It's like a popup but...

**jmarket** · 06-10-2017, 01:13 AM

RogueKiller V12.11.1.0 (x64) [Jun 4 2017] (Free) by Adlice Software
mail : Support Form | Contact • Adlice Software
Feedback : https://forum.adlice.com
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Doneff Family [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete – Date : 06/09/2017 20:48:23 (Duration : 00:19:18)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0 234331496953170mcinstcleanup (C:\WINDOWS\TEMP\023433~1.EXE -cleanup -nolog) → Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main | Start Page : MSN → Replaced ( MSN )
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main | Start Page : MSN → Replaced ( MSN )

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Tr.Gen][Folder] C:\Program Files\update → Removed at reboot [91]
[Tr.Gen][File] C:\Program Files\update\msvcm90.dll → Deleted
[Tr.Gen][File] C:\Program Files\update\msvcp90.dll → Deleted
[Tr.Gen][File] C:\Program Files\update\msvcr90.dll → Deleted
[Tr.Gen][File] C:\Program Files\update\reaper.dll → Deleted
[Tr.Gen][File] C:\Program Files\update\run.bat → Deleted
[Tr.Gen][File] C:\Program Files\update\ua.log → Removed at reboot [20]
[Tr.Gen][File] C:\Program Files\update\UpdateAgent.exe → Removed at reboot [5]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [ http://www.4loot.com/ ] → Deleted
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [ http://www.forsyth.cc/library/|http://co-davidson-nc.beta.libguides.com/lexingtonpubliclibrary ] → Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1ER162 +++++
— User —
[MBR] ce72b05d37d96c5a7c152999e6eaedf1
[BSP] 62b7f321b219208eac246c5e77b206b7 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 921260 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1887537152 | Size: 1000 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1889585152 | Size: 30720 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1952499712 | Size: 500 MB
User = LL1 … OK
User = LL2 … OK

+++++ PhysicalDrive1: SAMSUNG SV0602H USB Device +++++
— User —
[MBR] d6f4c328bfe13e036b6e0982f8a5c63f
[BSP] a41170e66910ca5b7ad7aff948443128 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 57275 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 … OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

**jmarket** · 06-10-2017, 01:21 AM

Code:

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Doneff Family (Administrator) on Fri 06/09/2017 at 21:14:57.67

File System: 0

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run \GoogleChromeAutoLaunch_DDF34A59040FF57D719F4EF1CA 2787C3 (Registry Value)

Code:

Scan was completed on Fri 06/09/2017 at 21:20:40.64
End of JRT log

**jmarket** · 06-10-2017, 01:47 AM

[HEADING=1]AdwCleaner v6.047 - Logfile created 09/06/2017 at 21:30:11[/HEADING]
[HEADING=1]Updated on 19/05/2017 by Malwarebytes[/HEADING]
[HEADING=1]Database : 2017-06-10.1 [Server][/HEADING]
[HEADING=1]Operating System : Windows 10 Home (X64)[/HEADING]
[HEADING=1]Username : Doneff Family - DESKTOP-DOB72OG[/HEADING]
[HEADING=1]Running from : C:\Users\Doneff Family\Desktop\adwcleaner_6.047.exe[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]Support : Malwarebytes Help Center[/HEADING]
***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File deleted: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.cmptch.com_0.localstorage
[-] File deleted: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.cmptch.com_0.localstorage-journal
[-] File deleted: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localsto rage
[-] File deleted: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localsto rage-journal

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: literaturepage.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: search.yahoo.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: search.conduit.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: ask.com

:: “Tracing” keys deleted
:: Winsock settings cleared

C:\AdwCleaner\AdwCleaner[C0].txt - [2988 Bytes] - [09/06/2017 21:30:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [3395 Bytes] - [09/06/2017 21:25:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3134 Bytes] ##########

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/9/17
Scan Time: 9:37 PM
Log File: malwarebytes scan results.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2126
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-DOB72OG\Doneff Family

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365845
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 7 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

**Malnutrition** · 06-10-2017, 09:42 AM

Originally posted by GamerGirl74

Other than my games and antivirus, which ones should I reinstall?

These, the rest is up to you.

CCleaner
NVIDIA Graphics Driver 376.54 NVIDIA Corporation 376.54
NVIDIA HD Audio Driver 1.3.34.17 NVIDIA Corporation 1.3.34.17
PrivaZer Goversoft LLC 3.0.22.0

ZHP Diag Fix.

ZHP Fix [MEDIA=imgur]4bd9Ugb[/MEDIA]
[ul]
[li]Disable your antivirus prior to this fix![/li]
[li]Download ZHP-Fix from here.[/li][li]UnZip it to your desktop – Tool Here if needed… 7-Zip[/li]
[li]Install it.[/li][li]Click Suivant 5 Times.[/li][li]Then Installer.[/li][li]Then Terminer.[/li][li]Then right clcick the ZHP Fix icon Run as admin.[/li][li]Copy the entire content of the code box below, the next step will grab it from your clipboard.[/li]
[li]Then click on import.[/li][li]Then click GO.[/li][li]If you see any Prompts like the one below, select Oui. = Yes in French. [/li]
[li]https://pchelpforum.net/attachments/...7-40-png.2248/ [/li]
[li]Allow completion.[/li][li]A log file will appear on your desktop. [/li]
[li]Post it here in your next reply.[/li][/ul]

[ICODE]Script ZhpFix SysRestore EmptyFlash ProxyFix EmptyCLSID O23 - Service: McAfee Application Installer Cleanup (0234331496953170) (0234331496953170mcinstcleanup) . (...) - C:\WINDOWS\TEMP\023433~1.EXE (.not file.) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated® O23 - Service: Update Agent (UpdateAgentService) . (.Copyright (C) 2015 - UpdateAgent Application.) - C:\Program Files\update\UpdateAgent.exe =>.LENOVO® C:\Program Files\update SS - Demand [08/06/2017] [ 271864] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\syswow64\Macromed\Flash\FlashPlayerUpda teService.exe =>.Adobe Systems Incorporated® O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater [4412] =>.Adobe Systems Incorporated® O39 - APT: Unknown - (.Microsoft Corporation.) -- C:\WINDOWS\System32\Tasks\OFFICE2013ACT [2740] =>.Microsoft Corporation O39 - APT: Unknown - (.Microsoft Corporation.) -- C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 [3306] =>.Microsoft Corporation G0 - GCSP: Preferences [User Data\Default][HomePage] http://app.standsapp.org G0 - GCSP: Preferences [User Data\Default][HomePage] http://cdnjs.cloudflare.com G0 - GCSP: Preferences [User Data\Default][HomePage] http://connect.facebook.net =>.Facebook G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.googleapis.com =>.Google Inc. G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.gstatic.com =>.Google Inc. G0 - GCSP: Preferences [User Data\Default][HomePage] http://nicolascoolman.eu =>.Nicolas Coolman G0 - GCSP: Preferences [User Data\Default][HomePage] http://stands-app G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc. G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.paypalobjects.com G2 - GCE: Preference [User Data\Default] [nmkinhboiljjkhaknpaeaicmdjhagpep] F.B.(FluffBusting)Purity G2 - GCE: Preference [User Data\Default] [pifnaclcibjejklkfjegfcbagcdkidim] Gir Theme G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc. O42 - Logiciel: Intel® Security Assist - (.Intel Corporation.) [HKLM][64Bits] -- {4B230374-6475-4A73-BA6E-41015E9C5013} =>.Intel Corporation O42 - Logiciel: Lenovo Experience Improvement - (.Lenovo.) [HKLM][64Bits] -- LenovoExperienceImprovement =>.LENOVO® HKCU\SOFTWARE\Chromium =>.Chromium O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\mcafee =>.McAfee O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\mcafee.com =>.McAfee Inc. O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\update =>.Unknown O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\McAfee =>.McAfee O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\McAfee =>.McAfee O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files\McAfee =>.McAfee O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation C:\WINDOWS\system32\dmwappushsvc.dll C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.loca lstorage =>.Superfluous.CloudfrontNet C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.loca lstorage-journal =>.Superfluous.CloudfrontNet O43 - CFD: 11/08/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\TianTianData HKLM\SOFTWARE\Wow6432Node\kpzs EmptyTemp [/ICODE]

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

Once you have started the program, you will need to click the scanner button.

[IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

Adware Removal Tool Scan.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

[MEDIA=imgur]LOr0Gd7[/MEDIA]

Hit Ok.

[MEDIA=imgur]sYFsqHx[/MEDIA]

Hit next make sure to leave all items checked, for removal.

[MEDIA=imgur]8NcZjGc[/MEDIA]

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]

**jmarket** · 06-10-2017, 09:06 PM

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d’export Registre :
Run by Doneff Family at 6/10/2017 4:37:22 PM
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (15063)

Recycle Bin emptied (15mn AMs)

========== Memory modules ==========
REMOVES Reboot: Memory Module: C:\WINDOWS\system32\dmwappushsvc.dll

========== Registry keys ==========
REMOVES: Service: AdobeARMservice
REMOVES: Service: UpdateAgentService
REMOVES: HKCU\SOFTWARE\Chromium
REMOVES: Services Svchost: dmwappushservice

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Preferences browser ==========
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://app.standsapp.org
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://cdnjs.cloudflare.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://connect.facebook.net
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://fonts.googleapis.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://fonts.gstatic.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://nicolascoolman.eu
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://stands-app
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.facebook.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.google-analytics.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.paypalobjects.com
REMOVES Folder Chrome: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifnaclcibjejklkfjegfcbagc dkidim
REMOVES Folder Chrome: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm

========== Folders ==========
No folders empty CLSID Local user
REMOVES: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifnaclcibjejklkfjegfcbagc dkidim
REMOVES: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm
REMOVES: C:\Program Files\mcafee
REMOVES: C:\Program Files\mcafee.com
REMOVES: C:\Program Files (x86)\McAfee
REMOVES: C:\ProgramData\McAfee
REMOVES: C:\Program Files (x86)\Common Files\McAfee
Deletes temporary Windows (0)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
REMOVES Reboot: c:\windows\system32\tasks\adobe flash player updater
REMOVES Reboot: c:\windows\system32\tasks\office2013act
REMOVES Reboot: c:\windows\system32\tasks\onedrive standalone update task v2
Deletes temporary Windows (0) (0 octets)

========== System restore ==========
The system successfully created restore point

========== Summary ==========
1 : Memory modules
4 : Registry keys
6 : Registry values
9 : Folders
6 : Files
22 : Preferences browser
1 : System restore

End of clean in 11mn AMs

========== Path to file report ==========
C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPFix[R1].txt - 6/10/2017 4:42:37 PM [3848]

~ ZHPCleaner v2017.6.10.96 by Nicolas Coolman (2017/06/10)
~ Run by Doneff Family (Administrator) (10/06/2017 16:51:42)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : ZHP
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Doneff Family\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 15063)

—\ Services (0)
~ No malicious or unnecessary items found.

—\ Browser internet (0)
~ No malicious or unnecessary items found.

