71-4A3E-B808-F31E2367CFC0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F5E44EAE-2EE2-49C0-A882-D041446D4E43} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-18] (Microsoft Corporation)
Task: {F6866403-0D96-45F7-B8E3-F5D135E12AE5} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {F75C7CC2-C4CD-47D8-B440-4BB5DB92FAF2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F777664F-FE95-4074-8BB9-CE1C251A0A9A} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {FBCB2B04-0B46-4549-812D-0A8E8DCBDE83} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {FE14F656-87F6-4CE6-9C52-6C4FE52CDBAF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-13] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 17:17 - 2016-10-05 17:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-18 09:39 - 2016-07-18 09:39 - 00154816 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 04:18 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-30 04:18 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-15 22:51 - 2016-09-15 22:51 - 01864384 _____ () C:\Users\Flo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-09-22 16:17 - 2016-10-18 04:15 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-30 04:18 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-15 02:30 - 2016-09-15 02:30 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-08 21:20 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 21:20 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-06 15:01 - 2016-11-06 15:02 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-06 15:01 - 2016-11-06 15:02 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-06 15:01 - 2016-11-06 15:02 - 41608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-07-10 11:06 - 2016-08-23 07:02 - 00200520 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2015-10-27 16:01 - 2015-10-27 16:01 - 00089600 _____ () C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe
2016-07-10 10:58 - 2015-05-29 18:13 - 01083904 _____ () C:\Program Files (x86)\Lenovo\OneLink Plus Dock\onelinkpromgn.exe
2016-10-04 18:34 - 2016-09-10 11:13 - 00028544 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2016-07-10 06:37 - 2016-07-10 06:37 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-07-10 11:07 - 2011-08-02 22:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2016-07-10 11:07 - 2011-08-02 22:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2016-08-31 20:57 - 2016-08-31 20:57 - 00899584 _____ () \\?\C:\Windows\Prey\versions\1.6.3\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2016-09-13 17:32 - 2016-10-10 11:29 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-11-10 15:57 - 2016-10-10 11:29 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-11-10 15:57 - 2016-10-10 11:29 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-11-10 15:57 - 2016-10-10 11:29 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-09-13 17:32 - 2016-10-10 11:29 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-09-13 17:32 - 2016-10-10 11:29 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-09-13 17:32 - 2016-10-10 11:29 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-11-10 15:57 - 2016-11-07 17:58 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-09-13 17:32 - 2016-10-10 11:30 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-11-10 15:57 - 2016-11-07 17:58 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-11-10 15:57 - 2016-11-07 17:58 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-11-10 15:57 - 2016-10-10 11:29 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-11-10 15:57 - 2016-10-10 11:31 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-11-10 15:57 - 2016-11-07 17:58 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-09-13 17:32 - 2016-10-10 11:30 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-11-10 15:57 - 2016-11-07 17:58 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-11-10 15:57 - 2016-10-10 11:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-11-10 15:57 - 2016-11-07 17:59 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-11-10 15:57 - 2016-11-07 17:49 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-11-10 15:57 - 2016-11-07 17:59 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-11-10 15:57 - 2016-11-07 17:59 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-09-13 17:32 - 2016-10-10 11:29 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-11-10 15:57 - 2016-10-10 11:33 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-11-10 15:57 - 2016-10-10 11:34 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-11-10 15:57 - 2016-11-07 17:59 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-09-13 17:32 - 2016-11-07 17:59 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-09-13 17:32 - 2016-10-10 11:31 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-11-10 15:57 - 2016-11-07 17:59 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2015-09-04 22:34 - 2015-09-04 22:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-09-15 23:58 - 2016-11-10 10:31 - 51776112 _____ () C:\Users\Flo\AppData\Roaming\Spotify\libcef.dll
2016-10-25 17:05 - 2016-11-10 10:31 - 00110192 _____ () C:\Users\Flo\AppData\Roaming\Spotify\SpotifyWinRT.dll
2016-09-15 23:58 - 2016-11-10 10:31 - 01803888 _____ () C:\Users\Flo\AppData\Roaming\Spotify\libglesv2.dll
2016-09-15 23:58 - 2016-11-10 10:31 - 00086128 _____ () C:\Users\Flo\AppData\Roaming\Spotify\libegl.dll
2016-09-22 16:17 - 2016-10-18 04:15 - 03593408 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\gfx.dll
2015-03-17 00:34 - 2015-03-17 00:34 - 00152064 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Flo\Downloads\colorpicker.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Flo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{93CDAEC0-F81B-4340-8E3A-E9CAA08174BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7DF31B67-D96C-4796-B68E-C47A656449AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{44D6D3D2-98EC-498A-940A-E8AD110E26B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F9D659A-4F0B-45E5-9FE1-13341239E9C1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CB1B247-1B31-46D8-92AC-095AC147115A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4FCC2F7B-4466-45F1-B937-758F4E8F8566}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7EAE648-6319-418B-B91B-B66ED3949A16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{962988D2-FAA0-4825-80CA-3EBCD276E653}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{EB46C37E-E04B-46C7-98DA-49A11417422A}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{A4334999-CB02-48D0-B8CD-1D385ED7347E}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{AB7F8352-5303-4DCF-A893-FCABBD9596CA}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{F67C2CAD-967F-4880-9FF1-7E48042471CE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{895121DD-793C-49AC-9201-8E218F18B25C}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{BACEB615-2587-461B-99AC-7EDA0699A6CA}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{FC383FE7-2FA3-49B1-B983-CE45C48365B9}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F4F784E6-A8AF-451D-A633-7C316B9F490D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6B6E4A37-6D71-4536-8C9D-10B316D5BA19}] => (Allow) C:\Windows\Prey\versions\1.6.3\bin\node.exe
FirewallRules: [TCP Query User{363E28DC-B3DA-4BF6-B4BC-FB47407745B0}C:\users\flo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\flo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{141B226E-BF88-45F0-B6CA-534F55BC3641}C:\users\flo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\flo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B55AEAC8-5469-4407-B00A-99D8E9B65DFB}C:\users\flo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\flo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{340D84E5-21A0-434C-BFDE-B73B5D3461CC}C:\users\flo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\flo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AB485729-C09B-4C44-8E45-B3DD14437127}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{0FB2D479-7FEB-410B-8F6D-4CE7F541147B}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{F001202F-EAAF-4F2A-B4EE-D4C9F9879774}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{A9A7934B-B560-46D3-A513-BA58C0102942}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F35C27A2-863C-42E9-8E07-3F6271AF034B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-10-2016 20:19:10 Installed PDFill PDF Editor with FREE Writer and FREE Tools
02-11-2016 16:43:05 Windows Update
09-11-2016 01:05:24 Windows Update
13-11-2016 22:55:44 Intel® PROSet/Wireless Software
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2016 07:21:39 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\FLO-PC$ via https://IFX-KeyId-97e5d1cd8b0497c04b4655a869c8f30efa89388d.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(31ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (11/14/2016 07:21:32 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\FLO-PC$ via https://IFX-KeyId-97e5d1cd8b0497c04b4655a869c8f30efa89388d.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(31ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (11/14/2016 07:21:25 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\FLO-PC$ via https://IFX-KeyId-97e5d1cd8b0497c04b4655a869c8f30efa89388d.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(78ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (11/14/2016 07:21:09 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/14/2016 07:18:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 10.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3710

Start Time: 01d23ed4a3ca4252

Termination Time: 6

Application Path: C:\Windows\System32\mmc.exe

Report Id: f9b97fcd-aac8-11e6-86bd-54ee75a54a2d

Faulting package full name: 

Faulting package-relative application ID:

Error: (11/14/2016 07:10:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 10.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2054

Start Time: 01d23ed31748d68b

Termination Time: 10

Application Path: C:\Windows\System32\mmc.exe

Report Id: d8a8cea6-aac7-11e6-86bd-54ee75a54a2d

Faulting package full name: 

Faulting package-relative application ID:

Error: (11/14/2016 06:56:33 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0

Error: (11/14/2016 05:52:51 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\FLO-PC$ via https://IFX-KeyId-97e5d1cd8b0497c04b4655a869c8f30efa89388d.microsoftaik.azure.net/templates/Aik/scep failed:

SubmitDone
Submit(Request): Bad Request
{"Message":"No valid TPM EK/Platform cerificate provided in the TPM identity request message."}
Cache-Control: no-cache
Date: Mon, 14 Nov 2016 22:52:52 GMT
Pragma: no-cache
Content-Length: 95
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: a678b2ca-4657-4c0a-94cd-c009722895b8
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: POST(2172ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (11/14/2016 05:52:43 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\FLO-PC$ via https://IFX-KeyId-97e5d1cd8b0497c04b4655a869c8f30efa89388d.microsoftaik.azure.net/templates/Aik/scep failed:

SubmitDone
Submit(Request): Bad Request
{"Message":"No valid TPM EK/Platform cerificate provided in the TPM identity request message."}
Cache-Control: no-cache
Date: Mon, 14 Nov 2016 22:52:42 GMT
Pragma: no-cache
Content-Length: 95
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 3e97290e-e18b-4cd1-ac91-d6e4a07f4e64
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: POST(3156ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (11/14/2016 05:52:39 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0


System errors:
=============
Error: (11/14/2016 07:23:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2016 07:21:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2016 07:21:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/14/2016 06:56:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 2 0xdeaddeed 0xeeec

Error: (11/14/2016 06:56:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 1 0xc 0x4

Error: (11/14/2016 06:06:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2016 05:52:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/14/2016 05:52:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:38:07 PM on ‎11/‎14/‎2016 was unexpected.

Error: (11/14/2016 05:31:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 2 0xdeaddeed 0xeeec

Error: (11/14/2016 05:31:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 1 0xc 0x4


CodeIntegrity:
===================================
  Date: 2016-09-14 23:35:40.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-14 23:35:40.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-14 23:35:40.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-14 23:35:40.515
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 51%
Total physical RAM: 8075.11 MB
Available physical RAM: 3933.02 MB
Total Virtual: 16267.11 MB
Available Virtual: 11248.61 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:224.94 GB) (Free:91.87 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:12.84 GB) (Free:2.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: DE637FF4)

Partition: GPT.

==================== End of Addition.txt ============================
         

Alt 15.11.2016, 16:42   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.11.2016, 17:04   #6
the_clown
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Ok, hier kommen die Logfiles. Wurde nichts gefunden. Ist mein System vielleicht doch einfach nur wirklich schlecht konfiguriert? Wuerde mich sehr wundern, habe keine Veraenderungen vorgenommen und trotzdem so viele komische Ereignisse.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.11.15.10
  rootkit: v2016.10.31.01

Windows 10 x64 NTFS
Internet Explorer 11.447.14393.0
Flo :: FLO-PC [administrator]