—\ Hosts file (1)
~ The hosts file is legitimate (60)

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

—\ Explorer ( File, Folder) (6)
MOVED file: C:\Windows\Installer\wix{7D84E343-A23D-451C-B123-0195B2D903A6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI267E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI28F1.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI8E0.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI98D.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF8DA.tmp- =>.Superfluous.Empty

—\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.

—\ Summary of the elements found (1)
Logiciels Potentiellement Superflus (LPS). - ZAM =>.Superfluous.Empty

—\ Other deletions. (19)
~ Registry Keys Tracing deleted (19)
~ Remove the old reports ZHPCleaner. (0)

—\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)

—\ Statistics
~ Items scanned : 498
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 6

~ End of clean in 00h00mn02s
~====================
ZHPCleaner-[R]-10062017-16_51_44.txt
ZHPCleaner-[S]-10062017-16_50_56.txt

[/S]

Adware Removal Tool 5.1
Time: 2017_06_10_16_52_19
OS: Windows 10 Home - x64 Bit
Account Name: Doneff Family
Adware Definition: 06102017
Elapsed time: 06:51
Repair Status:- Automatic Done
\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\

[-] Deleted ->> File ->> C:\Users\Doneff Family\Appdata\Local\Google\Chrome\User Data\Profile 1\Extensions\bonccgihhlgaimmpbjfciihkgkoaplkb\0.63 4.10.28842_0\shared\MindsparkGlobal.js

[-] Deleted ->> File ->> C:\Users\Doneff Family\Appdata\Local\Google\Chrome\User Data\Profile 1\Extensions\bonccgihhlgaimmpbjfciihkgkoaplkb\0.63 4.10.28842_0\shared\MindsparkGlobal.unitTest.js

[-] Repaired ->> File ->> C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data

[-] Repaired ->> File ->> C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences

SecurityCheck by glax24 & Severnyj v.1.4.0.50 [06.06.17]
WebSite: www.safezone.cc
DateLog: 10.06.2017 17:01:53
Path starting: C:\Users\Doneff Family\AppData\Local\Temp\SecurityCheck\SecurityCh eck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: Doneff Family
VersionXML: 4.35is-08.06.2017

Windows 10(6.3.15063) (x64) Core Release: 1703 Lang: English(0409)
Installation date OS: 08.06.2017 20:16:25
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_SubTrial5 edition Windows is in Notification mode
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [899.7 Gb] Used: [131.6 Gb] Free: [768.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.296.15063.0 [+]
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4693.1005
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (disabled and out of date)
Windows Defender (disabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Avast Antivirus (disabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
Avast Antivirus (disabled and out of date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Internet Security v.17.4.2294
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.1.2.1733 v.3.1.2.1733
VoodooShield version 3.59 v.3.59
Unchecky v1.0.2 v.1.0.2
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 17.00 beta (x64) v.17.00 beta [+]
Microsoft Silverlight v.5.1.50906.0
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 25 PPAPI v.25.0.0.171
Adobe Reader X (10.1.16) MUI v.10.1.16 Warning! This software is no longer supported. Please uninstall it and use Adobe Reader XI or Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.59.0.3071.86
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.17.4.3482.0
aswbIDSAgent (aswbIDSAgent) - The service has stopped
C:\Program Files\AVAST Software\Avast\AvastUI.exe v.17.4.3482.0
C:\Program Files\AVAST Software\Avast\afwServ.exe v.17.4.3482.0
Avast Firewall Service (avast! Firewall) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1068
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.479
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0
Windows Defender Antivirus Service (WinDefend) - The service has stopped
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------

Adware Removal Tool 5.1
Time: 2017_06_10_16_52_19
OS: Windows 10 Home - x64 Bit
Account Name: Doneff Family
Adware Definition: 06102017
Elapsed time: 06:51
Scan Status:- Automatic Done

\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\

File Found : PUP.MindSpark : C:\Users\Doneff Family\Appdata\Local\Google\Chrome\User Data\Profile 1\Extensions\bonccgihhlgaimmpbjfciihkgkoaplkb\0.63 4.10.28842_0\shared\MindsparkGlobal.js
File Found : PUP.MindSpark : C:\Users\Doneff Family\Appdata\Local\Google\Chrome\User Data\Profile 1\Extensions\bonccgihhlgaimmpbjfciihkgkoaplkb\0.63 4.10.28842_0\shared\MindsparkGlobal.unitTest.js
Browser: Chrome Found : Adware.Conduit : C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data
Browser: Chrome Found : Adware.ask.com : C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences

**Malnutrition** · 06-11-2017, 04:04 AM

How’s the machine running now? Can you also post a set of Frst logs. And a new hijack this log please.

**jmarket** · 06-11-2017, 06:23 AM

I don’t think I have a program that will create a Frst log, but I’ll post a Hijack This log. So far it’s running good. I’m hoping nothing else happens to it.

**jmarket** · 06-11-2017, 06:24 AM

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform: x64 Windows 10 (Home), 10.0.15063 (ReleaseId: 1703), Service Pack: 0
Time: 11.06.2017 - 02:24
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: Doneff Family (group: Administrator) on DESKTOP-DOB72OG

Chrome: 59.0.3071.86
Edge: 11.0.15063.250
Internet Explorer: 11.0.15063.0

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
7 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
1 C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
1 C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
1 C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
1 C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
1 C:\Program Files (x86)\Steam\Steam.exe
1 C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\afwServ.exe
1 C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
1 C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
1 C:\Program Files\Lenovo\QuickOptimizer\QuickOptimizerIcon.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\VoodooShield\VoodooShieldService.exe
1 C:\Program Files\Windows Defender\MSASCuiL.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.100 1.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe
1 C:\Users\Doneff Family\Desktop\Toolbox\HiJackThis\HiJackThis.exe
1 C:\Users\Doneff Family\Desktop\Toolbox\HiJackThis\MemCompression
1 C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SystemSettingsBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
2 C:\Windows\System32\nvvsvc.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
67 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
1 C:\Windows\jmesoft\JME_LOAD.exe
1 C:\Windows\jmesoft\Service.exe
1 C:\Windows\jmesoft\hotkey.exe
1 C:\Windows\syswow64\UMonit64.exe
1 C:\Windows\syswow64\ctfmon.exe

R4 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes: DefaultScope = {D79BB3A3-DB24-49D3-A463-680951CD61C4} - Bing - Search - Microsoft Bing {searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
R4 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes{D79BB3A3-DB24-49D3-A463-680951CD61C4} - Bing - Search - Microsoft Bing {searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
O1 - Hosts: Reset contents to default
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 api.recommendedsw.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 0.0.0.0 cdn.solimba.com
O1 - Hosts: 0.0.0.0 cdn.tuto4pc.com
O1 - Hosts: 0.0.0.0 cdn.appround.biz
O1 - Hosts: 0.0.0.0 cdn.bigspeedpro.com
O1 - Hosts: 0.0.0.0 cdn.bispd.com
O1 - Hosts: 0.0.0.0 cdn.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.cdndp.com
O1 - Hosts: 0.0.0.0 cdn.download.sweetpacks.com
O1 - Hosts: 0.0.0.0 cdn.dpdownload.com
O1 - Hosts: 0.0.0.0 cdn.visualbee.net
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_DDF34A59040FF57D719F4EF1CA2 787C3] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5
O4 - HKCU..\Run: [OneDrive] C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe /background
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe “C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe” 60
O4 - HKLM..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM..\Run: [UMonit] C:\Windows\SysWOW64\UMonit64.exe
O4 - HKLM..\Run: [VoodooShield] C:\Program Files\VoodooShield\VoodooShield.exe
O4 - HKLM..\StartupApproved\Run32: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM..\StartupApproved\Run32: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
O4 - HKLM..\StartupApproved\Run32: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe “C:\Program Files (x86)\Lenovo\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”
O4 - HKLM..\StartupApproved\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM..\StartupApproved\Run: [RtHDVBg_LENOVO_MICPKEY] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /LENOVO_MICPKEY
O4 - HKLM..\StartupApproved\Run: [SecurityHealth] C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4-32 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe
O4-32 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O17 - DHCP DNS - 1: 209.18.47.61
O17 - DHCP DNS - 2: 209.18.47.62
O22 - Task (Disabled): \Lenovo\Experience Improvement - C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienc eImprovement.exe
O22 - Task (Disabled): \Microsoft\Windows\Subscription\LicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe
O22 - Task (Disabled): \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - C:\WINDOWS\system32\usoclient.exe ScanInstallWait
O22 - Task (Ready): Adobe Flash Player PPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_ 0_0_171_pepper.exe -check pepperplugin
O22 - Task (Ready): Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O22 - Task (Ready): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task (Ready): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (Ready): OFFICE2013ACT - C:\ProgramData\Office2013\OFFICEICON.vbs
O22 - Task (Ready): PrivaZer_SkipUAC - C:\Program Files (x86)\PrivaZer\PrivaZer.exe $(Arg0)
O22 - Task (Ready): SafeZone scheduled Autoupdate 1496953941 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance - C:\WINDOWS\system32\sc.exe control iMControllerService 128
O22 - Task (Ready): \Lenovo\ImController\Plugins\LenovoSystemUpdatePlu gin_TVSUUpdateTask - C:\WINDOWS\system32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
O22 - Task (Ready): \Lenovo\LSC\LSCHardwareScan - C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe -diag HWScan
O22 - Task (Ready): \Lenovo\LSC\Lenovo Solution Center Notifications - C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe /show
O22 - Task (Ready): \Lenovo\Lenovo Customer Feedback Program 64 35 - C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
O22 - Task (Ready): \Lenovo\Lenovo Solution Center Launcher - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe UpdateStatus
O22 - Task (Ready): \Lenovo\REACHit Agent Startup - C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe /nobrowser
O22 - Task (Ready): \Lenovo\REACHit Agent Update - C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe -update
O22 - Task (Ready): \Lenovo\SHPrompt - C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe
O22 - Task (Ready): \Lenovo\SHUpdate - C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe -runInBackground -tryTillSuccess
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\compattelrunner.exe
O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\WINDOWS\system32\compattelrunner.exe -maintenance
O22 - Task (Ready): \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegi strationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file)
O22 - Task (Ready): \Microsoft\Windows\DeviceDirectoryClient\RegisterD eviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP App Launch Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},AppLaunch - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Auth Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},ReAuth - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},MissingCredentials - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\StorageCardEncryption Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},SDCardEncryptionPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Cellula r - C:\WINDOWS\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Logon - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source LogonIdleTask
O22 - Task (Ready): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Ar g4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll
O22 - Task (Ready): \Microsoft\Windows\PLA\LSC Memory - C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost “LSC Memory” “$(Arg0)”
O22 - Task (Ready): \Microsoft\Windows\Subscription\EnableLicenseAcqui sition - C:\WINDOWS\system32\ClipRenew.exe -e
O22 - Task (Ready): \Microsoft\Windows\WwanSvc\NotificationTask - C:\WINDOWS\System32\WiFiTask.exe wwan
O22 - Task (Running): PDVDServ12 Task - C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
O22 - Task (Running): \Lenovo\QuickOptimizer - C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Avast Firewall Service - (avast! Firewall) - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service R2: FastbootService - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: JME Keyboard Driver - (JME Keyboard) - C:\Windows\jmesoft\Service.exe
O23 - Service R2: LenovoPortalService - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: NVIDIA Display Driver Service - (nvsvc) - C:\Windows\system32\nvvsvc.exe
O23 - Service R2: Unchecky - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service R2: VoodooShieldService - C:\Program Files\VoodooShield\VoodooShieldService.exe
O23 - Service R3: Intel(R) Security Assist - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S2: Intel(R) Rapid Storage Technology - (IAStorDataMgrSvc) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service S2: Intel(R) Security Assist Helper - (isaHelperSvc) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service S2: System Interface Foundation Service - (ImControllerService) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service S3: Lenovo Solution Center System Service - (LSC.Services.SystemService) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe
O23 - Service S3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S3: Windows Defender Antivirus Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe

–
End of file - Time spent: 13 sec. - 33188 bytes, CRC32: FFFFFFFF. Sign: 骱皜

**Malnutrition** · 06-11-2017, 07:09 AM

If you look at the link in my signature you will find the prework that will contain the instructions for the frst program. I had you run that in your first thread as well. Sorry I’m on my phone and not able to post any link for it.