11/15/2016 10:51:53
mbar-log-2016-11-15 (10-51-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 351333
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Code:
ATTFilter
11:01:00.0532 0x2870  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
11:01:00.0532 0x2870  UEFI system
11:01:07.0376 0x2870  ============================================================
11:01:07.0376 0x2870  Current date / time: 2016/11/15 11:01:07.0376
11:01:07.0383 0x2870  SystemInfo:
11:01:07.0383 0x2870  
11:01:07.0383 0x2870  OS Version: 10.0.14393 ServicePack: 0.0
11:01:07.0383 0x2870  Product type: Workstation
11:01:07.0383 0x2870  ComputerName: FLO-PC
11:01:07.0383 0x2870  UserName: Flo
11:01:07.0383 0x2870  Windows directory: C:\WINDOWS
11:01:07.0383 0x2870  System windows directory: C:\WINDOWS
11:01:07.0383 0x2870  Running under WOW64
11:01:07.0383 0x2870  Processor architecture: Intel x64
11:01:07.0383 0x2870  Number of processors: 4
11:01:07.0383 0x2870  Page size: 0x1000
11:01:07.0383 0x2870  Boot type: Normal boot
11:01:07.0383 0x2870  CodeIntegrityOptions = 0x00000001
11:01:07.0383 0x2870  ============================================================
11:01:07.0468 0x2870  KLMD registered as C:\WINDOWS\system32\drivers\74241820.sys
11:01:07.0468 0x2870  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.447, osProperties = 0x19
11:01:08.0047 0x2870  System UUID: {377B7EE2-7BFF-3D9E-D201-F0DCA4DEBDC3}
11:01:08.0649 0x2870  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:01:08.0656 0x2870  ============================================================
11:01:08.0656 0x2870  \Device\Harddisk0\DR0:
11:01:08.0656 0x2870  GPT partitions:
11:01:08.0657 0x2870  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {CD3DE88A-91D6-437F-B500-31F72FF7CECA}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
11:01:08.0657 0x2870  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B16FB9EB-0DA3-4A7A-8F9F-7F1D3AAFD788}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
11:01:08.0657 0x2870  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8DCA5E33-60E7-49C2-88A9-A9FB3BD6D474}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x1C1E3088
11:01:08.0657 0x2870  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {64675926-6789-4B5B-B7E6-8F6FB530F4DE}, Name: , StartLBA 0x1C256000, BlocksNum 0xEF800
11:01:08.0657 0x2870  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AD545B12-DE80-48C2-9808-AC173754B816}, Name: Basic data partition, StartLBA 0x1C346000, BlocksNum 0x19AD000
11:01:08.0657 0x2870  MBR partitions:
11:01:08.0657 0x2870  ============================================================
11:01:08.0658 0x2870  Q: <-> \Device\Harddisk0\DR0\Partition5
11:01:08.0658 0x2870  ============================================================
11:01:08.0658 0x2870  Initialize success
11:01:08.0658 0x2870  ============================================================
11:01:21.0339 0x0684  ============================================================
11:01:21.0339 0x0684  Scan started
11:01:21.0339 0x0684  Mode: Manual; 
11:01:21.0339 0x0684  ============================================================
11:01:21.0339 0x0684  KSN ping started
11:01:21.0463 0x0684  KSN ping finished: true
11:01:21.0604 0x0684  ================ Scan system memory ========================
11:01:21.0604 0x0684  System memory - ok
11:01:21.0605 0x0684  ================ Scan services =============================
11:01:21.0615 0x0684  1394ohci - ok
11:01:21.0618 0x0684  3ware - ok
11:01:21.0621 0x0684  ACPI - ok
11:01:21.0623 0x0684  AcpiDev - ok
11:01:21.0626 0x0684  acpiex - ok
11:01:21.0629 0x0684  acpipagr - ok
11:01:21.0632 0x0684  AcpiPmi - ok
11:01:21.0635 0x0684  acpitime - ok
11:01:21.0638 0x0684  acsock - ok
11:01:21.0641 0x0684  AdobeARMservice - ok
11:01:21.0643 0x0684  AdobeFlashPlayerUpdateSvc - ok
11:01:21.0648 0x0684  ADP80XX - ok
11:01:21.0652 0x0684  AFD - ok
11:01:21.0655 0x0684  AGSService - ok
11:01:21.0658 0x0684  ahcache - ok
11:01:21.0661 0x0684  AJRouter - ok
11:01:21.0663 0x0684  ALG - ok
11:01:21.0666 0x0684  AmdK8 - ok
11:01:21.0669 0x0684  AmdPPM - ok
11:01:21.0672 0x0684  amdsata - ok
11:01:21.0675 0x0684  amdsbs - ok
11:01:21.0678 0x0684  amdxata - ok
11:01:21.0680 0x0684  AppHostSvc - ok
11:01:21.0683 0x0684  AppID - ok
11:01:21.0686 0x0684  AppIDSvc - ok
11:01:21.0689 0x0684  Appinfo - ok
11:01:21.0693 0x0684  Apple Mobile Device Service - ok
11:01:21.0696 0x0684  applockerfltr - ok
11:01:21.0698 0x0684  AppMgmt - ok
11:01:21.0701 0x0684  AppReadiness - ok
11:01:21.0704 0x0684  AppVClient - ok
11:01:21.0707 0x0684  AppvStrm - ok
11:01:21.0710 0x0684  AppvVemgr - ok
11:01:21.0712 0x0684  AppvVfs - ok
11:01:21.0716 0x0684  AppXSvc - ok
11:01:21.0719 0x0684  arcsas - ok
11:01:21.0732 0x0684  aspnet_state - ok
11:01:21.0736 0x0684  AsyncMac - ok
11:01:21.0738 0x0684  atapi - ok
11:01:21.0740 0x0684  AudioEndpointBuilder - ok
11:01:21.0743 0x0684  Audiosrv - ok
11:01:21.0746 0x0684  AxInstSV - ok
11:01:21.0749 0x0684  b06bdrv - ok
11:01:21.0752 0x0684  BasicDisplay - ok
11:01:21.0755 0x0684  BasicRender - ok
11:01:21.0758 0x0684  bcmfn - ok
11:01:21.0762 0x0684  bcmfn2 - ok
11:01:21.0765 0x0684  BDESVC - ok
11:01:21.0768 0x0684  Beep - ok
11:01:21.0771 0x0684  BFE - ok
11:01:21.0773 0x0684  BITS - ok
11:01:21.0775 0x0684  Bonjour Service - ok
11:01:21.0778 0x0684  bowser - ok
11:01:21.0782 0x0684  BrokerInfrastructure - ok
11:01:21.0785 0x0684  Browser - ok
11:01:21.0788 0x0684  BthA2DP - ok
11:01:21.0790 0x0684  BthAvrcpTg - ok
11:01:21.0793 0x0684  BthEnum - ok
11:01:21.0796 0x0684  BthHFAud - ok
11:01:21.0799 0x0684  BthHFEnum - ok
11:01:21.0802 0x0684  bthhfhid - ok
11:01:21.0804 0x0684  BthHFSrv - ok
11:01:21.0807 0x0684  BthLEEnum - ok
11:01:21.0810 0x0684  BTHMODEM - ok
11:01:21.0813 0x0684  BthPan - ok
11:01:21.0816 0x0684  BTHPORT - ok
11:01:21.0827 0x0684  bthserv - ok
11:01:21.0829 0x0684  BTHUSB - ok
11:01:21.0832 0x0684  buttonconverter - ok
11:01:21.0835 0x0684  CapImg - ok
11:01:21.0838 0x0684  cdfs - ok
11:01:21.0840 0x0684  CDPSvc - ok
11:01:21.0842 0x0684  CDPUserSvc - ok
11:01:21.0850 0x0684  cdrom - ok
11:01:21.0854 0x0684  CertPropSvc - ok
11:01:21.0857 0x0684  cht4iscsi - ok
11:01:21.0860 0x0684  cht4vbd - ok
11:01:21.0863 0x0684  circlass - ok
11:01:21.0866 0x0684  CLFS - ok
11:01:21.0869 0x0684  ClickToRunSvc - ok
11:01:21.0872 0x0684  ClipSVC - ok
11:01:21.0875 0x0684  clreg - ok
11:01:21.0883 0x0684  CmBatt - ok
11:01:21.0886 0x0684  CNG - ok
11:01:21.0888 0x0684  cnghwassist - ok
11:01:21.0891 0x0684  CnxtHdAudService - ok
11:01:21.0894 0x0684  CompositeBus - ok
11:01:21.0897 0x0684  COMSysApp - ok
11:01:21.0900 0x0684  condrv - ok
11:01:21.0904 0x0684  CoreMessagingRegistrar - ok
11:01:21.0908 0x0684  cphs - ok
11:01:21.0911 0x0684  cplspcon - ok
11:01:21.0915 0x0684  CronService - ok
11:01:21.0919 0x0684  CryptSvc - ok
11:01:21.0921 0x0684  CSC - ok
11:01:21.0924 0x0684  CscService - ok
11:01:21.0928 0x0684  CxAudMsg - ok
11:01:21.0932 0x0684  CxUtilSvc - ok
11:01:21.0936 0x0684  dam - ok
11:01:21.0940 0x0684  DAX2API - ok
11:01:21.0944 0x0684  dbupdate - ok
11:01:21.0948 0x0684  dbupdatem - ok
11:01:21.0950 0x0684  dbx - ok
11:01:21.0953 0x0684  DbxSvc - ok
11:01:21.0957 0x0684  DcomLaunch - ok
11:01:21.0960 0x0684  DcpSvc - ok
11:01:21.0962 0x0684  defragsvc - ok
11:01:21.0965 0x0684  DeviceAssociationService - ok
11:01:21.0970 0x0684  DeviceInstall - ok
11:01:21.0977 0x0684  DevQueryBroker - ok
11:01:21.0982 0x0684  Dfsc - ok
11:01:21.0985 0x0684  dg_ssudbus - ok
11:01:21.0988 0x0684  Dhcp - ok
11:01:21.0990 0x0684  diagnosticshub.standardcollector.service - ok
11:01:21.0993 0x0684  DiagTrack - ok
11:01:21.0996 0x0684  disk - ok
11:01:21.0999 0x0684  DmEnrollmentSvc - ok
11:01:22.0002 0x0684  dmvsc - ok
11:01:22.0004 0x0684  dmwappushservice - ok
11:01:22.0007 0x0684  Dnscache - ok
11:01:22.0011 0x0684  dot3svc - ok
11:01:22.0014 0x0684  DPS - ok
11:01:22.0017 0x0684  drmkaud - ok
11:01:22.0019 0x0684  DsmSvc - ok
11:01:22.0022 0x0684  DsSvc - ok
11:01:22.0024 0x0684  DXGKrnl - ok
11:01:22.0027 0x0684  e1dexpress - ok
11:01:22.0030 0x0684  EapHost - ok
11:01:22.0033 0x0684  ebdrv - ok
11:01:22.0036 0x0684  EFS - ok
11:01:22.0039 0x0684  EhStorClass - ok
11:01:22.0041 0x0684  EhStorTcgDrv - ok
11:01:22.0044 0x0684  embeddedmode - ok
11:01:22.0047 0x0684  EntAppSvc - ok
11:01:22.0050 0x0684  ErrDev - ok
11:01:22.0062 0x0684  EventSystem - ok
11:01:22.0065 0x0684  exfat - ok
11:01:22.0068 0x0684  fastfat - ok
11:01:22.0071 0x0684  Fax - ok
11:01:22.0074 0x0684  fdc - ok
11:01:22.0076 0x0684  fdPHost - ok
11:01:22.0080 0x0684  FDResPub - ok
11:01:22.0088 0x0684  fhsvc - ok
11:01:22.0092 0x0684  FileCrypt - ok
11:01:22.0094 0x0684  FileInfo - ok
11:01:22.0097 0x0684  Filetrace - ok
11:01:22.0100 0x0684  FlexNet Licensing Service 64 - ok
11:01:22.0104 0x0684  flpydisk - ok
11:01:22.0108 0x0684  FltMgr - ok
11:01:22.0115 0x0684  FontCache - ok
11:01:22.0119 0x0684  FontCache3.0.0.0 - ok
11:01:22.0122 0x0684  FrameServer - ok
11:01:22.0177 0x0684  FsDepends - ok
11:01:22.0180 0x0684  Fs_Rec - ok
11:01:22.0183 0x0684  fvevol - ok
11:01:22.0185 0x0684  gencounter - ok
11:01:22.0188 0x0684  genericusbfn - ok
11:01:22.0192 0x0684  GPIOClx0101 - ok
11:01:22.0196 0x0684  gpsvc - ok
11:01:22.0199 0x0684  GpuEnergyDrv - ok
11:01:22.0202 0x0684  gupdate - ok
11:01:22.0205 0x0684  gupdatem - ok
11:01:22.0207 0x0684  HDAudBus - ok
11:01:22.0210 0x0684  HidBatt - ok
11:01:22.0213 0x0684  HidBth - ok
11:01:22.0217 0x0684  hidi2c - ok
11:01:22.0220 0x0684  hidinterrupt - ok
11:01:22.0224 0x0684  HidIr - ok
11:01:22.0228 0x0684  hidserv - ok
11:01:22.0231 0x0684  HidUsb - ok
11:01:22.0234 0x0684  HID_PCI - ok
11:01:22.0236 0x0684  HomeGroupListener - ok
11:01:22.0239 0x0684  HomeGroupProvider - ok
11:01:22.0242 0x0684  HpSAMD - ok
11:01:22.0244 0x0684  HTTP - ok
11:01:22.0247 0x0684  HvHost - ok
11:01:22.0250 0x0684  hvservice - ok
11:01:22.0253 0x0684  hwpolicy - ok
11:01:22.0256 0x0684  hyperkbd - ok
11:01:22.0259 0x0684  i8042prt - ok
11:01:22.0262 0x0684  iagpio - ok
11:01:22.0265 0x0684  iai2c - ok
11:01:22.0269 0x0684  iaLPSS2i_GPIO2 - ok
11:01:22.0272 0x0684  iaLPSS2i_I2C - ok
11:01:22.0275 0x0684  iaLPSSi_GPIO - ok
11:01:22.0278 0x0684  iaLPSSi_I2C - ok
11:01:22.0281 0x0684  iaStorA - ok
11:01:22.0284 0x0684  iaStorAV - ok
11:01:22.0287 0x0684  iaStorV - ok
11:01:22.0290 0x0684  ibbus - ok
11:01:22.0293 0x0684  IBMPMDRV - ok
11:01:22.0296 0x0684  IBMPMSVC - ok
11:01:22.0300 0x0684  iBtSiva - ok
11:01:22.0304 0x0684  ibtusb - ok
11:01:22.0307 0x0684  icssvc - ok
11:01:22.0311 0x0684  IEEtwCollectorService - ok
11:01:22.0314 0x0684  igfx - ok
11:01:22.0318 0x0684  igfxCUIService2.0.0.0 - ok
11:01:22.0321 0x0684  IKEEXT - ok
11:01:22.0324 0x0684  ImControllerService - ok
11:01:22.0326 0x0684  IndirectKmd - ok
11:01:22.0332 0x0684  InstantOn - ok
11:01:22.0336 0x0684  intaud_WaveExtensible - ok
11:01:22.0339 0x0684  IntcDAud - ok
11:01:22.0342 0x0684  Intel(R) Capability Licensing Service TCP IP Interface - ok
11:01:22.0346 0x0684  Intel(R) WiDi SAM - ok
11:01:22.0354 0x0684  intelide - ok
11:01:22.0357 0x0684  intelpep - ok
11:01:22.0359 0x0684  intelppm - ok
11:01:22.0363 0x0684  iorate - ok
11:01:22.0366 0x0684  IpFilterDriver - ok
11:01:22.0369 0x0684  iphlpsvc - ok
11:01:22.0372 0x0684  IPMIDRV - ok
11:01:22.0375 0x0684  IPNAT - ok
11:01:22.0378 0x0684  iPod Service - ok
11:01:22.0381 0x0684  irda - ok
11:01:22.0384 0x0684  IRENUM - ok
11:01:22.0389 0x0684  irmon - ok
11:01:22.0392 0x0684  isapnp - ok
11:01:22.0395 0x0684  iScsiPrt - ok
11:01:22.0398 0x0684  ISH - ok
11:01:22.0400 0x0684  ISH_BusDriver - ok
11:01:22.0403 0x0684  iwdbus - ok
11:01:22.0407 0x0684  jhi_service - ok
11:01:22.0414 0x0684  kbdclass - ok
11:01:22.0418 0x0684  kbdhid - ok
11:01:22.0421 0x0684  kdnic - ok
11:01:22.0424 0x0684  KeyIso - ok
11:01:22.0427 0x0684  KSecDD - ok
11:01:22.0430 0x0684  KSecPkg - ok
11:01:22.0433 0x0684  ksthunk - ok
11:01:22.0437 0x0684  KtmRm - ok
11:01:22.0439 0x0684  LanmanServer - ok
11:01:22.0443 0x0684  LanmanWorkstation - ok
11:01:22.0448 0x0684  Lenovo Instant On - ok
11:01:22.0451 0x0684  LENOVO.CAMMUTE - ok
11:01:22.0454 0x0684  LENOVO.MICMUTE - ok
11:01:22.0456 0x0684  LENOVO.TPKNRSVC - ok
11:01:22.0460 0x0684  LENOVO.TVTVCAM - ok
11:01:22.0463 0x0684  Lenovo.VIRTSCRLSVC - ok
11:01:22.0466 0x0684  LenovoProdRegManager - ok
11:01:22.0470 0x0684  lfsvc - ok
11:01:22.0473 0x0684  LicenseManager - ok
11:01:22.0475 0x0684  lltdio - ok
11:01:22.0478 0x0684  lltdsvc - ok
11:01:22.0482 0x0684  lmhosts - ok
11:01:22.0486 0x0684  LMS - ok
11:01:22.0490 0x0684  LPlatSvc - ok
11:01:22.0494 0x0684  LSC.Services.SystemService - ok
11:01:22.0497 0x0684  LSI_SAS - ok
11:01:22.0501 0x0684  LSI_SAS2i - ok
11:01:22.0504 0x0684  LSI_SAS3i - ok
11:01:22.0507 0x0684  LSI_SSS - ok
11:01:22.0510 0x0684  LSM - ok
11:01:22.0513 0x0684  luafv - ok
11:01:22.0516 0x0684  MapsBroker - ok
11:01:22.0521 0x0684  MBAMProtector - ok
11:01:22.0524 0x0684  MBAMScheduler - ok
11:01:22.0527 0x0684  MBAMService - ok
11:01:22.0552 0x0684  MBAMSwissArmy - ok
11:01:22.0559 0x0684  MBAMWebAccessControl - ok
11:01:22.0563 0x0684  megasas - ok
11:01:22.0567 0x0684  megasas2i - ok
11:01:22.0570 0x0684  megasr - ok
11:01:22.0573 0x0684  MEIx64 - ok
11:01:22.0576 0x0684  MessagingService - ok
11:01:22.0580 0x0684  mlx4_bus - ok
11:01:22.0583 0x0684  MMCSS - ok
11:01:22.0604 0x0684  Modem - ok
11:01:22.0610 0x0684  monitor - ok
11:01:22.0616 0x0684  mouclass - ok
11:01:22.0619 0x0684  mouhid - ok
11:01:22.0622 0x0684  mountmgr - ok
11:01:22.0625 0x0684  MozillaMaintenance - ok
11:01:22.0628 0x0684  mpsdrv - ok
11:01:22.0631 0x0684  MpsSvc - ok
11:01:22.0635 0x0684  MQAC - ok
11:01:22.0638 0x0684  MRxDAV - ok
11:01:22.0641 0x0684  mrxsmb - ok
11:01:22.0644 0x0684  mrxsmb10 - ok
11:01:22.0647 0x0684  mrxsmb20 - ok
11:01:22.0650 0x0684  MsBridge - ok
11:01:22.0652 0x0684  MSDTC - ok
11:01:22.0658 0x0684  Msfs - ok
11:01:22.0661 0x0684  msgpiowin32 - ok
11:01:22.0664 0x0684  mshidkmdf - ok
11:01:22.0667 0x0684  mshidumdf - ok
11:01:22.0670 0x0684  msisadrv - ok
11:01:22.0674 0x0684  MSiSCSI - ok
11:01:22.0682 0x0684  msiserver - ok
11:01:22.0687 0x0684  MSKSSRV - ok
11:01:22.0691 0x0684  MsLldp - ok
11:01:22.0694 0x0684  MSMQ - ok
11:01:22.0697 0x0684  MSPCLOCK - ok
11:01:22.0699 0x0684  MSPQM - ok
11:01:22.0703 0x0684  MsRPC - ok
11:01:22.0707 0x0684  MsSecFlt - ok
11:01:22.0710 0x0684  mssmbios - ok
11:01:22.0714 0x0684  MSTEE - ok
11:01:22.0718 0x0684  MTConfig - ok
11:01:22.0722 0x0684  Mup - ok
11:01:22.0726 0x0684  mvumis - ok