**Malnutrition** · 06-11-2017, 07:14 AM

Never mind here is the link which contains instructions https://pchelpforum.net/t/prework-pl...posting.11235/

**jmarket** · 06-11-2017, 07:54 AM

Thanks, I remember the program now. Here are the files you requested:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-06-2017
Ran by Doneff Family (administrator) on DESKTOP-DOB72OG (11-06-2017 03:51:02)
Running from C:\Users\Doneff Family\Desktop
Loaded Profiles: Doneff Family (Available Profiles: Doneff Family)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Windows\jmesoft\Service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
() C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Program Files\Lenovo\QuickOptimizer\QuickOptimizerIcon.exe
() C:\Windows\syswow64\UMonit64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShieldService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.100 1.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412952 2015-09-30] (Realtek Semiconductor)
HKLM...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1413384 2015-09-30] (Realtek Semiconductor)
HKLM...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM...\Run: [UMonit] => C:\Windows\SysWOW64\UMonit64.exe [53832 2015-07-15] ()
HKLM...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-08] (AVAST Software)
HKLM...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [2443600 2017-05-01] (VoodooSoft, LLC )
HKLM...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION
HKU\S-1-5-21-113026621-1705679920-3439515112-1001...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-113026621-1705679920-3439515112-1001...\Run: [GoogleChromeAutoLaunch_DDF34A59040FF57D719F4EF1CA2 787C3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-03] (Google Inc.)
HKU\S-1-5-21-113026621-1705679920-3439515112-1001...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-08] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip..\Interfaces{55cca939-eda2-47d0-8952-4a628b980a60}: [DhcpNameServer] 209.18.47.61 209.18.47.62
[HEADING=1]Internet Explorer:[/HEADING]
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR HomePage: Default → hxxp://www.4loot.com/
CHR StartupUrls: Default → “hxxp://www.google.com/”,“hxxps://www.google.com/webhp?sourceid=chrome-instant&espv=210&es_th=1&ie=UTF-8”
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default [2017-06-11]
CHR Extension: (Google Slides) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-06-08]
CHR Extension: (Google Docs) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-06-08]
CHR Extension: (Google Drive) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2017-06-08]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-06-08]
CHR Extension: (Fair AdBlocker App) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbe pjmble [2017-06-08]
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck [2017-06-09]
CHR Extension: (Google Sheets) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2017-06-08]
CHR Extension: (Avast Online Security) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2017-06-08]
CHR Extension: (Fair AdBlocker) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdh pknnjh [2017-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-06-08]
CHR Extension: (Gmail) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-06-08]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-06-10]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-06-11]
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-10]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-11]
CHR Extension: (Avast Online Security) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-10]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-10]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-06-10]
CHR Extension: (Google Slides) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-09]
CHR Extension: (Google Docs) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-09]
CHR Extension: (Google Drive) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-09]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-09]
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-09]
CHR Extension: (Google Sheets) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-09]
CHR Extension: (Avast Online Security) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-09]
CHR Extension: (Gmail) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-09]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-09]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-06-10]
CHR Extension: (Google Slides) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-09]
CHR Extension: (Google Docs) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-09]
CHR Extension: (Google Drive) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-09]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-09]
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-09]
CHR Extension: (Google Sheets) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-09]
CHR Extension: (Avast Online Security) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-09]
CHR Extension: (Gmail) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-09]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-09]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-06-10]
CHR Extension: (Google Docs) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-09]
CHR Extension: (Google Drive) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-09]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-09]
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-09]
CHR Extension: (Avast Online Security) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-09]
CHR Extension: (Gmail) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-09]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-09]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-10]
CHR HKLM-x32...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-08] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-06-08] (AVAST Software)
R2 FastbootService; C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768 2015-09-08] (Lenovo) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe [30624 2015-07-16] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 LenovoPortalService; C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312 2015-09-08] ()
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273216 2017-02-14] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-06-08] (RaMMicHaeL)
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [129360 2017-05-01] (VoodooSoft, LLC )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-06-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-06-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-06-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-06-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-06-08] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-06-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-06-08] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [507928 2017-06-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-06-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-06-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-06-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-06-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-06-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-06-08] (AVAST Software)
R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [67608 2015-09-08] (Windows (R) Win 7 DDK provider) [File not signed]
R2 FBNetFilter; C:\WINDOWS\system32\Drivers\FBNetFlt.sys [32792 2015-09-08] (Windows (R) Win 7 DDK provider) [File not signed]
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-10] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvl ewu.inf_amd64_f89ffb631f81d1d5\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [598784 2015-06-15] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VSScanner; C:\WINDOWS\System32\DRIVERS\vsscanner.sys [29808 2016-08-18] (VoodooSoft, LLC)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U1 aswbdisk; no ImagePath
U3 catchme; ??\C:\Users\DONEFF~1\AppData\Local\Temp\catchme.sy s <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-03-17 23:16 - 2017-06-09 01:32 - 00000000 ___RD C:\Users\Doneff Family\Documents
2099-03-06 00:44 - 2017-03-18 16:58 - 00002199 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2097-03-23 22:04 - 2017-06-08 22:03 - 00000000 ___RD C:\Users\Public\Documents
2068-10-23 16:59 - 2017-03-18 16:59 - 00002349 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2060-02-04 05:21 - 2017-06-10 16:33 - 00000000 __RHD C:\Users\Public\Desktop
2058-11-04 06:52 - 2058-11-04 06:52 - 00000000 ___RD C:\Users\Default\Documents
2049-05-16 15:47 - 2017-06-09 01:32 - 00000000 ___RD C:\Users\Doneff Family\Music
2035-06-07 02:02 - 2017-06-09 01:32 - 00000000 ___RD C:\Users\Doneff Family\Videos
2035-01-09 21:08 - 2017-06-09 01:32 - 00000000 ___RD C:\Users\Doneff Family\Pictures
2031-07-10 19:00 - 2017-06-10 16:37 - 00000000 ___HD C:\ProgramData
2017-06-11 03:51 - 2017-06-11 03:51 - 00021685 _____ C:\Users\Doneff Family\Desktop\FRST.txt
2017-06-11 03:50 - 2017-06-11 03:51 - 00000000 ____D C:\FRST
2017-06-11 03:48 - 2017-06-11 03:48 - 02437120 _____ (Farbar) C:\Users\Doneff Family\Desktop\FRST64.exe
2017-06-10 19:25 - 2017-06-10 19:25 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\DBG
2017-06-10 17:02 - 2017-06-10 17:02 - 00007928 _____ C:\Users\Doneff Family\Desktop\SecurityCheck.txt
2017-06-10 17:01 - 2017-06-10 17:01 - 00000000 ____D C:\SecurityCheck
2017-06-10 16:59 - 2017-06-10 16:59 - 00000962 _____ C:\Users\Doneff Family\Desktop\Scan_Logs_2017_06_10_16_52_19.txt
2017-06-10 16:59 - 2017-06-10 16:59 - 00000932 _____ C:\Users\Doneff Family\Desktop\Repair_Logs_2017_06_10_16_52_19.txt
2017-06-10 16:52 - 2017-06-10 16:52 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2017-06-10 16:52 - 2017-06-10 16:52 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-06-10 16:50 - 2017-06-10 16:52 - 00002045 _____ C:\Users\Doneff Family\Desktop\ZHPCleaner.txt
2017-06-10 16:48 - 2017-06-10 16:48 - 00000890 _____ C:\Users\Doneff Family\Desktop\ZHPCleaner.lnk
2017-06-10 16:47 - 2017-06-10 16:47 - 00513726 _____ (glax24 (safezone.cc)) C:\Users\Doneff Family\Desktop\SecurityCheck.exe
2017-06-10 16:46 - 2017-06-10 16:46 - 00752296 _____ C:\Users\Doneff Family\Desktop\Adware Removal Tool by TSA.exe
2017-06-10 16:43 - 2017-06-10 16:43 - 02785792 _____ C:\Users\Doneff Family\Desktop\ZHPCleaner.exe
2017-06-10 16:43 - 2017-06-10 16:43 - 00003937 _____ C:\Users\Doneff Family\Desktop\ZHPFix[R1].txt
2017-06-10 16:42 - 2017-06-10 16:42 - 00003937 _____ C:\Users\Doneff Family\Desktop\ZHPFixReport.txt
2017-06-10 16:33 - 2017-06-10 16:34 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2017-06-10 16:33 - 2017-06-10 16:33 - 00001925 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2017-06-10 16:33 - 2017-06-10 16:33 - 00000000 ____D C:\Users\Doneff Family\Desktop\ZHPFix
2017-06-10 16:33 - 2017-06-10 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2017-06-10 16:32 - 2017-06-10 16:32 - 03498068 _____ C:\Users\Doneff Family\Desktop\ZHPFix.zip
2017-06-10 16:29 - 2017-06-10 16:29 - 00002886 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-06-10 16:29 - 2017-06-10 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-10 16:29 - 2017-06-10 16:29 - 00000000 ____D C:\Program Files\CCleaner
2017-06-10 16:27 - 2017-06-10 16:27 - 00000000 ____D C:\Program Files (x86)\PrivaZer
2017-06-10 16:10 - 2017-06-10 16:10 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-09 21:44 - 2017-06-09 21:44 - 00001222 _____ C:\Users\Doneff Family\Desktop\malwarebytes scan results.txt
2017-06-09 21:33 - 2017-06-10 02:53 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-09 21:33 - 2017-06-09 21:33 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-09 21:33 - 2017-06-09 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-09 21:33 - 2017-06-09 21:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-09 21:33 - 2017-06-09 21:33 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-09 21:33 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-09 21:32 - 2017-06-10 17:00 - 00003814 _____ C:\Users\Doneff Family\Desktop\AdwCleaner[C0].txt
2017-06-09 21:23 - 2017-06-09 21:30 - 00000000 ____D C:\AdwCleaner
2017-06-09 21:22 - 2017-06-09 21:23 - 64232976 _____ (Malwarebytes ) C:\Users\Doneff Family\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-09 21:22 - 2017-06-09 21:22 - 04110280 _____ C:\Users\Doneff Family\Desktop\adwcleaner_6.047.exe
2017-06-09 21:20 - 2017-06-09 21:20 - 00000712 _____ C:\Users\Doneff Family\Desktop\JRT.txt
2017-06-09 21:13 - 2017-06-09 21:13 - 01663672 _____ (Malwarebytes) C:\Users\Doneff Family\Desktop\JRT.exe
2017-06-09 21:09 - 2017-06-09 21:09 - 00007102 _____ C:\Users\Doneff Family\Desktop\rk_F6CC.tmp.txt
2017-06-09 20:48 - 2017-06-09 20:48 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-06-09 20:47 - 2017-06-09 20:47 - 00000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-06-09 20:47 - 2017-06-09 20:47 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-09 20:47 - 2017-06-09 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-09 20:47 - 2017-06-09 20:47 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-09 20:43 - 2017-06-09 20:43 - 35426672 _____ (Adlice Software ) C:\Users\Doneff Family\Desktop\setup.exe
2017-06-09 14:01 - 2017-06-09 14:07 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\FiestaOnline
2017-06-09 00:00 - 2017-06-09 00:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-09 00:00 - 2017-06-09 00:00 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-09 00:00 - 2017-06-09 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-08 23:59 - 2017-06-08 23:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-08 23:59 - 2017-06-08 23:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-08 23:58 - 2017-04-27 21:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-08 23:58 - 2017-04-27 21:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2017-06-08 23:58 - 2017-04-27 20:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2017-06-08 23:58 - 2017-04-27 20:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-08 23:58 - 2017-04-27 20:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-08 23:58 - 2017-04-27 20:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-08 23:58 - 2017-04-27 20:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-08 23:58 - 2017-04-27 20:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-08 23:58 - 2017-04-27 20:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-08 23:58 - 2017-04-27 20:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-08 23:58 - 2017-04-27 20:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-08 23:58 - 2017-04-27 19:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-08 23:58 - 2017-04-27 19:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-08 23:58 - 2017-04-19 02:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-08 23:58 - 2017-04-19 02:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-08 23:58 - 2017-04-19 02:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-08 23:58 - 2017-04-19 01:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-08 23:58 - 2017-04-19 01:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-08 23:58 - 2017-04-19 01:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-08 23:58 - 2017-04-13 20:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-08 23:58 - 2017-04-13 19:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-08 23:58 - 2017-04-13 19:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-08 23:58 - 2017-04-13 19:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-08 23:58 - 2017-04-13 19:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-08 23:58 - 2017-04-13 19:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-08 23:58 - 2017-04-13 19:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-08 23:58 - 2017-03-31 21:05 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-08 23:58 - 2017-03-31 20:57 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-08 23:57 - 2017-04-27 21:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-08 23:57 - 2017-04-27 21:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-08 23:57 - 2017-04-27 21:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-08 23:57 - 2017-04-27 21:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-08 23:57 - 2017-04-27 21:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-08 23:57 - 2017-04-27 21:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-08 23:57 - 2017-04-27 21:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-08 23:57 - 2017-04-27 21:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-08 23:57 - 2017-04-27 20:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-08 23:57 - 2017-04-27 20:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-08 23:57 - 2017-04-27 20:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-08 23:57 - 2017-04-27 20:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-08 23:57 - 2017-04-27 20:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-08 23:57 - 2017-04-27 20:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-08 23:57 - 2017-04-27 20:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-08 23:57 - 2017-04-27 20:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-08 23:57 - 2017-04-27 20:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-08 23:57 - 2017-04-27 20:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-08 23:57 - 2017-04-27 20:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-08 23:57 - 2017-04-27 20:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-08 23:57 - 2017-04-27 20:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-08 23:57 - 2017-04-27 20:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-08 23:57 - 2017-04-27 20:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-08 23:57 - 2017-04-27 20:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-08 23:57 - 2017-04-27 20:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-08 23:57 - 2017-04-27 20:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-08 23:57 - 2017-04-27 20:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-08 23:57 - 2017-04-27 20:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-08 23:57 - 2017-04-27 20:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-08 23:57 - 2017-04-27 20:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-08 23:57 - 2017-04-27 20:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-08 23:57 - 2017-04-27 20:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-08 23:57 - 2017-04-27 20:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-08 23:57 - 2017-04-27 20:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-08 23:57 - 2017-04-27 20:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-08 23:57 - 2017-04-27 20:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-08 23:57 - 2017-04-27 20:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2017-06-08 23:57 - 2017-04-27 19:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-08 23:57 - 2017-04-27 19:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-08 23:57 - 2017-04-27 19:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-08 23:57 - 2017-04-27 19:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-08 23:57 - 2017-04-27 19:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-08 23:57 - 2017-04-19 03:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-08 23:57 - 2017-04-19 02:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dl l
2017-06-08 23:57 - 2017-04-19 02:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-08 23:57 - 2017-04-19 02:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-08 23:57 - 2017-04-19 02:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-08 23:57 - 2017-04-19 02:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-08 23:57 - 2017-04-19 02:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-08 23:57 - 2017-04-19 01:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-08 23:57 - 2017-04-19 01:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dl l
2017-06-08 23:57 - 2017-04-19 01:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-08 23:57 - 2017-04-19 01:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-08 23:57 - 2017-04-13 19:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-08 23:57 - 2017-04-13 19:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2017-06-08 23:57 - 2017-03-31 21:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-08 23:57 - 2017-03-31 21:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-08 22:52 - 2017-06-10 16:58 - 00000000 ____D C:\ProgramData\VoodooShield
2017-06-08 22:52 - 2017-06-08 22:53 - 00000000 ____D C:\Program Files\VoodooShield
2017-06-08 22:52 - 2017-06-08 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
2017-06-08 22:52 - 2016-08-18 18:17 - 00029808 _____ (VoodooSoft, LLC) C:\WINDOWS\system32\Drivers\vsscanner.sys
2017-06-08 22:35 - 2017-06-09 01:10 - 00000000 ____D C:\Program Files\7-Zip
2017-06-08 22:35 - 2017-06-08 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-06-08 22:25 - 2017-06-08 22:25 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\Steam
2017-06-08 22:23 - 2017-06-10 02:54 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-08 22:23 - 2017-06-08 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-08 22:03 - 2017-06-08 22:04 - 00000232 _____ C:\Users\Public\Documents\Lenovo.Portal.txt
2017-06-08 22:03 - 2017-06-08 22:03 - 00000000 ____D C:\Download
2017-06-08 21:55 - 2017-06-08 22:02 - 00106627 _____ C:\Users\Doneff Family\Desktop\ZHPDiag.txt
2017-06-08 21:51 - 2017-06-08 21:59 - 00000193 _____ C:\Users\Doneff
2017-06-08 21:48 - 2017-06-08 21:48 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Lenovo
2017-06-08 21:48 - 2017-06-08 21:48 - 00000000 ____D C:\Users\Doneff Family.LSC
2017-06-08 21:47 - 2017-06-08 21:47 - 02741760 _____ C:\Users\Doneff Family\Desktop\ZHPDiag3.exe
2017-06-08 21:38 - 2017-06-09 01:11 - 00244248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-08 21:34 - 2017-06-10 16:51 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\ZHP
2017-06-08 21:34 - 2017-06-10 16:48 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\ZHP
2017-06-08 21:34 - 2017-06-08 21:58 - 00000880 _____ C:\Users\Doneff Family\Desktop\ZHPDiag.lnk
2017-06-08 20:45 - 2017-06-08 20:45 - 00004606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-08 20:45 - 2017-06-08 20:45 - 00004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-08 20:44 - 2017-06-08 20:46 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\Adobe
2017-06-08 20:34 - 2017-06-08 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo
2017-06-08 20:13 - 2017-06-08 20:13 - 00000000 ____D C:\Program Files (x86)\gamigo
2017-06-08 19:56 - 2017-06-08 19:56 - 00000000 ____D C:\WINDOWS\InfusedApps
2017-06-08 19:56 - 2017-06-08 16:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2017-06-08 19:56 - 2017-06-08 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-06-08 19:56 - 2017-06-08 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-06-08 19:56 - 2015-09-07 19:05 - 00002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2017-06-08 19:56 - 2015-04-28 14:06 - 00043256 _____ C:\WINDOWS\system32\oemlogo.bmp
2017-06-08 19:54 - 2017-06-08 19:54 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-08 19:54 - 2017-06-08 17:26 - 00000000 ____D C:\Windows.old
2017-06-08 19:54 - 2017-06-08 15:57 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-08 19:53 - 2017-06-08 19:53 - 00000000 ____D C:\WINDOWS\Setup
2017-06-08 19:52 - 2017-06-08 19:52 - 00000000 ____D C:\WINDOWS\OCR
2017-06-08 19:52 - 2017-06-08 19:52 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-08 19:52 - 2017-06-08 19:52 - 00000000 ____D C:\Program Files\MSBuild
2017-06-08 19:52 - 2017-06-08 19:52 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-08 19:52 - 2017-06-08 19:52 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\system32\0409
2017-06-08 19:51 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\DigitalLocker
2017-06-08 19:49 - 2017-04-28 21:05 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-08 19:49 - 2017-04-28 21:05 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-08 19:47 - 2017-06-09 21:07 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-08 19:47 - 2017-06-09 20:46 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-08 19:47 - 2017-06-09 20:46 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-08 19:47 - 2017-06-09 03:36 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-08 19:47 - 2017-06-09 01:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-08 19:47 - 2017-06-09 01:09 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-08 19:47 - 2017-06-09 01:09 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-08 19:47 - 2017-06-09 01:09 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-08 19:47 - 2017-06-09 01:09 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-08 19:47 - 2017-06-09 01:09 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-08 19:47 - 2017-06-09 01:09 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-08 19:47 - 2017-06-09 01:09 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-08 19:47 - 2017-06-09 01:09 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-08 19:47 - 2017-06-09 01:09 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-08 19:47 - 2017-06-09 01:09 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-08 19:47 - 2017-06-08 22:52 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-08 19:47 - 2017-06-08 20:45 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-08 19:47 - 2017-06-08 20:45 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-08 19:47 - 2017-06-08 19:56 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-08 19:47 - 2017-06-08 19:54 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-08 19:47 - 2017-06-08 19:52 - 00000000 ____D C:\WINDOWS\SystemApps
2017-06-08 19:47 - 2017-06-08 19:52 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\system32\setup
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\system32\Com
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\IME
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\Program Files\Common Files\System
2017-06-08 19:47 - 2017-06-08 19:51 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 __RSD C:\WINDOWS\Media
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ___SD C:\WINDOWS\system32\Nui
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\Web
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\Vss
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\tracing
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\TAPI
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SystemResources
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\winevt
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\ras
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\IME
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\icsxml
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\ias
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\Hydrogen
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\downlevel
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\DDFs
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\System
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SKB
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\security
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\schemas
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\SchCache
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\Resources
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\PLA
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\Performance
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\L2Schemas
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\InputMethod
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\Globalization
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\Cursors
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\Branding
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\addins
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\ProgramData\WindowsHolographicDevices
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\Program Files\Windows Security
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\Program Files\Windows NT
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\Program Files\Common Files\Services
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-06-08 19:47 - 2017-06-08 19:47 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-06-08 19:47 - 2017-06-08 19:45 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-06-08 19:47 - 2017-06-08 19:45 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-06-08 19:47 - 2017-06-08 19:45 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2017-06-08 19:47 - 2017-06-08 19:45 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-06-08 19:47 - 2017-06-08 19:45 - 00015940 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-06-08 19:47 - 2017-06-08 19:45 - 00004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-06-08 19:47 - 2017-06-08 19:45 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-06-08 19:47 - 2017-06-08 19:45 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-06-08 19:47 - 2017-06-08 19:45 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-06-08 19:47 - 2017-06-08 19:45 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-06-08 19:47 - 2017-06-08 16:34 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-06-08 19:47 - 2017-06-08 16:17 - 00000000 ____D C:\WINDOWS\rescache
2017-06-08 19:47 - 2017-06-08 16:14 - 00000000 ____D C:\WINDOWS\Registration
2017-06-08 19:47 - 2017-06-08 16:13 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-08 19:47 - 2017-06-08 16:12 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-08 19:47 - 2017-06-08 16:08 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-08 19:47 - 2017-06-08 16:07 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-08 19:47 - 2017-06-08 16:07 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-08 19:47 - 2017-06-08 16:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-08 19:47 - 2017-06-08 16:01 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-06-08 19:47 - 2017-06-08 16:01 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-06-08 19:47 - 2017-06-08 16:01 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-08 19:47 - 2017-06-08 16:00 - 00000000 ____D C:\WINDOWS\Help
2017-06-08 19:46 - 2017-06-10 16:30 - 00000000 ____D C:\WINDOWS\INF
2017-06-08 19:40 - 2017-06-09 00:00 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-08 19:38 - 2017-06-10 02:53 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-06-08 19:38 - 2017-06-08 19:51 - 00000000 ____D C:\WINDOWS\servicing
2017-06-08 19:38 - 2017-06-08 19:47 - 00000000 ____D C:\WINDOWS\system32\SMI
2017-06-08 19:38 - 2017-06-08 16:58 - 00000000 ____D C:\WINDOWS\Panther
2017-06-08 19:38 - 2017-06-08 16:34 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-08 18:25 - 2017-06-08 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2017-06-08 18:25 - 2017-06-08 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2017-06-08 18:25 - 2017-06-08 18:25 - 00000000 ____D C:\Program Files (x86)\NCWest
2017-06-08 18:25 - 2017-06-08 18:25 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2017-06-08 18:19 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-06-08 18:19 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-06-08 18:19 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2017-06-08 18:19 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-06-08 18:19 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-06-08 18:19 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-06-08 18:19 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-06-08 18:19 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-06-08 18:19 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-06-08 18:19 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-06-08 18:19 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-06-08 18:19 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-06-08 18:19 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-06-08 18:19 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-06-08 18:19 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-06-08 18:19 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-06-08 18:19 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-06-08 18:19 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2017-06-08 18:19 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2017-06-08 18:19 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-06-08 18:19 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-06-08 18:19 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2017-06-08 18:19 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-06-08 18:19 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-06-08 18:19 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2017-06-08 18:19 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2017-06-08 18:19 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2017-06-08 18:19 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2017-06-08 18:19 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2017-06-08 18:19 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2017-06-08 18:19 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2017-06-08 18:19 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2017-06-08 18:19 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-06-08 18:19 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-06-08 18:19 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2017-06-08 18:19 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2017-06-08 18:19 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2017-06-08 18:19 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2017-06-08 18:19 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2017-06-08 18:19 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2017-06-08 18:19 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2017-06-08 18:19 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2017-06-08 18:19 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2017-06-08 18:19 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2017-06-08 18:19 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2017-06-08 18:19 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2017-06-08 18:19 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2017-06-08 18:19 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2017-06-08 18:19 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2017-06-08 18:19 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2017-06-08 18:19 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2017-06-08 18:19 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2017-06-08 18:19 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-06-08 18:19 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-06-08 18:19 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-06-08 18:19 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-06-08 18:19 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-06-08 18:19 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-06-08 18:19 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-06-08 18:19 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-06-08 18:19 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2017-06-08 18:19 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2017-06-08 18:19 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2017-06-08 18:19 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2017-06-08 18:19 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2017-06-08 18:19 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2017-06-08 18:19 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-06-08 18:19 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-06-08 18:19 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-06-08 18:19 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-06-08 18:19 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-06-08 18:19 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-06-08 18:19 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2017-06-08 18:19 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-06-08 18:19 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-06-08 18:19 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-06-08 18:19 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2017-06-08 18:19 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-06-08 18:19 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-06-08 18:19 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2017-06-08 18:19 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2017-06-08 18:19 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-06-08 18:19 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-06-08 18:19 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2017-06-08 18:19 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2017-06-08 18:19 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-06-08 18:19 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-06-08 18:19 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2017-06-08 18:19 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-06-08 18:19 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2017-06-08 18:19 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-06-08 18:19 