11:01:22.0731 0x0684  NativeWifiP - ok
11:01:22.0734 0x0684  NcaSvc - ok
11:01:22.0737 0x0684  NcbService - ok
11:01:22.0740 0x0684  NcdAutoSetup - ok
11:01:22.0742 0x0684  ndfltr - ok
11:01:22.0746 0x0684  NDIS - ok
11:01:22.0748 0x0684  NdisCap - ok
11:01:22.0752 0x0684  NdisImPlatform - ok
11:01:22.0755 0x0684  NdisTapi - ok
11:01:22.0757 0x0684  Ndisuio - ok
11:01:22.0760 0x0684  NdisVirtualBus - ok
11:01:22.0764 0x0684  NdisWan - ok
11:01:22.0767 0x0684  ndiswanlegacy - ok
11:01:22.0769 0x0684  ndproxy - ok
11:01:22.0773 0x0684  Ndu - ok
11:01:22.0775 0x0684  Net Driver HPZ12 - ok
11:01:22.0778 0x0684  NetAdapterCx - ok
11:01:22.0781 0x0684  NetBIOS - ok
11:01:22.0788 0x0684  NetBT - ok
11:01:22.0790 0x0684  Netlogon - ok
11:01:22.0793 0x0684  Netman - ok
11:01:22.0796 0x0684  NetMsmqActivator - ok
11:01:22.0799 0x0684  NetPipeActivator - ok
11:01:22.0802 0x0684  netprofm - ok
11:01:22.0805 0x0684  NetSetupSvc - ok
11:01:22.0807 0x0684  NetTcpActivator - ok
11:01:22.0811 0x0684  NetTcpPortSharing - ok
11:01:22.0821 0x0684  Netwtw04 - ok
11:01:22.0824 0x0684  NgcCtnrSvc - ok
11:01:22.0827 0x0684  NgcSvc - ok
11:01:22.0831 0x0684  NlaSvc - ok
11:01:22.0836 0x0684  Npfs - ok
11:01:22.0839 0x0684  npsvctrig - ok
11:01:22.0841 0x0684  nsi - ok
11:01:22.0844 0x0684  nsiproxy - ok
11:01:22.0849 0x0684  NTFS - ok
11:01:22.0852 0x0684  Null - ok
11:01:22.0855 0x0684  nvraid - ok
11:01:22.0858 0x0684  nvstor - ok
11:01:22.0861 0x0684  OneSyncSvc - ok
11:01:22.0865 0x0684  ose - ok
11:01:22.0868 0x0684  osppsvc - ok
11:01:22.0871 0x0684  p2pimsvc - ok
11:01:22.0874 0x0684  p2psvc - ok
11:01:22.0877 0x0684  Parport - ok
11:01:22.0880 0x0684  partmgr - ok
11:01:22.0883 0x0684  PcaSvc - ok
11:01:22.0886 0x0684  pci - ok
11:01:22.0889 0x0684  pciide - ok
11:01:22.0891 0x0684  pcmcia - ok
11:01:22.0894 0x0684  pcw - ok
11:01:22.0897 0x0684  pdc - ok
11:01:22.0900 0x0684  PEAUTH - ok
11:01:22.0903 0x0684  PeerDistSvc - ok
11:01:22.0907 0x0684  percsas2i - ok
11:01:22.0911 0x0684  percsas3i - ok
11:01:22.0916 0x0684  PerfHost - ok
11:01:22.0923 0x0684  Pharos Systems ComTaskMaster - ok
11:01:22.0926 0x0684  PhoneSvc - ok
11:01:22.0929 0x0684  PimIndexMaintenanceSvc - ok
11:01:22.0933 0x0684  pla - ok
11:01:22.0936 0x0684  PlugPlay - ok
11:01:22.0938 0x0684  Pml Driver HPZ12 - ok
11:01:22.0942 0x0684  PNRPAutoReg - ok
11:01:22.0945 0x0684  PNRPsvc - ok
11:01:22.0949 0x0684  PolicyAgent - ok
11:01:22.0956 0x0684  Power - ok
11:01:22.0960 0x0684  Power Manager DBC Service - ok
11:01:22.0963 0x0684  PptpMiniport - ok
11:01:22.0966 0x0684  PrintNotify - ok
11:01:22.0970 0x0684  Processor - ok
11:01:22.0972 0x0684  ProfSvc - ok
11:01:22.0975 0x0684  psadd - ok
11:01:22.0978 0x0684  Psched - ok
11:01:22.0981 0x0684  QWAVE - ok
11:01:22.0984 0x0684  QWAVEdrv - ok
11:01:22.0987 0x0684  RasAcd - ok
11:01:22.0989 0x0684  RasAgileVpn - ok
11:01:22.0992 0x0684  RasAuto - ok
11:01:22.0995 0x0684  Rasl2tp - ok
11:01:22.0998 0x0684  RasMan - ok
11:01:23.0001 0x0684  RasPppoe - ok
11:01:23.0004 0x0684  RasSstp - ok
11:01:23.0007 0x0684  rdbss - ok
11:01:23.0011 0x0684  rdpbus - ok
11:01:23.0016 0x0684  RDPDR - ok
11:01:23.0023 0x0684  RdpVideoMiniport - ok
11:01:23.0026 0x0684  rdyboost - ok
11:01:23.0029 0x0684  ReFSv1 - ok
11:01:23.0034 0x0684  RemoteAccess - ok
11:01:23.0037 0x0684  RemoteRegistry - ok
11:01:23.0040 0x0684  RetailDemo - ok
11:01:23.0042 0x0684  RFCOMM - ok
11:01:23.0045 0x0684  RmSvc - ok
11:01:23.0049 0x0684  RpcEptMapper - ok
11:01:23.0052 0x0684  RpcLocator - ok
11:01:23.0055 0x0684  RpcSs - ok
11:01:23.0059 0x0684  rspndr - ok
11:01:23.0062 0x0684  RTSPER - ok
11:01:23.0065 0x0684  rtsuvc - ok
11:01:23.0070 0x0684  s3cap - ok
11:01:23.0072 0x0684  SamSs - ok
11:01:23.0075 0x0684  SAService - ok
11:01:23.0079 0x0684  sbp2port - ok
11:01:23.0084 0x0684  SCardSvr - ok
11:01:23.0088 0x0684  ScDeviceEnum - ok
11:01:23.0091 0x0684  scfilter - ok
11:01:23.0094 0x0684  Schedule - ok
11:01:23.0097 0x0684  scmbus - ok
11:01:23.0100 0x0684  scmdisk0101 - ok
11:01:23.0103 0x0684  SCPolicySvc - ok
11:01:23.0106 0x0684  sdbus - ok
11:01:23.0108 0x0684  SDRSVC - ok
11:01:23.0111 0x0684  sdstor - ok
11:01:23.0115 0x0684  seclogon - ok
11:01:23.0118 0x0684  SENS - ok
11:01:23.0121 0x0684  Sense - ok
11:01:23.0124 0x0684  SensorDataService - ok
11:01:23.0127 0x0684  SensorService - ok
11:01:23.0129 0x0684  SensorsHIDClassDriver - ok
11:01:23.0132 0x0684  SensrSvc - ok
11:01:23.0135 0x0684  SerCx - ok
11:01:23.0138 0x0684  SerCx2 - ok
11:01:23.0141 0x0684  Serenum - ok
11:01:23.0146 0x0684  Serial - ok
11:01:23.0194 0x0684  sermouse - ok
11:01:23.0202 0x0684  SessionEnv - ok
11:01:23.0209 0x0684  sfloppy - ok
11:01:23.0213 0x0684  SharedAccess - ok
11:01:23.0223 0x0684  ShellHWDetection - ok
11:01:23.0226 0x0684  Shockprf - ok
11:01:23.0229 0x0684  shpamsvc - ok
11:01:23.0233 0x0684  SiSRaid2 - ok
11:01:23.0236 0x0684  SiSRaid4 - ok
11:01:23.0239 0x0684  SkypeUpdate - ok
11:01:23.0243 0x0684  SmbDrvI - ok
11:01:23.0246 0x0684  SMIDriver - ok
11:01:23.0250 0x0684  smphost - ok
11:01:23.0253 0x0684  SmsRouter - ok
11:01:23.0259 0x0684  SNMPTRAP - ok
11:01:23.0261 0x0684  spaceport - ok
11:01:23.0265 0x0684  SpbCx - ok
11:01:23.0268 0x0684  Spooler - ok
11:01:23.0271 0x0684  sppsvc - ok
11:01:23.0274 0x0684  srv - ok
11:01:23.0277 0x0684  srv2 - ok
11:01:23.0281 0x0684  srvnet - ok
11:01:23.0284 0x0684  SSDPSRV - ok
11:01:23.0287 0x0684  SstpSvc - ok
11:01:23.0290 0x0684  ssudmdm - ok
11:01:23.0293 0x0684  StateRepository - ok
11:01:23.0296 0x0684  stexstor - ok
11:01:23.0300 0x0684  stisvc - ok
11:01:23.0304 0x0684  storahci - ok
11:01:23.0308 0x0684  storflt - ok
11:01:23.0312 0x0684  stornvme - ok
11:01:23.0315 0x0684  storqosflt - ok
11:01:23.0318 0x0684  StorSvc - ok
11:01:23.0321 0x0684  storufs - ok
11:01:23.0324 0x0684  storvsc - ok
11:01:23.0327 0x0684  SUService - ok
11:01:23.0330 0x0684  svsvc - ok
11:01:23.0333 0x0684  swenum - ok
11:01:23.0336 0x0684  swprv - ok
11:01:23.0339 0x0684  SynaMetSMI - ok
11:01:23.0342 0x0684  Synth3dVsc - ok
11:01:23.0345 0x0684  SynTP - ok
11:01:23.0348 0x0684  SynTPEnhService - ok
11:01:23.0352 0x0684  SysMain - ok
11:01:23.0355 0x0684  SystemEventsBroker - ok
11:01:23.0358 0x0684  TabletInputService - ok
11:01:23.0361 0x0684  TapiSrv - ok
11:01:23.0364 0x0684  Tcpip - ok
11:01:23.0367 0x0684  Tcpip6 - ok
11:01:23.0371 0x0684  tcpipreg - ok
11:01:23.0376 0x0684  tdx - ok
11:01:23.0379 0x0684  terminpt - ok
11:01:23.0383 0x0684  TermService - ok
11:01:23.0386 0x0684  Themes - ok
11:01:23.0389 0x0684  TieringEngineService - ok
11:01:23.0392 0x0684  tiledatamodelsvc - ok
11:01:23.0395 0x0684  TimeBrokerSvc - ok
11:01:23.0398 0x0684  TPDIGIMN - ok
11:01:23.0401 0x0684  TPHDEXLGSVC - ok
11:01:23.0405 0x0684  TPHKLOAD - ok
11:01:23.0410 0x0684  TPM - ok
11:01:23.0414 0x0684  TPPWRIF - ok
11:01:23.0418 0x0684  TrkWks - ok
11:01:23.0420 0x0684  truecrypt - ok
11:01:23.0423 0x0684  TrustedInstaller - ok
11:01:23.0428 0x0684  tsusbflt - ok
11:01:23.0430 0x0684  TsUsbGD - ok
11:01:23.0435 0x0684  tsusbhub - ok
11:01:23.0441 0x0684  tunnel - ok
11:01:23.0444 0x0684  tzautoupdate - ok
11:01:23.0448 0x0684  UASPStor - ok
11:01:23.0451 0x0684  UcmCx0101 - ok
11:01:23.0454 0x0684  UcmTcpciCx0101 - ok
11:01:23.0458 0x0684  UcmUcsi - ok
11:01:23.0461 0x0684  Ucx01000 - ok
11:01:23.0464 0x0684  UdeCx - ok
11:01:23.0467 0x0684  udfs - ok
11:01:23.0470 0x0684  UEFI - ok
11:01:23.0473 0x0684  UevAgentDriver - ok
11:01:23.0476 0x0684  UevAgentService - ok
11:01:23.0479 0x0684  Ufx01000 - ok
11:01:23.0482 0x0684  UfxChipidea - ok
11:01:23.0486 0x0684  ufxsynopsys - ok
11:01:23.0491 0x0684  UI0Detect - ok
11:01:23.0495 0x0684  umbus - ok
11:01:23.0498 0x0684  UmPass - ok
11:01:23.0501 0x0684  UmRdpService - ok
11:01:23.0504 0x0684  UnistoreSvc - ok
11:01:23.0517 0x0684  upnphost - ok
11:01:23.0520 0x0684  UrsChipidea - ok
11:01:23.0523 0x0684  UrsCx01000 - ok
11:01:23.0526 0x0684  UrsSynopsys - ok
11:01:23.0529 0x0684  USBAAPL64 - ok
11:01:23.0533 0x0684  usbccgp - ok
11:01:23.0537 0x0684  usbcir - ok
11:01:23.0540 0x0684  usbehci - ok
11:01:23.0543 0x0684  usbhub - ok
11:01:23.0546 0x0684  USBHUB3 - ok
11:01:23.0551 0x0684  usbohci - ok
11:01:23.0555 0x0684  usbprint - ok
11:01:23.0558 0x0684  usbser - ok
11:01:23.0561 0x0684  USBSTOR - ok
11:01:23.0564 0x0684  usbuhci - ok
11:01:23.0567 0x0684  USBXHCI - ok
11:01:23.0570 0x0684  UserDataSvc - ok
11:01:23.0576 0x0684  UserManager - ok
11:01:23.0579 0x0684  UsoSvc - ok
11:01:23.0583 0x0684  VaultSvc - ok
11:01:23.0586 0x0684  vdrvroot - ok
11:01:23.0589 0x0684  vds - ok
11:01:23.0592 0x0684  VerifierExt - ok
11:01:23.0595 0x0684  vhdmp - ok
11:01:23.0598 0x0684  vhf - ok
11:01:23.0601 0x0684  vmbus - ok
11:01:23.0604 0x0684  VMBusHID - ok
11:01:23.0608 0x0684  vmgid - ok
11:01:23.0612 0x0684  vmicguestinterface - ok
11:01:23.0615 0x0684  vmicheartbeat - ok
11:01:23.0619 0x0684  vmickvpexchange - ok
11:01:23.0622 0x0684  vmicrdv - ok
11:01:23.0625 0x0684  vmicshutdown - ok
11:01:23.0628 0x0684  vmictimesync - ok
11:01:23.0631 0x0684  vmicvmsession - ok
11:01:23.0635 0x0684  vmicvss - ok
11:01:23.0638 0x0684  volmgr - ok
11:01:23.0642 0x0684  volmgrx - ok
11:01:23.0646 0x0684  volsnap - ok
11:01:23.0650 0x0684  volume - ok
11:01:23.0653 0x0684  vpci - ok
11:01:23.0656 0x0684  vpnagent - ok
11:01:23.0660 0x0684  vpnva - ok
11:01:23.0663 0x0684  vsmraid - ok
11:01:23.0666 0x0684  VSS - ok
11:01:23.0669 0x0684  VSTXRAID - ok
11:01:23.0674 0x0684  vwifibus - ok
11:01:23.0678 0x0684  vwififlt - ok
11:01:23.0681 0x0684  vwifimp - ok
11:01:23.0685 0x0684  W32Time - ok
11:01:23.0688 0x0684  w3logsvc - ok
11:01:23.0691 0x0684  WacomPen - ok
11:01:23.0694 0x0684  WalletService - ok
11:01:23.0698 0x0684  wanarp - ok
11:01:23.0701 0x0684  wanarpv6 - ok
11:01:23.0704 0x0684  WAS - ok
11:01:23.0707 0x0684  wbengine - ok
11:01:23.0710 0x0684  WbioSrvc - ok
11:01:23.0713 0x0684  wcifs - ok
11:01:23.0717 0x0684  Wcmsvc - ok
11:01:23.0720 0x0684  wcncsvc - ok
11:01:23.0724 0x0684  wcnfs - ok
11:01:23.0727 0x0684  WdBoot - ok
11:01:23.0730 0x0684  Wdf01000 - ok
11:01:23.0733 0x0684  WdFilter - ok
11:01:23.0736 0x0684  WdiServiceHost - ok
11:01:23.0739 0x0684  WdiSystemHost - ok
11:01:23.0742 0x0684  wdiwifi - ok
11:01:23.0746 0x0684  WdNisDrv - ok
11:01:23.0749 0x0684  WdNisSvc - ok
11:01:23.0752 0x0684  WebClient - ok
11:01:23.0755 0x0684  Wecsvc - ok
11:01:23.0758 0x0684  WEPHOSTSVC - ok
11:01:23.0762 0x0684  wercplsupport - ok
11:01:23.0766 0x0684  WerSvc - ok
11:01:23.0769 0x0684  WFPLWFS - ok
11:01:23.0774 0x0684  WiaRpc - ok
11:01:23.0780 0x0684  WIMMount - ok
11:01:23.0783 0x0684  WinDefend - ok
11:01:23.0790 0x0684  WindowsTrustedRT - ok
11:01:23.0793 0x0684  WindowsTrustedRTProxy - ok
11:01:23.0796 0x0684  WinHttpAutoProxySvc - ok
11:01:23.0800 0x0684  WinMad - ok
11:01:23.0806 0x0684  Winmgmt - ok
11:01:23.0809 0x0684  WinRM - ok
11:01:23.0815 0x0684  WINUSB - ok
11:01:23.0819 0x0684  WinVerbs - ok
11:01:23.0822 0x0684  wisvc - ok
11:01:23.0825 0x0684  WlanSvc - ok
11:01:23.0829 0x0684  wlidsvc - ok
11:01:23.0832 0x0684  WmiAcpi - ok
11:01:23.0837 0x0684  wmiApSrv - ok
11:01:23.0840 0x0684  WMPNetworkSvc - ok
11:01:23.0843 0x0684  Wof - ok
11:01:23.0850 0x0684  workfolderssvc - ok
11:01:23.0854 0x0684  WPDBusEnum - ok
11:01:23.0864 0x0684  WpdUpFltr - ok
11:01:23.0867 0x0684  WpnService - ok
11:01:23.0871 0x0684  WpnUserService - ok
11:01:23.0878 0x0684  ws2ifsl - ok
11:01:23.0881 0x0684  wscsvc - ok
11:01:23.0884 0x0684  WSDPrintDevice - ok
11:01:23.0888 0x0684  WSDScan - ok
11:01:23.0891 0x0684  WSearch - ok
11:01:23.0897 0x0684  wuauserv - ok
11:01:23.0902 0x0684  WudfPf - ok
11:01:23.0905 0x0684  WUDFRd - ok
11:01:23.0908 0x0684  wudfsvc - ok
11:01:23.0911 0x0684  WUDFWpdFs - ok
11:01:23.0916 0x0684  WUDFWpdMtp - ok
11:01:23.0919 0x0684  WwanSvc - ok
11:01:23.0923 0x0684  XblAuthManager - ok
11:01:23.0926 0x0684  XblGameSave - ok
11:01:23.0929 0x0684  xboxgip - ok
11:01:23.0932 0x0684  XboxNetApiSvc - ok
11:01:23.0936 0x0684  xinputhid - ok
11:01:23.0941 0x0684  XtuAcpiDriver - ok
11:01:23.0943 0x0684  ================ Scan global ===============================
11:01:23.0944 0x0684  [ Global ] - ok
11:01:23.0945 0x0684  ================ Scan MBR ==================================
11:01:23.0948 0x0684  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
11:01:23.0956 0x0684  \Device\Harddisk0\DR0 - ok
11:01:23.0956 0x0684  ================ Scan VBR ==================================
11:01:23.0958 0x0684  [ 01C9DBB71044037B176D1FC5562CE3CE ] \Device\Harddisk0\DR0\Partition1
11:01:23.0959 0x0684  \Device\Harddisk0\DR0\Partition1 - ok
11:01:23.0961 0x0684  [ D05ED8AA2F79CD81952BD8A0D2012F12 ] \Device\Harddisk0\DR0\Partition2
11:01:23.0961 0x0684  \Device\Harddisk0\DR0\Partition2 - ok
11:01:23.0964 0x0684  [ 044FE5BAB23731CC10E769BE5168B820 ] \Device\Harddisk0\DR0\Partition3
11:01:23.0965 0x0684  \Device\Harddisk0\DR0\Partition3 - ok
11:01:23.0967 0x0684  [ 405B37A7ABF85B4D4DC7F79A42558135 ] \Device\Harddisk0\DR0\Partition4
11:01:23.0968 0x0684  \Device\Harddisk0\DR0\Partition4 - ok
11:01:23.0970 0x0684  [ 25F6359872C950FF038CB579489E8024 ] \Device\Harddisk0\DR0\Partition5
11:01:23.0972 0x0684  \Device\Harddisk0\DR0\Partition5 - ok
11:01:23.0972 0x0684  ================ Scan generic autorun ======================
11:01:23.0973 0x0684  TpShocks - ok
11:01:23.0974 0x0684  LENOVO.TPKNRRES - ok
11:01:23.0975 0x0684  Intel(R) WiDi Receiver Updater - ok
11:01:23.0976 0x0684  AdobeAAMUpdater-1.0 - ok
11:01:23.0977 0x0684  iTunesHelper - ok
11:01:23.0979 0x0684  WindowsDefender - ok
11:01:23.0980 0x0684  OneLinkManager - ok
11:01:23.0981 0x0684  Dropbox - ok
11:01:23.0983 0x0684  Cisco AnyConnect Secure Mobility Agent for Windows - ok
11:01:23.0984 0x0684  Acrobat Assistant 8.0 - ok
11:01:23.0985 0x0684  OneDriveSetup - ok
11:01:23.0986 0x0684  OneDriveSetup - ok
11:01:23.0987 0x0684  OneDrive - ok
11:01:23.0988 0x0684  Spotify Web Helper - ok
11:01:23.0990 0x0684  Spotify - ok
11:01:23.0991 0x0684  f.lux - ok
11:01:23.0992 0x0684  Adobe Acrobat Synchronizer - ok
11:01:23.0993 0x0684  Skype - ok
11:01:23.0995 0x0684  OneDrive - ok
11:01:24.0031 0x0684  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
11:01:24.0042 0x0684  Win FW state via NFP2: disabled ( not trusted )
11:01:24.0265 0x0684  ============================================================
11:01:24.0265 0x0684  Scan finished
11:01:24.0265 0x0684  ============================================================
11:01:24.0274 0x2510  Detected object count: 0
11:01:24.0274 0x2510  Actual detected object count: 0
         