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2017-06-08 18:19 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-06-08 18:19 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2017-06-08 18:19 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2017-06-08 18:19 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-06-08 18:19 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-06-08 18:19 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2017-06-08 18:19 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-06-08 18:19 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2017-06-08 18:19 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-06-08 18:19 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2017-06-08 18:19 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-06-08 18:19 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2017-06-08 18:19 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-06-08 18:19 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2017-06-08 18:19 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-06-08 18:19 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2017-06-08 18:19 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-06-08 18:19 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2017-06-08 18:19 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-06-08 18:19 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2017-06-08 18:19 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-06-08 18:19 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2017-06-08 18:19 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-06-08 18:19 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2017-06-08 18:19 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-06-08 18:19 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2017-06-08 18:19 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-06-08 18:19 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2017-06-08 18:19 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-06-08 18:19 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2017-06-08 18:19 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-06-08 18:19 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2017-06-08 18:19 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-06-08 18:19 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2017-06-08 18:19 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-06-08 18:19 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2017-06-08 18:19 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-06-08 18:19 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2017-06-08 18:19 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-06-08 18:19 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2017-06-08 18:19 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-06-08 18:19 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-06-08 18:19 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-06-08 18:19 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2017-06-08 18:19 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-06-08 18:19 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2017-06-08 18:19 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-06-08 18:19 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2017-06-08 18:19 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-06-08 18:19 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2017-06-08 18:19 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-06-08 18:19 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2017-06-08 18:19 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2017-06-08 18:19 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-06-08 18:19 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2017-06-08 18:19 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2017-06-08 18:19 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-06-08 18:19 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2017-06-08 18:19 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2017-06-08 18:19 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2017-06-08 18:19 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2017-06-08 18:19 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-06-08 18:19 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-06-08 18:19 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-06-08 18:19 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2017-06-08 18:19 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2017-06-08 18:19 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2017-06-08 18:19 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-06-08 18:19 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-06-08 18:19 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2017-06-08 18:19 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-06-08 18:19 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2017-06-08 18:18 - 2017-06-08 18:18 - 00001581 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AION Free-to-Play.lnk
2017-06-08 18:18 - 2017-06-08 18:18 - 00000000 ____D C:\Program Files (x86)\Gameforge
2017-06-08 18:18 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-06-08 18:18 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2017-06-08 18:18 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-06-08 18:18 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2017-06-08 18:18 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-06-08 18:18 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2017-06-08 18:18 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-06-08 18:18 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2017-06-08 18:18 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-06-08 18:18 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2017-06-08 18:18 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-06-08 18:18 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2017-06-08 18:18 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-06-08 18:18 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2017-06-08 18:18 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-06-08 18:18 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2017-06-08 18:18 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-06-08 18:18 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2017-06-08 18:13 - 2017-06-08 18:13 - 00000000 ____D C:\Users\Doneff Family\Twisted Sister
2017-06-08 18:13 - 2017-06-08 18:13 - 00000000 ____D C:\Users\Doneff Family\Quiet Riot
2017-06-08 18:13 - 2017-06-08 18:13 - 00000000 ____D C:\Users\Doneff Family\Mötley Crüe
2017-06-08 18:13 - 2017-06-08 18:13 - 00000000 ____D C:\Users\Doneff Family\Brownsville Station
2017-06-08 18:12 - 2017-06-09 20:47 - 00000000 ____D C:\ProgramData\Unchecky
2017-06-08 18:12 - 2017-06-08 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2017-06-08 18:12 - 2017-06-08 18:12 - 00000000 ____D C:\Program Files (x86)\Unchecky
2017-06-08 18:10 - 2017-06-08 18:10 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\WinRAR
2017-06-08 18:09 - 2017-06-10 02:53 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-06-08 16:47 - 2017-06-10 16:27 - 00001973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2017-06-08 16:47 - 2017-06-10 16:27 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\PrivaZer
2017-06-08 16:47 - 2017-06-08 16:47 - 00003204 _____ C:\WINDOWS\System32\Tasks\PrivaZer_SkipUAC
2017-06-08 16:47 - 2017-06-08 16:47 - 00000000 ____D C:\ProgramData\privazer
2017-06-08 16:32 - 2017-06-08 21:54 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1496953941
2017-06-08 16:32 - 2017-06-08 21:54 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-06-08 16:31 - 2017-06-08 16:31 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-06-08 16:30 - 2017-06-08 16:30 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-06-08 16:30 - 2017-06-08 16:30 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-06-08 16:30 - 2017-06-08 16:30 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-06-08 16:30 - 2017-06-08 16:30 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
2017-06-08 16:30 - 2017-06-08 16:30 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\AVAST Software
2017-06-08 16:30 - 2017-06-08 16:30 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\CEF
2017-06-08 16:30 - 2017-06-08 16:29 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-06-08 16:30 - 2017-06-08 16:29 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-06-08 16:30 - 2017-06-08 16:29 - 00507928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-06-08 16:30 - 2017-06-08 16:29 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-06-08 16:30 - 2017-06-08 16:29 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-06-08 16:30 - 2017-06-08 16:29 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-06-08 16:30 - 2017-06-08 16:29 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-06-08 16:30 - 2017-06-08 16:29 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-06-08 16:30 - 2017-06-08 16:29 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-06-08 16:30 - 2017-06-08 16:29 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-06-08 16:30 - 2017-06-08 16:29 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-06-08 16:30 - 2017-06-08 16:29 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-06-08 16:30 - 2017-06-08 16:29 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-06-08 16:28 - 2017-06-08 19:09 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-08 16:28 - 2017-06-08 16:31 - 00000000 ____D C:\Program Files\AVAST Software
2017-06-08 16:27 - 2017-06-08 16:27 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\LSC
2017-06-08 16:26 - 2017-06-08 16:26 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-06-08 16:25 - 2017-06-08 16:25 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Google
2017-06-08 16:24 - 2017-06-08 17:21 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\Google
2017-06-08 16:24 - 2017-06-08 16:29 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A
2017-06-08 16:24 - 2017-06-08 16:29 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore
2017-06-08 16:24 - 2017-06-08 16:24 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-08 16:24 - 2017-06-08 16:24 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-08 16:24 - 2017-06-08 16:24 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-08 16:23 - 2017-06-08 16:23 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\SoftMaker
2017-06-08 16:23 - 2017-06-08 16:23 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\MicrosoftEdge
2017-06-08 16:23 - 2017-06-08 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker FreeOffice 2016
2017-06-08 16:23 - 2017-06-08 16:23 - 00000000 ____D C:\Program Files (x86)\SoftMaker FreeOffice 2016
2017-06-08 16:20 - 2017-06-08 16:20 - 00003306 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-08 16:20 - 2017-06-08 16:20 - 00002394 _____ C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-08 16:20 - 2017-06-08 16:20 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Macromedia
2017-06-08 16:20 - 2017-06-08 16:20 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Intel Corporation
2017-06-08 16:20 - 2017-06-08 16:20 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\Comms
2017-06-08 16:19 - 2017-06-08 16:19 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\Power2Go
2017-06-08 16:17 - 2017-06-10 16:10 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\Lenovo
2017-06-08 16:17 - 2017-06-08 21:45 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\Packages
2017-06-08 16:17 - 2017-06-08 16:17 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Adobe
2017-06-08 16:17 - 2017-06-08 16:17 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\VirtualStore
2017-06-08 16:17 - 2017-06-08 16:17 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\Publishers
2017-06-08 16:16 - 2017-06-08 16:16 - 00000020 ___SH C:\Users\Doneff Family\ntuser.ini
2017-06-08 16:16 - 2017-06-08 16:16 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-08 16:16 - 2017-06-08 16:16 - 00000000 _SHDL C:\Users\Default User
2017-06-08 16:16 - 2017-06-08 16:16 - 00000000 _SHDL C:\Users\All Users
2017-06-08 16:16 - 2017-06-08 16:16 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\TileDataLayer
2017-06-08 16:16 - 2017-06-08 16:16 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\ConnectedDevicesPlatform
2017-06-08 16:13 - 2017-06-08 16:13 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-08 16:13 - 2017-06-08 16:13 - 00013834 _____ C:\Users\Doneff Family\Desktop\Removed Apps.html
2017-06-08 16:12 - 2017-06-10 02:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-08 16:12 - 2017-06-08 21:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2017-06-08 16:12 - 2017-06-08 16:12 - 00002740 _____ C:\WINDOWS\System32\Tasks\OFFICE2013ACT
2017-06-08 16:12 - 2017-06-08 16:12 - 00002212 _____ C:\WINDOWS\System32\Tasks\PDVDServ12 Task
2017-06-08 16:09 - 2017-06-09 01:12 - 00000000 ____D C:\Users\Doneff Family
2017-06-08 16:09 - 2017-06-08 16:09 - 00000000 _SHDL C:\Users\Doneff Family\My Documents
2017-06-08 16:09 - 2017-06-08 16:09 - 00000000 _SHDL C:\Users\Doneff Family\Documents\My Videos
2017-06-08 16:09 - 2017-06-08 16:09 - 00000000 _SHDL C:\Users\Doneff Family\Documents\My Pictures
2017-06-08 16:09 - 2017-06-08 16:09 - 00000000 _SHDL C:\Users\Doneff Family\Documents\My Music
2017-06-08 16:08 - 2017-06-08 16:08 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-08 16:05 - 2017-06-08 16:05 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-08 16:00 - 2017-06-08 16:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-08 16:00 - 2017-06-08 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-06-08 16:00 - 2017-06-08 16:00 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-06-08 16:00 - 2017-06-08 16:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-08 16:00 - 2017-06-08 16:00 - 00000000 ____D C:\Program Files\Realtek
2017-06-08 16:00 - 2017-06-08 16:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-08 16:00 - 2016-12-29 09:16 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-06-08 16:00 - 2016-12-29 09:16 - 02475968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-06-08 16:00 - 2016-12-29 09:16 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-06-08 16:00 - 2016-12-29 09:16 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-06-08 16:00 - 2016-12-29 09:16 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-06-08 16:00 - 2016-12-29 09:16 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-06-08 16:00 - 2016-12-29 09:16 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-06-08 16:00 - 2016-12-21 19:59 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-06-08 15:59 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-08 15:57 - 2017-06-11 01:00 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-08 15:57 - 2017-06-08 15:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_ 00.Wdf
2017-06-08 02:03 - 2017-06-08 02:03 - 00000000 ____D C:\Users\Doneff Family\AppData\LocalLow\Elder Game
2017-06-07 13:33 - 2017-06-07 13:33 - 00796228 _____ C:\Users\Doneff Family\Downloads\17-18 Application Walkthrough.pdf
2017-06-07 13:25 - 2017-06-07 13:25 - 00278085 _____ C:\Users\Doneff Family\Downloads\fsu_2015-2016_medical_benefit_summary.pdf
2017-06-07 13:20 - 2017-06-07 13:20 - 00529319 _____ C:\Users\Doneff Family\Downloads\Medical_Exemption Statement.pdf
2017-06-07 13:20 - 2017-06-07 13:20 - 00163379 _____ C:\Users\Doneff Family\Downloads\HEALTH SERVICES- Release info to FSU.pdf
2017-06-07 13:19 - 2017-06-07 13:19 - 00162216 _____ C:\Users\Doneff Family\Downloads\HEALTH SERVICES–Release info from FSU.pdf
2017-06-07 13:18 - 2017-06-07 13:18 - 00266242 _____ C:\Users\Doneff Family\Downloads\mening.pdf
2017-06-07 13:17 - 2017-06-07 13:17 - 01383272 _____ C:\Users\Doneff Family\Downloads\Immunization Records Form.pdf
2017-06-07 13:16 - 2017-06-07 13:16 - 00916862 _____ C:\Users\Doneff Family\Downloads\fsu_2015-2016_student_blue_brochure.pdf
2017-06-07 01:55 - 2017-06-07 18:08 - 00031355 _____ C:\AdsFix.txt
2017-06-07 01:49 - 2017-06-08 14:30 - 00000000 ____D C:\AdsFix
2017-05-28 13:12 - 2017-05-28 13:22 - 00000000 ____D C:\AeriaGames
2017-05-26 11:27 - 2017-06-08 16:47 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2017-05-26 11:04 - 2017-05-26 11:05 - 00001153 _____ C:\DelFix.txt
2017-05-26 11:03 - 2017-05-26 11:03 - 14044240 _____ (VoodooSoft, LLC ) C:\Users\Doneff Family\Downloads\InstallVoodooShield.exe
2017-05-26 11:00 - 2017-06-08 16:48 - 07543048 _____ (Goversoft LLC) C:\Users\Doneff Family\Downloads\privazer_free.exe
2017-05-25 02:56 - 2017-05-25 02:56 - 00738368 _____ (Oracle Corporation) C:\Users\Doneff Family\Downloads\JavaSetup8u131.exe
2017-05-25 02:53 - 2017-05-25 02:53 - 67074989 _____ C:\Users\Doneff Family\Downloads\jre-8u131-windows-x64.tar.gz
2017-05-19 22:16 - 2017-05-19 22:16 - 01750460 _____ C:\Users\Doneff Family\Documents\Unit 8.6 Speaking 1D.m4a
2017-05-19 22:10 - 2017-05-19 22:10 - 02545639 _____ C:\Users\Doneff Family\Documents\Unit 7.8 Speaking 1E.m4a
2017-05-19 22:02 - 2017-05-19 22:02 - 02284292 _____ C:\Users\Doneff Family\Documents\Unit 10.7 Speaking 1D.m4a
2017-05-19 21:57 - 2017-05-19 21:57 - 00440970 _____ C:\Users\Doneff Family\Documents\Unit 10.11 Speaking 1F.m4a
2017-05-18 21:01 - 2017-05-18 21:01 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.Cura tedTileCollections.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-18 21:01 - 2017-05-18 21:01 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-18 21:01 - 2017-05-18 21:01 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker. dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-18 21:01 - 2017-05-18 21:01 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-18 21:01 - 2017-05-18 21:01 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-18 21:01 - 2017-05-18 21:01 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dl l
2017-05-18 21:01 - 2017-05-18 21:01 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-18 21:01 - 2017-05-18 21:01 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-18 21:01 - 2017-05-18 21:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-18 21:01 - 2017-05-18 21:01 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-18 20:55 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-18 20:55 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNativ e_v0300.dll
2017-05-18 20:55 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-18 20:55 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-18 20:55 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNativ e_v0300.dll
2017-05-18 20:55 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-12 17:41 - 2017-05-12 17:38 - 00528927 _____ C:\Users\Doneff Family\Documents\Unit 9.21 Speaking 3B.m4a

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-10 18:33 - 2015-07-16 11:54 - 01050936 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-10 16:31 - 2016-07-14 19:07 - 00000000 ____D C:\Users\Doneff Family\Desktop\Toolbox
2017-06-10 02:49 - 2017-04-02 05:21 - 00000000 ____D C:\Users\Doneff Family\Desktop\Games
2017-06-09 01:32 - 2015-07-16 11:49 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-08 21:49 - 2015-09-07 19:08 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2017-06-08 21:48 - 2015-09-07 19:05 - 00000000 ____D C:\ProgramData\Lenovo
2017-06-08 21:38 - 2015-09-07 19:05 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-08 19:45 - 2017-03-18 16:58 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-08 19:45 - 2017-03-18 16:58 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-08 19:45 - 2017-03-18 16:58 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-08 19:45 - 2017-03-18 16:58 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-08 19:45 - 2017-03-18 16:58 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-08 19:45 - 2017-03-18 16:58 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-08 19:45 - 2017-03-18 16:58 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-08 19:45 - 2017-03-18 16:58 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-08 19:45 - 2017-03-18 16:57 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-08 19:45 - 2017-03-18 16:56 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 08330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFl owUI.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-08 19:44 - 2017-03-18 16:58 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 02211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 01474288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store .dll
2017-06-08 19:44 - 2017-03-18 16:58 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 01136640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00940960 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00491008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-08 19:44 - 2017-03-18 16:58 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-08 19:44 - 2017-03-18 16:58 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-08 19:44 - 2017-03-18 16:57 - 03331584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-08 19:44 - 2017-03-18 16:57 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-08 19:44 - 2017-03-18 16:57 - 02515968 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-08 19:44 - 2017-03-18 16:57 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-08 19:44 - 2017-03-18 16:57 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-08 19:44 - 2017-03-18 16:57 - 00777728 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-08 19:44 - 2017-03-18 16:57 - 00640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-08 19:44 - 2017-03-18 16:57 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-08 19:44 - 2017-03-18 16:57 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-08 19:44 - 2017-03-18 16:57 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-08 19:44 - 2017-03-18 16:57 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-08 19:44 - 2017-03-18 16:56 - 05802976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-08 19:44 - 2017-03-18 16:56 - 02612008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-08 19:44 - 2017-03-18 16:56 - 01669472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-08 19:44 - 2017-03-18 16:56 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-08 19:44 - 2017-03-18 16:56 - 01224208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-08 19:44 - 2017-03-18 16:56 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-08 19:44 - 2017-03-18 16:56 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-08 19:43 - 2017-03-18 16:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 02678784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 01911808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .dll
2017-06-08 19:43 - 2017-03-18 16:58 - 01537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 01267056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 01056160 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00356992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManage r.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-08 19:43 - 2017-03-18 16:58 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-08 19:43 - 2017-03-18 16:57 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-08 19:43 - 2017-03-18 16:57 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-08 19:43 - 2017-03-18 16:57 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-08 19:43 - 2017-03-18 16:57 - 00437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-08 19:43 - 2017-03-18 16:57 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-08 19:43 - 2017-03-18 16:57 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-08 19:43 - 2017-03-18 16:57 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-08 19:43 - 2017-03-18 16:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-08 19:43 - 2017-03-18 16:57 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-08 19:43 - 2017-03-18 16:57 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-08 19:43 - 2017-03-18 16:57 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-08 19:43 - 2017-03-18 16:57 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-08 19:43 - 2017-03-18 16:57 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-08 19:43 - 2017-03-18 16:57 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-08 19:43 - 2017-03-18 16:56 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-08 19:43 - 2017-03-18 16:56 - 04711648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-08 19:43 - 2017-03-18 16:56 - 04673872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-08 19:43 - 2017-03-18 16:56 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-08 19:43 - 2017-03-18 16:56 - 02430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-08 19:43 - 2017-03-18 16:56 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-08 19:43 - 2017-03-18 16:56 - 01120872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-08 19:43 - 2017-03-18 16:56 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-08 19:43 - 2017-03-18 16:56 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-08 19:43 - 2017-03-18 16:56 - 00287136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-08 19:43 - 2017-03-18 16:56 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-08 19:43 - 2017-03-18 16:56 - 00188832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-08 19:42 - 2017-03-18 16:58 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-08 19:42 - 2017-03-18 16:58 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-08 19:42 - 2017-03-18 16:58 - 01505688 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-08 19:42 - 2017-03-18 16:57 - 01528872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-08 18:25 - 2015-09-07 19:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-08 16:26 - 2016-12-16 13:47 - 00000000 ____D C:\Users\Doneff Family\Desktop\Word Files
2017-06-08 16:20 - 2016-05-09 17:38 - 00000000 ___RD C:\Users\Doneff Family\OneDrive
2017-06-08 16:13 - 2016-12-22 03:42 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-08 16:12 - 2015-09-08 09:04 - 00000000 ____D C:\Users\Public\Documents\Lenovo
2017-06-08 16:12 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-08 16:08 - 2015-09-08 09:02 - 00000000 ____D C:\WINDOWS\jmesoft
2017-06-08 16:08 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2017-06-08 16:07 - 2015-09-08 09:02 - 00000000 ____D C:\ProgramData\Realtek
2017-06-08 16:07 - 2015-09-08 09:02 - 00000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
2017-06-08 16:07 - 2015-09-08 09:01 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-06-08 16:07 - 2015-09-08 08:59 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-08 16:07 - 2015-09-07 19:11 - 00000000 ____D C:\Users\Public\CyberLink
2017-06-08 16:07 - 2015-09-07 19:11 - 00000000 ____D C:\ProgramData\Office2013
2017-06-08 16:07 - 2015-09-07 19:09 - 00000000 ____D C:\ProgramData\Temp
2017-06-08 16:07 - 2015-09-07 19:09 - 00000000 ____D C:\ProgramData\OneKey Recovery
2017-06-08 16:07 - 2015-09-07 19:08 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-08 16:07 - 2015-09-07 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-08 16:07 - 2015-07-16 11:50 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-08 16:07 - 2015-07-10 08:22 - 00000000 ____D C:\ProgramData\USOShared
2017-06-08 16:07 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2017-06-08 16:06 - 2015-09-08 09:03 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-06-08 16:06 - 2015-09-08 09:01 - 00000000 ____D C:\Program Files (x86)\Intel
2017-06-08 16:06 - 2015-09-08 08:59 - 00000000 ____D C:\Program Files (x86)\Genesyslogic
2017-06-08 16:06 - 2015-09-07 19:10 - 00000000 ____D C:\Program Files (x86)\Cyberlink
2017-06-08 16:06 - 2015-09-07 19:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-08 16:06 - 2015-09-07 19:08 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-06-08 16:05 - 2015-09-08 09:00 - 00000000 ____D C:\Program Files\Intel
2017-06-08 16:05 - 2015-09-08 09:00 - 00000000 ____D C:\Program Files\DIFX
2017-06-08 16:05 - 2015-09-07 19:08 - 00000000 ____D C:\Program Files\Lenovo
2017-06-08 15:25 - 2017-04-26 00:51 - 00000000 ____D C:\Users\Doneff Family\Desktop\Keep This
2017-06-08 14:30 - 2016-12-23 16:20 - 00000000 ____D C:\Users\Doneff Family\AppData\LocalLow\Heroes and Generals
2017-06-08 14:30 - 2016-07-14 07:33 - 00000000 ____D C:\Users\Doneff Family\Desktop\Music 2
2017-06-08 14:30 - 2016-07-14 07:29 - 00000000 ___RD C:\Users\Doneff Family\Desktop\Music 1
2017-06-07 19:00 - 2017-02-18 16:11 - 00000000 ____D C:\temp
2017-06-07 04:10 - 2016-12-16 13:15 - 00000000 ____D C:\Users\Doneff Family\Documents\SoftMaker
2017-06-07 04:10 - 2016-11-10 18:15 - 00000000 ____D C:\Users\Doneff Family\Documents\Finale Files
2017-06-07 04:10 - 2016-05-13 23:35 - 00000000 ____D C:\Users\Doneff Family\AppData\LocalLow\Sun
2017-06-07 04:10 - 2016-05-09 17:42 - 00000000 ____D C:\Users\Doneff Family\Desktop\JJ Doneff
2017-05-27 21:18 - 2016-07-03 18:30 - 00000092 _____ C:\Users\Doneff Family\Documents\aionmemo_3be6f3da.dat
2017-05-24 23:34 - 2016-05-09 17:42 - 00000000 ____D C:\Users\Doneff Family\Desktop\PDF Files
2017-05-19 22:16 - 2016-09-20 22:03 - 00000000 ____D C:\Users\Doneff Family\Documents\Sound recordings