Alt 16.11.2016, 00:13   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2016, 00:36   #8
the_clown
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Ok done - weiterhin vielen Dank fuer die zuegigen Anworten

Ein Ereignis beim Ausfuehren von ADWCleaner: Ploetzlich fragte mich Windows, ob ich Probleme bei der Soundkarte habe (wenn ja, bitte hier klicken, was mich auf eine MS Site geleitet hat.

Hier die Logfiles:

Code:
ATTFilter
# AdwCleaner v6.030 - Logfile created 15/11/2016 at 18:24:30
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-15.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Flo - FLO-PC
# Running from : C:\Users\Flo\Downloads\AdwCleaner_6.030.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

File Found:  C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Data Found:  HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.lenovo.com
Data Found:  HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.lenovo.com
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.lenovo.com
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.lenovo.com
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.lenovo.com
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.lenovo.com


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2003 Bytes] - [15/11/2016 18:24:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2076 Bytes] ##########
         

Code:
ATTFilter
# AdwCleaner v6.030 - Logfile created 15/11/2016 at 18:25:34
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-15.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Flo - FLO-PC
# Running from : C:\Users\Flo\Downloads\AdwCleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Data restored: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] 
[-] Data restored: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] 


***** [ Web browsers ] *****

[-] [C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: Proxy settings cleared
:: IE policies deleted
:: Chrome preferences reset: C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1915 Bytes] - [15/11/2016 18:25:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [2163 Bytes] - [15/11/2016 18:24:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2061 Bytes] ##########
         

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x64 
Ran by Flo (Administrator) on Tue 11/15/2016 at 18:31:02.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\ProgramData\1476593178.bdinstall.bin (File) 



Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B0CBF6BF-5D86-418F-861A-FB36709F999B} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/15/2016 at 18:32:28.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 16.11.2016, 01:06   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2016, 01:29   #10
the_clown
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Hier der frische FRST Scan:

Zunaechst FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Flo (administrator) on FLO-PC (15-11-2016 19:26:18)
Running from C:\Users\Flo\Downloads
Loaded Profiles: Flo (Available Profiles: Flo & Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\InstantOn\InstantOnSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Node.js) C:\Windows\Prey\versions\1.6.3\bin\node.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.6.3\node_modules\triggers\bin\lightevt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [555688 2015-08-21] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [296648 2015-09-29] (Lenovo Group Limited)
HKLM\...\Run: [Intel(R) WiDi Receiver Updater] => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [89600 2015-10-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-15] (Microsoft Corporation)
HKLM-x32\...\Run: [OneLinkManager] => C:\Program Files (x86)\Lenovo\OneLink Plus Dock\onelinkpromgn.exe [1083904 2015-05-29] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25673776 2016-11-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1209344 2016-07-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-09-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Run: [Spotify Web Helper] => C:\Users\Flo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-10] (Spotify Ltd)
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Run: [Spotify] => C:\Users\Flo\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-10] (Spotify Ltd)
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Run: [f.lux] => C:\Users\Flo\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-09-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2e783c49-88ea-42d2-abf2-20773d4b53ca}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{410e1da1-adce-4c86-bc03-bb749a8bc665}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{b0453f8d-2581-40d0-9d4b-f11d4f9dc3f6}: [DhcpNameServer] 172.168.127.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001 -> DefaultScope {B0CBF6BF-5D86-418F-861A-FB36709F999B} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: h7t66pve.default
FF ProfilePath: C:\Users\Flo\AppData\Roaming\Zotero\Zotero\Profiles\h7t66pve.default [2016-11-06]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2016-09-13] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2016-09-13] [not signed]
FF ProfilePath: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948 [2016-11-15]
FF Session Restore: Mozilla\Firefox\Profiles\1jensfee.default-1476142928948 -> is enabled.
FF Extension: (InvisibleHand) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2016-11-09]
FF Extension: (Dict.cc Translation) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\searchdictcc@roughael.xpi [2016-10-11]
FF Extension: (LastPass) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\support@lastpass.com [2016-10-11]
FF Extension: (Zotero) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\zotero@chnm.gmu.edu.xpi [2016-11-02]
FF Extension: (Video DownloadHelper) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-11]
FF Extension: (Adblock Plus) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28]
FF Extension: (Greasemonkey) - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\1jensfee.default-1476142928948\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-10-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-10-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2505514951-2072466002-1266771838-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\Flo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.96\npGatewayNpapi.dll [2016-08-18] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2505514951-2072466002-1266771838-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\Flo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.96\npGatewayNpapi-x64.dll [2016-08-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Flo\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-09-23] (Cisco WebEx LLC)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-10-15] (Fork, Ltd.) [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-05-12] (Conexant Systems, Inc.) [File not signed]
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [154816 2016-07-18] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-13] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-11-07] (Dropbox, Inc.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [125032 2015-06-26] (Intel Corporation)
S3 IEEtwCollectorService; C:\windows\system32\IEEtwCollector.exe [114688 2016-08-31] (Microsoft Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [61256 2016-10-05] (Lenovo Group Limited)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 Lenovo Instant On; C:\Program Files\Lenovo\InstantOn\InstantOnSrv.exe [3123728 2016-07-20] (Lenovo Group Limited)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197320 2015-09-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [114632 2015-07-13] (Lenovo Group Limited)
S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Aviata, Inc.)
S2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-09-06] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [1725952 2015-12-12] (Pharos Systems International) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 SAService; C:\WINDOWS\system32\SAsrv.exe [416256 2016-07-05] (Conexant Systems, Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28544 2016-09-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [275032 2016-10-25] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d62x64.sys [519680 2015-12-08] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [47896 2015-11-05] (Intel)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [258832 2015-07-06] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation)
R1 InstantOn; C:\Program Files\Lenovo\InstantOn\InstantOn.sys [25856 2015-10-14] (Lenovo Group Limited)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [135448 2015-11-08] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [71448 2015-11-08] (Intel)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-08-18] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3119360 2016-05-25] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [80992 2016-10-25] (Synaptics Incorporated)
S1 SMIDriver; C:\WINDOWS\system32\DRIVERS\SynaSmi.sys [46896 2016-07-26] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 SynaMetSMI; C:\WINDOWS\system32\DRIVERS\SynaSmi.sys [46896 2016-07-26] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-07-10] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 18:30 - 2016-11-15 18:30 - 01631928 _____ (Malwarebytes) C:\Users\Flo\Downloads\JRT.exe
2016-11-15 18:21 - 2016-11-15 18:25 - 00000000 ____D C:\AdwCleaner
2016-11-15 18:20 - 2016-11-15 18:21 - 03910208 _____ C:\Users\Flo\Downloads\AdwCleaner_6.030.exe
2016-11-15 11:01 - 2016-11-15 11:36 - 00060484 _____ C:\TDSSKiller.3.1.0.12_15.11.2016_11.01.00_log.txt
2016-11-15 11:00 - 2016-11-15 11:00 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Flo\Downloads\tdsskiller.exe
2016-11-15 10:51 - 2016-11-15 11:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-15 10:49 - 2016-11-15 10:50 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Flo\Downloads\mbar-1.09.3.1001.exe
2016-11-14 19:58 - 2016-11-14 19:58 - 00033172 _____ C:\Users\Flo\Downloads\FRST_Logss.zip
2016-11-14 19:52 - 2016-11-14 19:53 - 00056041 _____ C:\Users\Flo\Downloads\Addition.txt
2016-11-14 19:51 - 2016-11-15 19:26 - 00028508 _____ C:\Users\Flo\Downloads\FRST.txt
2016-11-14 19:50 - 2016-11-15 19:26 - 00000000 ____D C:\FRST
2016-11-14 19:50 - 2016-11-14 19:50 - 02411520 _____ (Farbar) C:\Users\Flo\Downloads\FRST64.exe
2016-11-13 22:55 - 2016-11-13 22:55 - 93742208 _____ (Intel(R) Corporation) C:\Users\Flo\Downloads\Wireless_19.20.0_PROSet64_Win10.exe
2016-11-13 19:46 - 2016-11-13 19:46 - 00996238 _____ C:\Users\Flo\Downloads\BEDE15_0989_BPM_Mgmt_Summary_final_web.pdf
2016-11-13 19:30 - 2016-11-13 19:30 - 00002584 _____ C:\Users\Flo\Downloads\HSoG_Academic_Transcript.pdf
2016-11-12 15:01 - 2016-11-12 15:14 - 330916357 _____ C:\Users\Flo\Downloads\quantico.s01e04.dvdrip.x264-demand.mkv
2016-11-11 18:48 - 2016-11-11 18:48 - 00249393 _____ C:\Users\Flo\Downloads\your-ticket(1).pdf
2016-11-11 18:47 - 2016-11-11 18:47 - 00257280 _____ C:\Users\Flo\Downloads\your-ticket.pdf
2016-11-11 18:19 - 2016-11-11 18:19 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-11 17:49 - 2016-11-11 17:49 - 913269832 _____ C:\WINDOWS\MEMORY.DMP
2016-11-11 17:49 - 2016-11-11 17:49 - 00938604 _____ C:\WINDOWS\Minidump\111116-5421-01.dmp
2016-11-11 17:49 - 2016-11-11 17:49 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-11 11:25 - 2016-11-11 11:26 - 320241408 _____ C:\Users\Flo\Downloads\quantico.s01e03.dvdrip.x264-demand.mkv
2016-11-11 11:22 - 2016-11-11 11:23 - 03127765 _____ C:\Users\Flo\Desktop\stratfor.pdf
2016-11-11 11:21 - 2016-11-11 11:22 - 09191788 _____ C:\Users\Flo\Desktop\FP.pdf
2016-11-10 15:58 - 2016-11-10 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-10 15:37 - 2016-11-15 18:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-10 15:37 - 2016-11-15 10:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-10 15:37 - 2016-11-10 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-11-10 15:37 - 2016-11-10 15:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-10 15:37 - 2016-11-10 15:37 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-11-10 15:37 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-10 15:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-10 15:36 - 2016-11-10 15:36 - 22851472 _____ (Malwarebytes ) C:\Users\Flo\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-10 15:35 - 2016-11-10 15:36 - 177912864 _____ (Kaspersky Lab) C:\Users\Flo\Downloads\kis17.0.0.611en_10743.exe
2016-11-10 15:34 - 2016-11-10 15:34 - 00029179 _____ C:\ProgramData\agent.1478810036.bdinstall.bin
2016-11-10 15:29 - 2016-11-10 15:29 - 00000000 ____D C:\Users\Flo\AppData\Local\TempOfficeC2R4B6C70D2-6839-4002-B705-9E8628A729A5
2016-11-10 15:28 - 2016-11-10 15:28 - 00020434 _____ C:\ProgramData\agent.1478809723.bdinstall.bin
2016-11-10 15:14 - 2016-11-10 15:36 - 381971213 _____ C:\Users\Flo\Downloads\quantico.s01e02.dvdrip.x264-demand.mkv
2016-11-10 11:42 - 2016-11-10 11:42 - 00000000 ____D C:\Users\Flo\AppData\Local\TempOfficeC2R6F8D2ECE-FDDA-46CE-AF23-E0B25F9CFEC7
2016-11-09 20:01 - 2016-11-09 20:09 - 1096836983 _____ C:\Users\Flo\Downloads\Interstellar.2014.720p.BluRay.x264.YIFY.mp4
2016-11-08 21:20 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-08 21:20 - 2016-11-02 07:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-08 21:20 - 2016-11-02 06:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-08 21:20 - 2016-11-02 06:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-08 21:20 - 2016-11-02 06:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-08 21:20 - 2016-11-02 06:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-08 21:20 - 2016-11-02 06:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-08 21:20 - 2016-11-02 06:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-08 21:20 - 2016-11-02 06:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-08 21:20 - 2016-11-02 06:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-08 21:20 - 2016-11-02 06:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-08 21:20 - 2016-11-02 06:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-08 21:20 - 2016-11-02 06:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-08 21:20 - 2016-11-02 06:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-08 21:20 - 2016-11-02 06:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-08 21:20 - 2016-11-02 06:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-08 21:20 - 2016-11-02 06:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-08 21:20 - 2016-11-02 06:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-08 21:20 - 2016-11-02 06:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-08 21:20 - 2016-11-02 06:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-08 21:20 - 2016-11-02 06:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-08 21:20 - 2016-11-02 06:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-08 21:20 - 2016-11-02 06:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-08 21:20 - 2016-11-02 06:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-08 21:20 - 2016-11-02 06:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-08 21:20 - 2016-11-02 06:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-08 21:20 - 2016-11-02 06:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-08 21:20 - 2016-11-02 06:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-08 21:20 - 2016-11-02 06:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-08 21:20 - 2016-11-02 06:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-08 21:20 - 2016-11-02 06:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-08 21:20 - 2016-11-02 06:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-08 21:20 - 2016-11-02 06:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-08 21:20 - 2016-11-02 06:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-08 21:20 - 2016-11-02 06:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-08 21:20 - 2016-11-02 06:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-08 21:20 - 2016-11-02 06:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-08 21:20 - 2016-11-02 06:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-08 21:20 - 2016-11-02 06:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-08 21:20 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-08 21:20 - 2016-11-02 05:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-08 21:20 - 2016-11-02 05:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-08 21:20 - 2016-11-02 05:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-08 21:20 - 2016-11-02 05:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-08 21:20 - 2016-11-02 05:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-08 21:20 - 2016-11-02 05:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-08 21:20 - 2016-11-02 05:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-08 21:20 - 2016-11-02 05:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-08 21:20 - 2016-11-02 05:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-08 21:20 - 2016-11-02 05:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-08 21:20 - 2016-11-02 05:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-08 21:20 - 2016-11-02 05:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-08 21:20 - 2016-11-02 05:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-08 21:20 - 2016-11-02 05:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-08 21:20 - 2016-11-02 05:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-08 21:20 - 2016-11-02 05:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-08 21:20 - 2016-11-02 05:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-08 21:20 - 2016-11-02 05:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-08 21:20 - 2016-11-02 05:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-08 21:20 - 2016-11-02 05:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-08 21:20 - 2016-11-02 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-08 21:20 - 2016-11-02 05:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-08 21:20 - 2016-11-02 05:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-08 21:20 - 2016-11-02 05:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-08 21:20 - 2016-11-02 05:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-08 21:20 - 2016-11-02 05:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-08 21:20 - 2016-11-02 05:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-08 21:20 - 2016-11-02 05:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-08 21:20 - 2016-11-02 05:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-08 21:20 - 2016-11-02 05:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-08 21:20 - 2016-11-02 05:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 21:20 - 2016-11-02 05:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-08 21:20 - 2016-11-02 05:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-08 21:20 - 2016-11-02 05:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-08 21:20 - 2016-11-02 05:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-08 21:20 - 2016-11-02 05:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-08 21:20 - 2016-11-02 05:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-08 21:20 - 2016-11-02 05:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-08 21:20 - 2016-11-02 05:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-08 21:20 - 2016-11-02 05:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-08 21:20 - 2016-11-02 05:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-08 21:20 - 2016-11-02 05:37 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2016-11-08 21:20 - 2016-11-02 05:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-08 21:20 - 2016-11-02 05:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-08 21:20 - 2016-11-02 05:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2016-11-08 21:20 - 2016-11-02 05:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-08 21:20 - 2016-11-02 05:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-08 21:20 - 2016-11-02 05:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-08 21:20 - 2016-11-02 05:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-08 21:20 - 2016-11-02 05:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-08 21:20 - 2016-11-02 05:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-08 21:20 - 2016-11-02 05:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-08 21:20 - 2016-11-02 05:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-08 21:20 - 2016-11-02 05:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-08 21:20 - 2016-11-02 05:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-08 21:20 - 2016-11-02 05:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-08 21:20 - 2016-11-02 05:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-08 21:20 - 2016-11-02 05:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-08 21:20 - 2016-11-02 05:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-08 21:20 - 2016-11-02 05:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-08 21:20 - 2016-11-02 05:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-08 21:20 - 2016-11-02 05:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-08 21:20 - 2016-11-02 05:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-08 21:20 - 2016-11-02 05:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-08 21:20 - 2016-11-02 05:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-08 21:20 - 2016-11-02 05:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-08 21:20 - 2016-11-02 05:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-08 21:20 - 2016-11-02 05:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-08 21:20 - 2016-11-02 05:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-08 21:20 - 2016-11-02 05:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-08 21:20 - 2016-11-02 05:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-08 21:20 - 2016-11-02 05:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-08 21:20 - 2016-11-02 05:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-08 21:20 - 2016-11-02 05:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-08 21:20 - 2016-11-02 05:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-08 21:20 - 2016-11-02 05:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-08 21:20 - 2016-11-02 05:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-08 21:20 - 2016-11-02 05:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-08 21:20 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-08 21:20 - 2016-11-02 05:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-08 21:20 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-08 21:20 - 2016-11-02 05:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-08 21:20 - 2016-11-02 05:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-08 21:20 - 2016-11-02 05:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-08 21:20 - 2016-11-02 05:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-08 21:20 - 2016-11-02 05:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-08 21:20 - 2016-11-02 05:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-08 21:20 - 2016-11-02 05:18 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-11-08 21:20 - 2016-11-02 05:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-08 21:20 - 2016-11-02 05:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-08 21:20 - 2016-11-02 05:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-08 21:20 - 2016-11-02 05:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-08 21:20 - 2016-11-02 05:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-08 21:20 - 2016-11-02 05:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-08 21:20 - 2016-11-02 05:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-08 21:20 - 2016-11-02 05:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-08 21:20 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-08 21:20 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-08 21:20 - 2016-11-02 03:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-08 21:20 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-08 17:16 - 2016-11-08 17:16 - 00512140 _____ C:\Users\Flo\Desktop\BearingPoint.pdf
2016-11-07 17:49 - 2016-11-07 17:49 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-11-07 17:49 - 2016-11-07 17:49 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-11-07 17:49 - 2016-11-07 17:49 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-11-07 17:49 - 2016-11-07 17:49 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-11-03 10:33 - 2016-11-03 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-03 10:33 - 2016-11-03 10:33 - 00000000 ____D C:\Program Files\iTunes
2016-11-03 10:33 - 2016-11-03 10:33 - 00000000 ____D C:\Program Files\iPod
2016-11-02 23:27 - 2016-11-02 23:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\Aviata
2016-11-02 23:26 - 2016-11-09 01:08 - 00000000 ____D C:\Users\Administrator
2016-11-02 23:26 - 2016-11-03 07:53 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2016-11-02 23:26 - 2016-11-02 23:27 - 00002435 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-02 23:26 - 2016-11-02 23:27 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-11-02 23:26 - 2016-11-02 23:26 - 00002343 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2016-11-02 23:26 - 2016-11-02 23:26 - 00001203 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2016-11-02 23:26 - 2016-11-02 23:26 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Lenovo
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Conexant
2016-11-02 23:26 - 2016-11-02 23:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Bitdefender Antivirus Free
2016-11-02 23:26 - 2016-09-14 22:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2016-11-02 23:26 - 2016-09-14 22:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-11-02 23:26 - 2016-07-10 11:37 - 00002111 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-11-02 17:27 - 2016-11-02 17:32 - 398900104 _____ C:\Users\Flo\Downloads\quantico.s01e01.dvdrip.x264-demand.mkv
2016-11-02 17:19 - 2016-11-02 17:19 - 01294175 _____ C:\Users\Flo\Desktop\Desktop.zip
2016-11-02 15:55 - 2016-11-02 15:55 - 00028749 _____ C:\ProgramData\agent.1478120101.bdinstall.bin
2016-11-01 22:05 - 2016-11-01 22:05 - 00141320 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2016-11-01 22:05 - 2016-11-01 22:05 - 00112136 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2016-11-01 22:05 - 2016-11-01 22:05 - 00101384 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2016-11-01 18:20 - 2016-11-01 18:27 - 1138656761 _____ C:\Users\Flo\Downloads\13.Hours.The.Secret.Soldiers.of.Benghazi.2016.720p.WEBRip.x264.AAC-ETRG.mp4
2016-11-01 16:34 - 2016-11-01 16:39 - 1180962509 _____ C:\Users\Flo\Downloads\Gravity.2013.720p.BluRay.H264.AAC-RARBG.mp4
2016-10-29 15:55 - 2016-10-29 15:57 - 00233472 _____ () C:\Users\Flo\Downloads\colorpicker.exe
2016-10-28 19:15 - 2016-10-28 19:15 - 00200286 _____ C:\WINDOWS\system32\gpreport.html
2016-10-28 19:01 - 2016-10-28 19:24 - 00000404 __RSH C:\ProgramData\ntuser.pol
2016-10-28 05:17 - 2016-11-11 17:57 - 00000000 ____D C:\Users\Flo\AppData\Local\ElevatedDiagnostics
2016-10-27 13:28 - 2016-10-14 23:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-27 13:28 - 2016-10-14 23:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-27 13:28 - 2016-10-14 23:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-27 13:28 - 2016-10-14 23:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-27 13:28 - 2016-10-14 23:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-27 13:28 - 2016-10-14 23:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-27 13:28 - 2016-10-14 23:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-27 13:28 - 2016-10-14 23:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-27 13:28 - 2016-10-14 23:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-27 13:28 - 2016-10-14 23:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-27 13:28 - 2016-10-14 23:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-27 13:28 - 2016-10-14 23:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-27 13:28 - 2016-10-14 23:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-27 13:28 - 2016-10-14 23:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-27 13:28 - 2016-10-14 23:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-27 13:28 - 2016-10-14 23:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-27 13:28 - 2016-10-14 23:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-27 13:28 - 2016-10-14 23:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-27 13:28 - 2016-10-14 23:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-27 13:28 - 2016-10-14 23:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-27 13:28 - 2016-10-14 23:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-27 13:28 - 2016-10-14 23:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-27 13:28 - 2016-10-14 23:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-27 13:28 - 2016-10-14 23:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-27 13:28 - 2016-10-14 23:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-27 13:28 - 2016-10-14 23:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-27 13:28 - 2016-10-14 23:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-27 13:28 - 2016-10-14 23:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-27 13:28 - 2016-10-14 23:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-27 13:28 - 2016-10-14 23:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-27 13:28 - 2016-10-14 23:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-27 13:28 - 2016-10-14 22:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-27 13:28 - 2016-10-14 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-27 13:28 - 2016-10-14 22:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-27 13:28 - 2016-10-14 22:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-27 13:28 - 2016-10-14 22:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-27 13:28 - 2016-10-14 22:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-27 13:28 - 2016-10-14 22:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-27 13:28 - 2016-10-14 22:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-27 13:28 - 2016-10-14 22:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-27 13:28 - 2016-10-14 22:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-27 13:28 - 2016-10-14 22:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-27 13:28 - 2016-10-14 22:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-27 13:28 - 2016-10-14 22:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-27 13:28 - 2016-10-14 22:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-27 13:28 - 2016-10-14 22:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-27 13:28 - 2016-10-14 22:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-27 13:28 - 2016-10-14 22:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-27 13:28 - 2016-10-14 22:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-27 13:28 - 2016-10-14 22:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-27 13:28 - 2016-10-14 22:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-27 13:28 - 2016-10-14 22:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-27 13:28 - 2016-10-14 22:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-27 13:28 - 2016-10-14 22:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-10-27 13:28 - 2016-10-14 22:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-27 13:28 - 2016-10-14 22:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-27 13:28 - 2016-10-14 22:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-27 13:28 - 2016-10-14 22:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-27 13:28 - 2016-10-14 22:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-27 13:28 - 2016-10-14 22:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-27 13:28 - 2016-10-14 22:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-27 13:28 - 2016-10-14 22:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-27 13:28 - 2016-10-14 22:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-27 13:28 - 2016-10-14 22:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-27 13:28 - 2016-10-14 22:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-27 13:28 - 2016-10-14 22:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-27 13:28 - 2016-10-14 22:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-27 13:28 - 2016-10-14 22:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 13:28 - 2016-10-14 22:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-27 13:28 - 2016-10-14 22:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-27 13:28 - 2016-10-14 22:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 13:28 - 2016-10-14 22:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-27 13:28 - 2016-10-14 22:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-27 13:28 - 2016-10-14 22:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-27 13:28 - 2016-10-14 22:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-27 13:28 - 2016-10-14 22:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-27 13:28 - 2016-10-14 22:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-27 13:28 - 2016-10-14 22:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-27 13:28 - 2016-10-14 22:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 13:28 - 2016-10-14 22:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-27 13:28 - 2016-10-14 22:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-27 13:28 - 2016-10-14 22:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-27 13:28 - 2016-10-14 22:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-27 13:28 - 2016-10-14 22:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-27 13:28 - 2016-10-14 22:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-27 13:28 - 2016-10-14 22:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-27 13:28 - 2016-10-14 22:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-27 13:28 - 2016-10-14 22:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-27 13:28 - 2016-10-14 22:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-27 13:28 - 2016-10-14 22:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-27 13:28 - 2016-10-14 22:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-27 13:28 - 2016-10-14 22:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-27 13:28 - 2016-10-14 22:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-27 13:28 - 2016-10-14 22:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-27 13:28 - 2016-10-14 22:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-27 13:28 - 2016-10-14 22:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-27 13:28 - 2016-10-14 22:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-27 13:28 - 2016-10-14 22:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-27 13:28 - 2016-10-14 22:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-27 13:28 - 2016-10-14 22:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-27 13:28 - 2016-10-14 22:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-27 13:28 - 2016-10-14 22:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-27 13:28 - 2016-09-10 08:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-27 13:28 - 2016-08-27 00:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-27 13:28 - 2016-08-05 23:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-27 13:27 - 2016-10-14 23:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-27 13:27 - 2016-10-14 23:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-27 13:27 - 2016-10-14 23:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-27 13:27 - 2016-10-14 23:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-27 13:27 - 2016-10-14 23:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-27 13:27 - 2016-10-14 23:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-27 13:27 - 2016-10-14 23:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-27 13:27 - 2016-10-14 23:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-27 13:27 - 2016-10-14 23:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-27 13:27 - 2016-10-14 23:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-27 13:27 - 2016-10-14 23:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-27 13:27 - 2016-10-14 23:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-27 13:27 - 2016-10-14 23:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-27 13:27 - 2016-10-14 23:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-27 13:27 - 2016-10-14 23:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-27 13:27 - 2016-10-14 23:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-27 13:27 - 2016-10-14 23:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-27 13:27 - 2016-10-14 23:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-27 13:27 - 2016-10-14 23:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-27 13:27 - 2016-10-14 23:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-27 13:27 - 2016-10-14 23:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-27 13:27 - 2016-10-14 23:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-27 13:27 - 2016-10-14 23:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-27 13:27 - 2016-10-14 23:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-27 13:27 - 2016-10-14 23:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-27 13:27 - 2016-10-14 23:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-27 13:27 - 2016-10-14 22:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-27 13:27 - 2016-10-14 22:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-27 13:27 - 2016-10-14 22:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-27 13:27 - 2016-10-14 22:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-27 13:27 - 2016-10-14 22:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-27 13:27 - 2016-10-14 22:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-27 13:27 - 2016-10-14 22:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-27 13:27 - 2016-10-14 22:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-27 13:27 - 2016-10-14 22:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-27 13:27 - 2016-10-14 22:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-27 13:27 - 2016-10-14 22:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-27 13:27 - 2016-10-14 22:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-27 13:27 - 2016-10-14 22:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-27 13:27 - 2016-10-14 22:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-27 13:27 - 2016-10-14 22:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-27 13:27 - 2016-10-14 22:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-27 13:27 - 2016-10-14 22:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-27 13:27 - 2016-10-14 22:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-27 13:27 - 2016-10-14 22:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-27 13:27 - 2016-10-14 22:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-27 13:27 - 2016-10-14 22:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-27 13:27 - 2016-10-14 22:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-27 13:27 - 2016-10-14 22:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-27 13:27 - 2016-10-14 22:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-27 13:27 - 2016-10-14 22:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-27 13:27 - 2016-10-14 22:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-27 13:27 - 2016-10-14 22:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 13:27 - 2016-10-14 22:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 13:27 - 2016-10-14 22:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-27 13:27 - 2016-10-14 22:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 13:27 - 2016-10-14 22:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-27 13:27 - 2016-10-14 22:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-27 13:27 - 2016-10-14 22:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-27 13:27 - 2016-10-14 22:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-27 13:27 - 2016-10-14 22:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-27 13:27 - 2016-10-14 22:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-27 13:27 - 2016-10-14 22:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-27 13:27 - 2016-10-14 22:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-27 13:27 - 2016-10-14 22:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-27 13:27 - 2016-10-14 22:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-27 13:27 - 2016-10-14 22:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-27 13:27 - 2016-10-14 22:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-27 13:27 - 2016-10-14 22:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-27 13:27 - 2016-10-14 22:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-27 13:27 - 2016-10-14 22:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-27 13:27 - 2016-10-14 22:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-27 13:27 - 2016-10-14 22:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-27 13:27 - 2016-10-14 22:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-27 13:27 - 2016-10-14 22:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-27 13:27 - 2016-10-14 22:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-26 20:19 - 2016-10-26 20:19 - 00000000 ____D C:\Users\Flo\Documents\My PDFill
2016-10-26 20:19 - 2016-10-26 20:19 - 00000000 ____D C:\ProgramData\PlotSoft
2016-10-26 20:19 - 2016-10-26 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-10-26 20:19 - 2016-10-26 20:19 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-10-26 18:56 - 2016-10-27 18:30 - 00000000 ____D C:\Users\Flo\AppData\Roaming\mIRC
2016-10-26 18:56 - 2016-10-26 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2016-10-26 18:56 - 2016-10-26 18:56 - 00000000 ____D C:\Program Files (x86)\mIRC
2016-10-25 17:19 - 2016-10-25 17:19 - 00443992 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2016-10-25 17:19 - 2016-10-25 17:19 - 00353368 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo50-4.dll
2016-10-25 17:19 - 2016-10-25 17:19 - 00080992 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2016-10-25 17:19 - 2016-10-25 17:19 - 00077408 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2016-10-25 17:19 - 2016-10-25 17:19 - 00074848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2016-10-21 04:37 - 2016-10-26 08:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 12:19 - 2016-10-20 12:19 - 02365296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2016-10-19 08:06 - 2016-10-19 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2016-10-18 20:45 - 2016-10-18 21:29 - 54303977 _____ C:\Users\Flo\Downloads\1482240556.pdf
2016-10-18 13:30 - 2016-10-18 14:29 - 00000000 ____D C:\Users\Flo\AppData\Local\Tableau
2016-10-18 13:30 - 2016-10-18 13:31 - 00000000 ____D C:\ProgramData\FLEXnet
2016-10-18 13:30 - 2016-10-18 13:30 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau 10.0.lnk
2016-10-18 13:30 - 2016-10-18 13:30 - 00000000 ____D C:\Users\Flo\Documents\My Tableau Repository
2016-10-18 13:30 - 2016-10-18 13:30 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2016-10-18 13:29 - 2016-10-18 13:29 - 00000875 _____ C:\WINDOWS\ODBCINST.INI
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\WINDOWS\system32\1033
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Redshift ODBC Driver (64-bit)
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files\Tableau
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files\psqlODBC
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files\MySQL
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files\Amazon Redshift ODBC Driver
2016-10-18 13:29 - 2016-10-18 13:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-10-16 10:58 - 2016-10-16 10:58 - 00026830 _____ C:\ProgramData\agent.1476633478.bdinstall.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 18:52 - 2016-09-14 16:41 - 00000000 ____D C:\Users\Flo\AppData\Roaming\vlc
2016-11-15 18:49 - 2016-09-15 23:57 - 00000000 ____D C:\Users\Flo\AppData\Roaming\Spotify
2016-11-15 18:44 - 2016-09-15 23:58 - 00000000 ____D C:\Users\Flo\AppData\Local\Spotify
2016-11-15 18:30 - 2016-09-14 22:36 - 01619680 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-15 18:29 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-15 18:27 - 2016-09-13 17:34 - 00000000 ___RD C:\Users\Flo\Dropbox
2016-11-15 18:26 - 2016-09-14 22:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-15 18:26 - 2016-09-14 22:35 - 00000000 ____D C:\ProgramData\Validity
2016-11-15 18:26 - 2016-09-14 05:23 - 00000000 __SHD C:\Users\Flo\IntelGraphicsProfiles
2016-11-15 18:26 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-11-15 18:16 - 2016-09-14 22:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-15 16:15 - 2016-10-10 18:46 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B8D6DBD2-655C-4443-A7A1-B8768FCBD1AF}
2016-11-15 12:05 - 2016-10-06 07:25 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-11-15 09:51 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-14 19:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-14 19:19 - 2016-09-14 22:37 - 00000000 ____D C:\Users\Flo
2016-11-14 19:07 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-14 18:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-13 22:56 - 2016-09-14 22:34 - 00000000 ____D C:\Program Files\Intel
2016-11-13 22:56 - 2016-07-10 11:03 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-11-13 22:56 - 2016-07-10 10:59 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-13 22:56 - 2016-07-10 10:57 - 00000000 ____D C:\ProgramData\Intel
2016-11-13 22:56 - 2016-07-10 10:57 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-13 22:51 - 2016-09-13 17:32 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-13 22:51 - 2016-09-13 17:32 - 00000898 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-12 15:00 - 2016-09-14 22:41 - 00003962 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-12 15:00 - 2016-09-14 22:41 - 00003730 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-12 13:16 - 2016-09-14 22:49 - 00000000 ____D C:\Users\Flo\AppData\Local\Packages
2016-11-11 16:25 - 2016-09-13 21:38 - 00000000 ____D C:\Users\Flo\AppData\Local\Google
2016-11-11 05:53 - 2016-09-23 04:02 - 00000000 ____D C:\Users\Flo\AppData\LocalLow\WebEx
2016-11-11 05:31 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 22:47 - 2016-09-15 06:56 - 00000000 ____D C:\Users\Flo\Citrix
2016-11-10 22:43 - 2016-09-13 21:39 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-10 15:58 - 2016-09-13 17:32 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-11-10 11:24 - 2016-10-15 23:46 - 00000000 ____D C:\ProgramData\BDLogging
2016-11-10 09:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Catroot2.old
2016-11-09 17:12 - 2016-09-14 22:41 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 17:07 - 2009-07-13 22:20 - 00000000 ____D C:\Users\Default.migrated
2016-11-09 10:03 - 2016-09-14 22:34 - 00340240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-09 10:03 - 2016-09-13 17:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-09 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 01:14 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 01:09 - 2016-09-14 16:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 01:05 - 2016-09-14 16:27 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-08 18:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-08 18:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-08 16:22 - 2016-10-02 18:47 - 00000000 ____D C:\Users\Flo\AppData\Local\Microsoft Help
2016-11-06 23:22 - 2016-09-13 20:04 - 00000000 ____D C:\Users\Flo\AppData\Roaming\RStudio
2016-11-06 23:22 - 2016-09-13 20:03 - 00000000 ____D C:\Users\Flo\AppData\Local\RStudio-Desktop
2016-11-06 18:05 - 2016-09-13 20:04 - 00000614 _____ C:\Users\Flo\Documents\.Rhistory
2016-11-06 15:03 - 2016-09-14 18:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 22:38 - 2016-10-06 07:24 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-11-03 10:33 - 2016-09-13 21:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-02 16:43 - 2016-07-10 11:01 - 00000000 ____D C:\Intel
2016-11-01 22:05 - 2016-09-14 22:34 - 00113672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-11-01 22:05 - 2016-07-28 00:27 - 00271368 _____ C:\WINDOWS\system32\igfxCPL.cpl
2016-11-01 22:05 - 2016-07-28 00:27 - 00113672 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2016-11-01 22:05 - 2016-07-28 00:27 - 00104464 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2016-11-01 22:05 - 2016-07-16 09:29 - 00104464 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2016-10-28 19:02 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-28 19:00 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-10-28 18:56 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 18:56 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 20:31 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-27 20:31 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-10-27 20:30 - 2016-07-16 06:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-27 08:37 - 2016-10-11 19:06 - 00000000 ____D C:\Users\Flo\Desktop\Lectures
2016-10-26 08:58 - 2016-09-13 17:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-25 22:33 - 2016-09-14 22:55 - 00000000 ____D C:\Users\Flo\AppData\Local\Comms
2016-10-25 17:19 - 2016-07-10 11:00 - 00923232 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2016-10-25 17:19 - 2016-07-10 11:00 - 00819808 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2016-10-25 17:19 - 2016-07-10 11:00 - 00296544 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2016-10-25 17:19 - 2016-07-10 11:00 - 00080992 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2016-10-20 20:35 - 2016-09-13 19:08 - 00000000 ____D C:\ProgramData\Oracle
2016-10-20 20:15 - 2016-10-10 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-20 20:15 - 2016-10-10 18:45 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-20 20:14 - 2016-10-10 18:45 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-10-19 17:21 - 2016-07-10 11:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-19 08:07 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