==================== Files in the root of some directories =======

2017-06-08 22:03 - 2017-06-08 22:03 - 0000000 _____ () C:\Users\Doneff Family\AppData\Roaming\fastboot.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-08 15:56
[HEADING=1]==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2017
Ran by Doneff Family (11-06-2017 03:51:34)
Running from C:\Users\Doneff Family\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-08 20:16:25)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-113026621-1705679920-3439515112-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-113026621-1705679920-3439515112-503 - Limited - Disabled)
Doneff Family (S-1-5-21-113026621-1705679920-3439515112-1001 - Administrator - Enabled) => C:\Users\Doneff Family
Guest (S-1-5-21-113026621-1705679920-3439515112-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.00 beta (x64) (HKLM...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe Flash Player 25 PPAPI (HKLM-x32...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32...{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Aion (HKLM-x32...{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
AION Free-to-Play (HKLM-x32...{82E73E8D-E1E7-45A4-A311-6D31492AA913}is1) (Version: - Gameforge 4D GmbH)
Avast Internet Security (HKLM-x32...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
CCleaner (HKLM...\CCleaner) (Version: 5.30 - Piriform)
Cisco EAP-FAST Module (HKLM-x32...{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32...{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32...{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Components (x32 Version: 1.0.023.00 - Lenovo) Hidden
Driver and Application Installation (HKLM-x32...{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.02.0803 - Lenovo)
Fiesta Online NA version 1.0 (HKLM-x32...\Fiesta Online NA_is1) (Version: 1.0 - gamigo AG) <==== ATTENTION
Genesys USB Mass Storage Device (HKLM-x32...{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 59.0.3071.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM...{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Lenovo Accelerator Application (HKLM-x32...{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32...{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo Power2Go (HKLM-x32...\InstallShield{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.8231 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.)
Lenovo PowerDVD12 (x32 Version: 12.0.5320.55 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM...{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.006.00 - Lenovo)
Lenovo Rescue System (HKLM-x32...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.4212 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.4212 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM...{7BB9AAFD-3350-49C8-92D1-833AAFF9E74E}) (Version: 3.4.003.013 - Lenovo)
Lenovo System Interface Foundation (HKLM...{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.023.00 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Manual (HKLM-x32...{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32...{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-113026621-1705679920-3439515112-1001...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM...{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA Graphics Driver 353.62 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PrivaZer (HKLM-x32...\PrivaZer) (Version: 3.0.23.0 - Goversoft LLC)
REACHit (HKLM-x32...{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.11 - Lenovo)
REALTEK Bluetooth Filter Driver (HKLM-x32...{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.868.060315 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32...{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7586 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32...{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.)
RogueKiller version 12.11.1.0 (HKLM...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.1.0 - Adlice Software)
SafeZone Stable 3.55.2393.607 (x32 Version: 3.55.2393.607 - Avast Software) Hidden
SHAREit (HKLM-x32...\SHAREit_is1) (Version: 2.5.5.0 - Lenovo)
SoftMaker FreeOffice 2016 (HKLM-x32...{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 1.0.3815 - SoftMaker Software GmbH)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM...\Steam App 440) (Version: - Valve)
Unchecky v1.0.2 (HKLM-x32...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
VoodooShield version 3.59 (HKLM...{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.59 - VoodooSoft, LLC)
Windows Driver Package - Genesys Logic (GeneStor) USB (07/13/2015 4.5.0.6) (HKLM...\AE2E6FAB44844413B4C6F53C908EACC8AFC838F0) (Version: 07/13/2015 4.5.0.6 - Genesys Logic)
Windows Driver Package - NVIDIA (nvlddmkm) Display (07/22/2015 10.18.13.5362) (HKLM...\81C36D5B443FFB6F528F76BD424D750C53ADF10E) (Version: 07/22/2015 10.18.13.5362 - NVIDIA)
Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (04/16/2015 1.3.34.3) (HKLM...\E1EF4D4E1E41BA85DB6DA51424B73AE1B3F0056A) (Version: 04/16/2015 1.3.34.3 - NVIDIA Corporation)
Windows Driver Package - Realtek (rt640x64) Net (05/05/2015 10.001.0505.2015) (HKLM...\6A304520C2F25CD034E477A379C47308AA84A2DC) (Version: 05/05/2015 10.001.0505.2015 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetooth (06/11/2015 1.3.868.3) (HKLM...\604A7B07184AD24892732BED4543610976632257) (Version: 06/11/2015 1.3.868.3 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. (RTWlanE) Net (07/09/2015 2023.14.0615.2015) (HKLM...\5D078DEFD18360A7A64D38392C9F1007DC86AE23) (Version: 07/09/2015 2023.14.0615.2015 - Realtek Semiconductor Corp.)
ZHPFix 2015 (HKLM-x32...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0278D8AE-D23A-432A-89BF-ABDBF2811C2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {188F698D-65C6-42D6-81A6-FC3A7C16048E} - System32\Tasks\SafeZone scheduled Autoupdate 1496953941 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {1965A7D1-A727-4E7E-9344-622742807CB9} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost “LSC Memory” “$(Arg0)”
Task: {1C63D883-9F41-410C-B3E5-8C4F2D8A9AFD} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {40E699A4-DE8C-4458-B580-91B1C55CB4FF} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2017-06-10] (Goversoft LLC)
Task: {4389964D-F9D4-4678-969D-99707BDD3BE2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-08] (AVAST Software)
Task: {50DE43FB-062C-4960-8B67-3D21B52DA22B} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
Task: {64262C9F-4EF1-4329-88BE-E530ADEC5985} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-08] (Google Inc.)
Task: {6599FF25-1EAA-4B2A-91D3-B64A62336FEF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => sc control iMControllerService 128
Task: {7AFDC169-FB7D-45C7-92AF-E73656CF6EC8} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-05-20] (CyberLink Corp.)
Task: {7C338A71-2603-4BBE-BCF5-D1264B1FE9C4} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2017-02-14] (Lenovo)
Task: {83EFE97E-21B6-4B52-A661-188ACC502460} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-07-12] ()
Task: {94B31663-9A81-4798-95CE-74535FEF7C55} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-01] (Lenovo)
Task: {9BED05D7-939C-4B39-90E0-9C259BC2A40E} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
Task: {A7E1474D-32D6-4476-B8BF-3221576DF40E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoS ystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {B15E929E-E0C6-45D2-9238-A67A0AD4DDDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-08] (Google Inc.)
Task: {B434B951-90B4-42FD-BAAB-1D1FF1ED0B5F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2017-02-14] ()
Task: {BAA90FE6-0470-46D2-8F03-6296E9398236} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2017-02-14] (Lenovo)
Task: {FA7F888E-1C02-41B7-9EDE-FA5B3721D918} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [2015-07-10] (Lenovo)
Task: {FAA81923-5158-4674-8CF6-67A327FCBA9F} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-07-12] ()
Task: {FD8AC639-096F-4468-8883-3D992B9957F8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-06-08] (Adobe Systems Incorporated)
Task: {FE472AB4-D27D-4024-9FF0-95C43397FF6C} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienc eImprovement.exe [2017-06-08] (Lenovo)
Task: {FE94CFD3-DCD1-41E6-A5DD-B517EF3A5CF7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_ 0_0_171_pepper.exe [2017-06-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Jeremy Doneff - Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=“Profile 1”
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\JJ Doneff - Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=“Profile 2”
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Nick Doneff - Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=“Profile 3”
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Tennafa - Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=“Default”
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Jerem y Doneff - Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=“Profile 1”
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Betha ny Doneff - Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=“Profile 4”