==================== Files in the root of some directories =======

2016-09-20 22:16 - 2016-09-20 22:16 - 0000218 _____ () C:\Users\Flo\AppData\Local\recently-used.xbel
2016-10-16 10:58 - 2016-10-16 10:58 - 0026830 _____ () C:\ProgramData\agent.1476633478.bdinstall.bin
2016-11-02 15:55 - 2016-11-02 15:55 - 0028749 _____ () C:\ProgramData\agent.1478120101.bdinstall.bin
2016-11-10 15:28 - 2016-11-10 15:28 - 0020434 _____ () C:\ProgramData\agent.1478809723.bdinstall.bin
2016-11-10 15:34 - 2016-11-10 15:34 - 0029179 _____ () C:\ProgramData\agent.1478810036.bdinstall.bin
2016-09-14 22:35 - 2016-09-14 22:35 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\CrInstHelper.dll
C:\Users\Flo\AppData\Local\Temp\del.EXE
C:\Users\Flo\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Flo\AppData\Local\Temp\libeay32.dll
C:\Users\Flo\AppData\Local\Temp\msvcr120.dll
C:\Users\Flo\AppData\Local\Temp\SCC.dll
C:\Users\Flo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-12 13:22

==================== End of FRST.txt ============================
         
--- --- ---

Alt 16.11.2016, 01:30   #11
the_clown
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Und hier nun die zweite Logfile, Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Flo (15-11-2016 19:27:02)
Running from C:\Users\Flo\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-15 03:49:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2505514951-2072466002-1266771838-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2505514951-2072466002-1266771838-503 - Limited - Disabled)
Flo (S-1-5-21-2505514951-2072466002-1266771838-1001 - Administrator - Enabled) => C:\Users\Flo
Guest (S-1-5-21-2505514951-2072466002-1266771838-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2505514951-2072466002-1266771838-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.2 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amazon Redshift ODBC Driver 64-bit (HKLM\...\{788C401A-726B-4CE7-8BC2-89FD7967A6ED}) (Version: 1.2.1 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{E287031B-230C-4127-AA44-598FA9CE3478}) (Version: 2.69.0 - Kovid Goyal)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{28425B7B-3C4A-4A12-94B1-A4B018CB7C39}) (Version: 4.3.01095 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.01095 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.01095 - Cisco Systems, Inc.) Hidden
Cisco AnyConnect Start Before Login Module (HKLM-x32\...\{78171889-02DB-4545-BCE5-997291076A43}) (Version: 4.3.01095 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.27.58 - Conexant)
Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 14.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.57.1 - Dropbox, Inc.) Hidden
f.lux (HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Integrated Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11196 - Realtek Semiconductor Corp.)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6C02A234-7A14-4737-9D89-B0C47A64F94E}) (Version: 6.0.52.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R)(patch version 18.1.1525.1421) (HKLM\...\{302600C1-6BDF-4FD1-1504-148929CC1385}) (Version: 18.1.1504.0518 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{755abcd0-2942-482b-a27d-22921a5849f0}) (Version: 3.0.14.3056 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{544ecb18-5d76-44bb-ac33-8d06719e39e7}) (Version: 19.20.0 - Intel Corporation)
ISS_Drivers_x64 (Version: 3.0.14.3056 - Intel Corporation) Hidden
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
IZArc 4.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.2 - Ivan Zahariev)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lenovo Active Protection System (Version: 1.81.00.07 - Lenovo) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.20 - Lenovo)
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.18.0 - Lenovo)
Lenovo On Screen Display (Version: 8.80.13 - Lenovo) Hidden
Lenovo Power Management Driver (Version: 1.67.12.16 - Lenovo) Hidden
Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.)
Lenovo Scaling Utility (Version: 3.10 - Lenovo) Hidden
Lenovo Settings - Power (x32 Version: 2.00.000 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0037 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
mIRC (HKLM-x32\...\mIRC) (Version: 7.46 - mIRC Co. Ltd.)
Mozilla Firefox 49.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 de)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MySQL Connector/ODBC 5.3 (HKLM\...\{17E48BE8-F0F8-42B6-82D3-7A5840694D79}) (Version: 5.3.6 - Oracle Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 13.0 - PlotSoft LLC)
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Prey Anti-Theft (x32 Version: 1.6.3 - Prey, Inc.) Hidden
psqlODBC_x64 (HKLM\...\{C0249921-2C35-47C1-83D8-8EABC438A96F}) (Version: 09.03.0400 - PostgreSQL Global Development Group)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 7.18.602.2015 - Realtek)
RStudio (HKLM-x32\...\RStudio) (Version: 0.99.903 - RStudio)
Skype Meetings App (HKLM-x32\...\{69A802E3-8264-43D0-B160-6D25CD7AFB1A}) (Version: 16.2.0.96 - Microsoft Corporation)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version:  - )
Synaptics WBF Fingerprint Reader Drivers (HKLM\...\{83FB3716-E9E5-454D-A020-88A019340639}) (Version: 5.0.87.6 - Synaptics Incroporated)
Tableau 10.0 (10000.16.1004.1720) (HKLM-x32\...\{aecfbd24-46fa-444a-ad83-d81d307979da}) (Version: 10.0.1354 - Tableau Software)
Tableau 10.0 (10000.16.1004.1720) (Version: 10.0.1354 - Tableau Software) Hidden
ThinkPad OneLink Plus Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.10.11 - Lenovo)
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.18.602.2015 - Lenovo)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Windows Driver Package - Lenovo 1.67.10.20 (08/06/2015 1.67.10.20) (HKLM\...\6FC04F7E6E5B13D46033821EF4DBEC1883D331B9) (Version: 08/06/2015 1.67.10.20 - Lenovo)
Zotero Standalone 4.0.29.10 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.29.10 (x86 en-US)) (Version: 4.0.29.10 - Zotero)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Flo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.96\GatewayActiveX-x64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Flo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2505514951-2072466002-1266771838-1001_Classes\CLSID\{FE2EC208-BECF-4E83-8BF4-E35DBA4EB6A1}\localserver32 -> C:\Users\Flo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.96\GatewayVersion-x64.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A2E5B0-0261-4FA9-8E7D-6D29F237F467} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {072DADC8-2BF8-452C-9B25-F6E61A619E8F} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {09B82FCC-B549-42EB-9191-9DEF44BEDCD7} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {09D69D3C-55E5-4403-ADFD-A006C40D9B03} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {0B262C91-C14F-42AA-88A3-A4500FA68EEE} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {213FA684-8118-4772-BEE0-2DB1716C8624} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {252B190A-1DC6-4277-9B76-23B26CB2D2F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)
Task: {2E5A7345-4A94-4D24-BDC6-F5ACA5C982F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {32018E5B-E4C4-4C3E-958F-B47AE006F34F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E5936DB-C1EA-4601-A135-BF6BAA8D1337} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {40588481-BF89-473B-9262-7A1A100B72AB} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-04-17] (Lenovo)
Task: {4463DBDC-281E-4EDA-826C-EE7DFF10083D} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe [2016-05-25] (Realtek Semiconductor Corp.)
Task: {44D052CA-E735-455B-9518-2684F2A3A5E1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {46CEFB92-86B3-4D06-99FB-5B8069E136BD} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {55BACBD3-6D27-4F87-A340-5EEB5EFC7865} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56C1878D-01EA-48E2-A4D3-0C59BACF0761} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {57FBBC1E-E92B-4F63-A91A-EE4A422FD05B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6148CFD1-28BC-4025-A84C-AC91AD1FE40B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {70486FAC-2C28-44A1-93CD-624F3809CB39} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {72C51BA9-B6C8-4CE3-AC43-5D2BFBB3D503} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7744D39F-F4DF-44F4-8956-E75F3A901AA4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {7AA8DBED-41C7-4824-9F16-AA941BCD3498} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8319A1CB-EAD9-4E2E-85C6-20746314E97D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {84C668A0-2A8A-4B50-B602-2F1ABBAAF5DE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {85EA8ED4-6E65-4371-BF08-8E6C8B4106FB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8BD47924-4F1B-4B84-8244-E07EF3E53122} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8E3D3F33-67F9-4362-AE9D-042AA9FB187B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9204417B-DBBE-485E-B63A-B7C83CD249DE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {921CB249-2FC9-404C-A171-81A99DE1E985} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9865BBFE-0007-4926-9412-F0D7C7819B0B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {99F9AF50-F538-43C8-9FB8-F4F63790520D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {9EBCF1DE-C9F1-48B8-9606-2D3CF10E7496} - \PMTask -> No File <==== ATTENTION
Task: {9F5934EB-3242-4AF8-A732-5EA94C830016} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AF75DE69-8E53-4046-B476-45AC0536CC38} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {B15C986D-A7E7-4869-98EB-482CAB82298B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {B3D5EA9C-4161-4D06-8A74-D25E6FD9347A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B3DF749A-221B-43A6-A597-84212868A352} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {B56AC725-C8D4-4E55-A06E-8A34044AC531} - System32\Tasks\TVT\LaunchFR => C:\Program Files (x86)\Lenovo\Factory Recovery\FRReminder.exe
Task: {B6AE0B2C-1018-4C03-B6DC-B75894009F21} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9490033-A99C-4996-B3DC-D2910450074D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BFB62013-C3FC-45D4-A64C-4A58A588A141} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {C24F63BC-9A15-4C83-AB1D-58D541BB72FC} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {C36F4E6F-FD18-407F-B3F9-FE2EBC7710C7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-18] (Microsoft Corporation)
Task: {C8D88663-7EBB-4B1F-AE66-747E7DAE4397} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {C8FE45E6-71B2-427C-836D-9A873533DD1D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CED67565-7E82-4BE4-AD0D-FE292E2869D0} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {D1B62E7F-B9E4-4CF0-9C3A-BE6C7CF43622} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {D219FF56-BA00-4E19-A131-13086E9B4131} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)
Task: {D2D578B2-F1B4-4743-9852-FC20BBDB0ED6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D55472F3-DC65-409E-B3FC-EDD46BD38CC3} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {D685AEAF-6BE6-4D9A-AF6D-A08B0DCB9259} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DAC55196-5CEF-4314-AB45-D2B9AB1160A5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DAFAC30D-54C1-421A-A3F5-BF7F28A31379} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {DE29511C-4FC0-4350-BAE0-E1DC40DB3A01} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-13] (Dropbox, Inc.)
Task: {DF6E1D4E-AC65-49AA-B93A-1C5CAD4FBEA3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E44DA060-68F4-408D-B43B-74F07CF9EA02} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {E5CA1373-3C63-4D16-B7CF-A1F323CE496C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EC211FDF-91A5-4BB8-A68E-C82DE0834920} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {EEFADA99-7C77-4338-B6D6-038D8A4CC2DB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2A81047-3E9F-46E5-B441-4E235A33F705} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F49CF4B5-6C71-4A3E-B808-F31E2367CFC0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F6866403-0D96-45F7-B8E3-F5D135E12AE5} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-09-10] ()
Task: {F75C7CC2-C4CD-47D8-B440-4BB5DB92FAF2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F777664F-FE95-4074-8BB9-CE1C251A0A9A} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {FBCB2B04-0B46-4549-812D-0A8E8DCBDE83} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {FE14F656-87F6-4CE6-9C52-6C4FE52CDBAF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-13] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 04:18 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 17:17 - 2016-10-05 17:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-18 09:39 - 2016-07-18 09:39 - 00154816 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-09-30 04:18 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-30 04:18 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-15 22:51 - 2016-09-15 22:51 - 01864384 _____ () C:\Users\Flo\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-09-22 16:17 - 2016-10-18 04:15 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-06 15:01 - 2016-11-06 15:02 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-06 15:01 - 2016-11-06 15:02 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-06 15:01 - 2016-11-06 15:02 - 41608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-10-04 18:34 - 2016-09-10 11:13 - 00028544 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2016-09-15 02:30 - 2016-09-15 02:30 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 21:20 - 2016-11-02 05:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-08 21:20 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 21:20 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 21:20 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 21:20 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 21:20 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-10 06:37 - 2016-07-10 06:37 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-07-10 11:07 - 2011-08-02 22:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2016-07-10 11:07 - 2011-08-02 22:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2016-08-31 20:57 - 2016-08-31 20:57 - 00899584 _____ () \\?\C:\Windows\Prey\versions\1.6.3\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2015-09-04 22:34 - 2015-09-04 22:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-09-15 23:58 - 2016-11-10 10:31 - 51776112 _____ () C:\Users\Flo\AppData\Roaming\Spotify\libcef.dll
2016-10-25 17:05 - 2016-11-10 10:31 - 00110192 _____ () C:\Users\Flo\AppData\Roaming\Spotify\SpotifyWinRT.dll
2016-09-15 23:58 - 2016-11-10 10:31 - 01803888 _____ () C:\Users\Flo\AppData\Roaming\Spotify\libglesv2.dll
2016-09-15 23:58 - 2016-11-10 10:31 - 00086128 _____ () C:\Users\Flo\AppData\Roaming\Spotify\libegl.dll
2016-09-22 16:17 - 2016-10-18 04:15 - 03593408 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\gfx.dll
2015-03-17 00:34 - 2015-03-17 00:34 - 00152064 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU
2016-09-22 16:16 - 2016-10-18 04:12 - 00154312 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Flo\Downloads\colorpicker.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Flo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2505514951-2072466002-1266771838-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{93CDAEC0-F81B-4340-8E3A-E9CAA08174BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7DF31B67-D96C-4796-B68E-C47A656449AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{44D6D3D2-98EC-498A-940A-E8AD110E26B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F9D659A-4F0B-45E5-9FE1-13341239E9C1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CB1B247-1B31-46D8-92AC-095AC147115A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4FCC2F7B-4466-45F1-B937-758F4E8F8566}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7EAE648-6319-418B-B91B-B66ED3949A16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{962988D2-FAA0-4825-80CA-3EBCD276E653}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{EB46C37E-E04B-46C7-98DA-49A11417422A}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{A4334999-CB02-48D0-B8CD-1D385ED7347E}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{AB7F8352-5303-4DCF-A893-FCABBD9596CA}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{F67C2CAD-967F-4880-9FF1-7E48042471CE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{895121DD-793C-49AC-9201-8E218F18B25C}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{BACEB615-2587-461B-99AC-7EDA0699A6CA}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{FC383FE7-2FA3-49B1-B983-CE45C48365B9}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F4F784E6-A8AF-451D-A633-7C316B9F490D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6B6E4A37-6D71-4536-8C9D-10B316D5BA19}] => (Allow) C:\Windows\Prey\versions\1.6.3\bin\node.exe
FirewallRules: [TCP Query User{363E28DC-B3DA-4BF6-B4BC-FB47407745B0}C:\users\flo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\flo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{141B226E-BF88-45F0-B6CA-534F55BC3641}C:\users\flo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\flo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B55AEAC8-5469-4407-B00A-99D8E9B65DFB}C:\users\flo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\flo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{340D84E5-21A0-434C-BFDE-B73B5D3461CC}C:\users\flo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\flo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AB485729-C09B-4C44-8E45-B3DD14437127}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{0FB2D479-7FEB-410B-8F6D-4CE7F541147B}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{F001202F-EAAF-4F2A-B4EE-D4C9F9879774}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{A9A7934B-B560-46D3-A513-BA58C0102942}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F35C27A2-863C-42E9-8E07-3F6271AF034B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-10-2016 20:19:10 Installed PDFill PDF Editor with FREE Writer and FREE Tools
02-11-2016 16:43:05 Windows Update
09-11-2016 01:05:24 Windows Update
13-11-2016 22:55:44 Intel® PROSet/Wireless Software
15-11-2016 18:31:03 JRT Pre-Junkware Removal
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2016 06:51:22 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\FLO-PC$ via https://IFX-KeyId-97e5d1cd8b0497c04b4655a869c8f30efa89388d.microsoftaik.azure.net/templates/Aik/scep failed:

SubmitDone
Submit(Request): Bad Request
{"Message":"No valid TPM EK/Platform cerificate provided in the TPM identity request message."}
Cache-Control: no-cache
Date: Tue, 15 Nov 2016 23:51:24 GMT
Pragma: no-cache
Content-Length: 95
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 3c8733fb-a182-486d-be81-56539721cc56
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: POST(1422ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (11/15/2016 06:31:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/15/2016 06:26:53 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\FLO-PC$ via https://IFX-KeyId-97e5d1cd8b0497c04b4655a869c8f30efa89388d.microsoftaik.azure.net/templates/Aik/scep failed:

SubmitDone
Submit(Request): Bad Request
{"Message":"No valid TPM EK/Platform cerificate provided in the TPM identity request message."}
Cache-Control: no-cache
Date: Tue, 15 Nov 2016 23:26:55 GMT
Pragma: no-cache
Content-Length: 95
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 1bc99ffc-2c97-489c-a7cc-ef72721ac968
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: POST(7297ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (11/15/2016 06:26:44 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0

Error: (11/15/2016 06:26:41 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0

Error: (11/15/2016 06:26:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0

Error: (11/15/2016 06:26:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0

Error: (11/15/2016 06:26:35 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
	(HRESULT : 0x80040210) (0x80040210)

Error: (11/15/2016 06:26:35 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
	(HRESULT : 0x80040210) (0x80040210)

Error: (11/15/2016 06:26:35 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
	(HRESULT : 0x80040210) (0x80040210)


System errors:
=============
Error: (11/15/2016 06:31:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lenovo Platform Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/15/2016 06:29:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d0a: Lenovo Companion.

Error: (11/15/2016 06:29:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d0a: Windows Voice Recorder.

Error: (11/15/2016 06:26:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/15/2016 06:26:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/15/2016 06:25:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/15/2016 06:25:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Update service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/15/2016 06:25:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/15/2016 06:25:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Message Queuing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/15/2016 06:25:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant SmartAudio service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2016-09-14 23:35:40.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-14 23:35:40.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-14 23:35:40.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-14 23:35:40.515
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 49%
Total physical RAM: 8075.11 MB
Available physical RAM: 4114.14 MB
Total Virtual: 16267.11 MB
Available Virtual: 12077.94 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:224.94 GB) (Free:91.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:12.84 GB) (Free:2.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: DE637FF4)

Partition: GPT.

==================== End of Addition.txt ============================
         

Alt 16.11.2016, 01:57   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {56C1878D-01EA-48E2-A4D3-0C59BACF0761} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {57FBBC1E-E92B-4F63-A91A-EE4A422FD05B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9EBCF1DE-C9F1-48B8-9606-2D3CF10E7496} - \PMTask -> No File <==== ATTENTION
Task: {B6AE0B2C-1018-4C03-B6DC-B75894009F21} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C8FE45E6-71B2-427C-836D-9A873533DD1D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D2D578B2-F1B4-4743-9852-FC20BBDB0ED6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DAC55196-5CEF-4314-AB45-D2B9AB1160A5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DAFAC30D-54C1-421A-A3F5-BF7F28A31379} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E5CA1373-3C63-4D16-B7CF-A1F323CE496C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F2A81047-3E9F-46E5-B441-4E235A33F705} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2016, 02:08   #13
the_clown
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Inhalt der Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Flo (15-11-2016 20:07:15) Run:1
Running from C:\Users\Flo\Downloads
Loaded Profiles: Flo (Available Profiles: Flo & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task {56C1878D-01EA-48E2-A4D3-0C59BACF0761} - MicrosoftWindowsSetupGWXTriggersLogon-5d - No File ==== ATTENTION
Task {57FBBC1E-E92B-4F63-A91A-EE4A422FD05B} - MicrosoftWindowsSetupGWXTriggersOutOfIdle-5d - No File ==== ATTENTION
Task {9EBCF1DE-C9F1-48B8-9606-2D3CF10E7496} - PMTask - No File ==== ATTENTION
Task {B6AE0B2C-1018-4C03-B6DC-B75894009F21} - MicrosoftWindowsSetupgwxlaunchtrayprocess - No File ==== ATTENTION
Task {C8FE45E6-71B2-427C-836D-9A873533DD1D} - MicrosoftWindowsSetupGWXTriggersrefreshgwxconfig-B - No File ==== ATTENTION
Task {D2D578B2-F1B4-4743-9852-FC20BBDB0ED6} - MicrosoftWindowsSetupGWXTriggersOutOfSleep-5d - No File ==== ATTENTION
Task {DAC55196-5CEF-4314-AB45-D2B9AB1160A5} - MicrosoftWindowsSetupGWXTriggersMachineUnlock-5d - No File ==== ATTENTION
Task {DAFAC30D-54C1-421A-A3F5-BF7F28A31379} - OfficeSoftwareProtectionPlatformSvcRestartTask - No File ==== ATTENTION
Task {E5CA1373-3C63-4D16-B7CF-A1F323CE496C} - MicrosoftWindowsSetupGWXTriggersTime-5d - No File ==== ATTENTION
Task {F2A81047-3E9F-46E5-B441-4E235A33F705} - MicrosoftWindowsSetupgwxrefreshgwxconfig - No File ==== ATTENTION
emptytemp
         
*****************

Task {56C1878D-01EA-48E2-A4D3-0C59BACF0761} - MicrosoftWindowsSetupGWXTriggersLogon-5d - No File ==== ATTENTION => Error: No automatic fix found for this entry.
Task {57FBBC1E-E92B-4F63-A91A-EE4A422FD05B} - MicrosoftWindowsSetupGWXTriggersOutOfIdle-5d - No File ==== ATTENTION => Error: No automatic fix found for this entry.
Task {9EBCF1DE-C9F1-48B8-9606-2D3CF10E7496} - PMTask - No File ==== ATTENTION => Error: No automatic fix found for this entry.
Task {B6AE0B2C-1018-4C03-B6DC-B75894009F21} - MicrosoftWindowsSetupgwxlaunchtrayprocess - No File ==== ATTENTION => Error: No automatic fix found for this entry.
Task {C8FE45E6-71B2-427C-836D-9A873533DD1D} - MicrosoftWindowsSetupGWXTriggersrefreshgwxconfig-B - No File ==== ATTENTION => Error: No automatic fix found for this entry.
Task {D2D578B2-F1B4-4743-9852-FC20BBDB0ED6} - MicrosoftWindowsSetupGWXTriggersOutOfSleep-5d - No File ==== ATTENTION => Error: No automatic fix found for this entry.
Task {DAC55196-5CEF-4314-AB45-D2B9AB1160A5} - MicrosoftWindowsSetupGWXTriggersMachineUnlock-5d - No File ==== ATTENTION => Error: No automatic fix found for this entry.
Task {DAFAC30D-54C1-421A-A3F5-BF7F28A31379} - OfficeSoftwareProtectionPlatformSvcRestartTask - No File ==== ATTENTION => Error: No automatic fix found for this entry.
Task {E5CA1373-3C63-4D16-B7CF-A1F323CE496C} - MicrosoftWindowsSetupGWXTriggersTime-5d - No File ==== ATTENTION => Error: No automatic fix found for this entry.
Task {F2A81047-3E9F-46E5-B441-4E235A33F705} - MicrosoftWindowsSetupgwxrefreshgwxconfig - No File ==== ATTENTION => Error: No automatic fix found for this entry.
emptytemp => Error: No automatic fix found for this entry.

==== End of Fixlog 20:07:15 ====
         

Alt 16.11.2016, 02:17   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: MBAM

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: ESET

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2016, 03:42   #15
the_clown
 
Windows Firewall schaltet sich ab, diverse weitere Probleme - Standard

Windows Firewall schaltet sich ab, diverse weitere Probleme



Alles klar, hier kommen die drei Logs:


MBAM:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 11/15/2016
Scan Time: 20:20
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.15.15
Rootkit Database: v2016.10.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Flo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350465
Time Elapsed: 5 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         

ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fe1bfbf5dda1874bb4e03342a40470df
# end=init
# utc_time=2016-11-16 01:28:04
# local_time=2016-11-15 08:28:04 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 31423
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fe1bfbf5dda1874bb4e03342a40470df
# end=updated
# utc_time=2016-11-16 01:31:11
# local_time=2016-11-15 08:31:11 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=fe1bfbf5dda1874bb4e03342a40470df
# engine=31423
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-11-16 02:36:22
# local_time=2016-11-15 09:36:22 (-0500, Eastern Standard Time)
# country="United States"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 9672798 0 0
# scanned=360135
# found=0
# cleaned=0
# scan_time=3910
         
Und der SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 111  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	23.0.0.207  
 Mozilla Firefox (49.0.2) 
 Google Chrome (54.0.2840.87) 
 Google Chrome (54.0.2840.99) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender msascuil.exe   
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Antwort

Themen zu Windows Firewall schaltet sich ab, diverse weitere Probleme
adapter, beendet, computer, diverse, einstellungen, firewall, funktioniert, funktioniert nicht, gekauft, hallo zusammen, hilfreiche, installiert, internet, neustart, nicht mehr, passwort, problem, probleme, router, start, systemdateien, verbindung, win, windows, windows firewall



Ähnliche Themen: Windows Firewall schaltet sich ab, diverse weitere Probleme


  1. Firewall schaltet sich immer selbstständig aus
    Alles rund um Windows - 08.10.2016 (18)
  2. Win 7: Firewall lässt sich nicht mehr aktivieren, diverse weitere Probleme, Verdacht auf Befall von Schadsoftware
    Log-Analyse und Auswertung - 03.04.2016 (1)
  3. Windows Firewall schaltet schaltet sich manchmal aus
    Plagegeister aller Art und deren Bekämpfung - 08.02.2016 (7)
  4. PC fährt von alleine hoch. Firewall schaltet sich automatisch ab
    Plagegeister aller Art und deren Bekämpfung - 24.05.2015 (16)
  5. Diverse Probleme mit Windows
    Log-Analyse und Auswertung - 25.01.2013 (5)
  6. Firewall schaltet sich aus, vermute Trojaner, weiss aber nicht wie ich ihn finde
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (5)
  7. Taskleistendesign ändert sich automatisch und diverse andere Probleme nach Spywareattacke.
    Log-Analyse und Auswertung - 17.04.2011 (3)
  8. Pc schaltet sich ab, Bluescreen und dauerhaft Probleme
    Log-Analyse und Auswertung - 21.02.2011 (7)
  9. Windows Firewall schaltet sich automatisch ab.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (1)
  10. Lenovo S10e Windows XP fährt sich ständig in Standby oder schaltet sich aus
    Alles rund um Windows - 16.10.2010 (3)
  11. Anitvir lässt sich nicht öffnen und viele weitere Probleme
    Log-Analyse und Auswertung - 26.01.2010 (1)
  12. Firewall schaltet sich ab, firefox öffnet keine google sites mehr, antivir update
    Antiviren-, Firewall- und andere Schutzprogramme - 23.03.2009 (6)
  13. Wieso schaltet sich meine Firewall ständig alleine aus?
    Antiviren-, Firewall- und andere Schutzprogramme - 20.12.2008 (8)
  14. Firewall schaltet sich ab, Firefox / I-net explorer öffnen sich
    Log-Analyse und Auswertung - 17.12.2008 (0)
  15. Diverse Probleme mit Windows, IE, Firefox und Co..
    Plagegeister aller Art und deren Bekämpfung - 14.09.2007 (7)
  16. WIN XP Firewall schaltet sich aus beim Start.
    Antiviren-, Firewall- und andere Schutzprogramme - 14.09.2005 (4)
  17. xp firewall schaltet sich nach neustart des rechners ab
    Log-Analyse und Auswertung - 13.08.2005 (3)

Zum Thema Windows Firewall schaltet sich ab, diverse weitere Probleme - Hallo zusammen! Ich habe mir Anfang September ein Lenovo X1 Carbon gekauft, und von Win8 auf Win10 upgegraded. Seit ca. 2 Wochen treten einige Seltsamkeiten auf: - Nach dem Start - Windows Firewall schaltet sich ab, diverse weitere Probleme...
Archiv
Du betrachtest: Windows Firewall schaltet sich ab, diverse weitere Probleme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.