==================== Loaded Modules (Whitelisted) ==============

2017-06-08 16:00 - 2016-12-29 09:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-08 09:02 - 2011-08-16 23:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2015-09-08 09:04 - 2015-09-08 09:04 - 00024312 _____ () C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-10 16:27 - 2017-06-10 16:27 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2015-07-10 20:40 - 2015-07-10 20:40 - 00016288 _____ () C:\Program Files\lenovo\QuickOptimizer\ShowTaskbarIcon.dll
2015-07-10 20:40 - 2015-07-10 20:40 - 05067168 _____ () C:\Program Files\lenovo\QuickOptimizer\DTPrismAssistInf.dll
2015-09-08 08:59 - 2015-07-15 06:54 - 00053832 _____ () C:\Windows\syswow64\UMonit64.exe
2015-09-08 09:02 - 2011-08-16 23:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2017-06-08 21:45 - 2017-06-08 21:45 - 00765440 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.100 1.45.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-08 21:45 - 2017-06-08 21:45 - 10601984 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.100 1.45.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.M obile.dll
2017-06-08 21:45 - 2017-06-08 21:45 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.100 1.45.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common. Mobile.dll
2017-06-08 21:50 - 2017-06-08 21:51 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-08 21:50 - 2017-06-08 21:51 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x 64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-08 21:50 - 2017-06-08 21:51 - 43318784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x 64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-08 21:50 - 2017-06-08 21:51 - 02427904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x 64__kzf8qxf38zg5c\skypert.dll
2017-04-07 03:41 - 2017-04-07 03:41 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-06-08 16:29 - 2017-06-08 16:29 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-08 16:29 - 2017-06-08 16:29 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-08 16:29 - 2017-06-08 16:29 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-06-08 16:29 - 2017-06-08 16:29 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-08 16:29 - 2017-06-08 16:29 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-08 16:29 - 2017-06-08 16:29 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-06-08 16:29 - 2017-06-08 16:29 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-06-08 22:24 - 2017-05-16 21:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-06-08 22:24 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-06-08 22:24 - 2017-06-08 01:42 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll
2017-06-08 22:24 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-06-08 22:24 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-06-08 22:24 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-06-08 22:24 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-06-08 22:24 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-06-08 22:24 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-06-08 22:24 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-06-08 22:24 - 2017-06-08 01:42 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-06-08 22:24 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2009-12-04 19:59 - 2009-12-04 19:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 20:04 - 2009-12-04 20:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-09-08 09:02 - 2011-05-17 16:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2017-06-08 22:25 - 2017-05-08 15:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-08 22:25 - 2017-05-16 21:54 - 00678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-06-08 22:24 - 2017-06-08 01:42 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-07-11 02:37 - 2015-07-11 02:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mcpltsvc => “”=“”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcpltsvc => “”=“”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2017-06-10 02:53 - 00002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Control Panel\Desktop\Wallpaper → C:\Users\Doneff Family\Desktop\Pictures\Pretty Pictures from the Internet\Car.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0243C029-FC7A-450D-AA1C-C6AEB8E84F06}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoPortal\Lenovo.Portal.exe
FirewallRules: [{9F8344C0-F257-46F2-A0A1-135D3411907F}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{5C8F0591-D6D6-442D-90F8-BCD4803A45A5}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{28E544E6-15A6-4E12-BF96-099B57945E5C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7C5ECF08-F25B-40DA-9E74-E9191ADFC98B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{5AAC2BA5-79F0-4E65-A691-571CEF2CEEFF}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{7BE46E6D-5A70-4E57-AB36-03C30BBE4E5E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2EDD379C-0F81-42FA-9CAF-2F65A6B41A8B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B41C1B00-F0E9-4727-A3A5-4710C74523CA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{930055B3-A5DE-4578-8990-13661059F991}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E5F45CF9-9A6E-40B6-831B-1A6DCB820934}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4275B252-3315-43BA-A403-B589758B5E5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe

==================== Restore Points =========================

08-06-2017 18:18:33 Installed DirectX
10-06-2017 16:36:45 ZHPFix Restore System Point

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (06/10/2017 07:25:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Fiesta.bin version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 13ac

Start Time: 01d2e23250ec1a85

Termination Time: 17

Application Path: C:\Program Files (x86)\gamigo\FiestaOnlineNA\Fiesta.bin

Report Id: faf45f0e-4bd8-4c3c-8ed5-7b8823c3be56

Faulting package full name:

Faulting package-relative application ID:

Error: (06/10/2017 02:56:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.0.1081, time stamp: 0x556ecc3d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x038890ed
Faulting process id: 0x15a4
Faulting application start time: 0x01d2e1b690076de5
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 2c482b43-8d84-4d8a-a801-815649690135
Faulting package full name:
Faulting package-relative application ID:

Error: (06/10/2017 02:56:21 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at IAStorUtil.SystemDataModelListener.ProcessSystemDa taModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystem State()
at IAStorDataMgr.EventRelay.b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCal lback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System. Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWa itCallback()

Error: (06/10/2017 01:21:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-DOB72OG)
Description: Package Microsoft.Windows.Photos_17.425.10010.0_x64__8weky b3d8bbwe+App was terminated because it took too long to suspend.

Error: (06/09/2017 09:33:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.0.1081, time stamp: 0x556ecc3d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x037290f5
Faulting process id: 0xfa4
Faulting application start time: 0x01d2e18982f0f219
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 8ee602cf-e75a-40d9-a257-b8aed4236492
Faulting package full name:
Faulting package-relative application ID:

Error: (06/09/2017 09:33:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at IAStorUtil.SystemDataModelListener.ProcessSystemDa taModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystem State()
at IAStorDataMgr.EventRelay.b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCal lback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System. Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWa itCallback()

Error: (06/09/2017 09:16:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/09/2017 09:14:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.0.1081, time stamp: 0x556ecc3d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x041390ed
Faulting process id: 0x22bc
Faulting application start time: 0x01d2e186bfba5d74
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 68a8dc7e-de79-4c22-97df-9c648c0091c1
Faulting package full name:
Faulting package-relative application ID:

Error: (06/09/2017 09:14:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at IAStorUtil.SystemDataModelListener.ProcessSystemDa taModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystem State()
at IAStorDataMgr.EventRelay.b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCal lback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System. Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWa itCallback()

Error: (06/09/2017 09:07:34 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
[HEADING=1]System errors:[/HEADING]
Error: (06/11/2017 03:48:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (06/11/2017 03:48:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (06/11/2017 03:43:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (06/11/2017 03:43:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (06/11/2017 03:38:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (06/11/2017 03:38:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (06/11/2017 03:33:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (06/11/2017 03:33:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (06/11/2017 03:28:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dmwappushsvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (06/10/2017 04:37:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: ??\C:\Users\DONEFF~1\AppData\Local\Temp\catchme.sy s
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2017-06-10 16:37:22.098
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Doneff Family\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-10 16:37:22.097
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Doneff Family\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-10 16:37:04.836
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Doneff Family\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-10 16:37:04.835
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Doneff Family\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-10 16:37:04.583
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Doneff Family\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-10 16:37:04.580
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Doneff Family\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-10 16:37:04.305
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Doneff Family\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 23%
Total physical RAM: 12236.19 MB
Available physical RAM: 9338.08 MB
Total Virtual: 14668.19 MB
Available Virtual: 11842.51 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:899.67 GB) (Free:766.7 GB) NTFS
Drive f: (Extra) (Fixed) (Total:55.93 GB) (Free:6.16 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: 9F6FAE00)

Partition: GPT.

================================================== ======
Disk: 1 (Size: 55.9 GB) (Disk ID: 6635F736)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

**Malnutrition** · 06-11-2017, 09:57 PM

Uninstall the programs below with Geek Uninstaller.

Lenovo Experience Improvement (HKLM...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo Power2Go (HKLM-x32...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.8231 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.)
Lenovo PowerDVD12 (x32 Version: 12.0.5320.55 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM...{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.006.00 - Lenovo)
Lenovo Solution Center (HKLM...{7BB9AAFD-3350-49C8-92D1-833AAFF9E74E}) (Version: 3.4.003.013 - Lenovo)
Lenovo System Interface Foundation (HKLM...{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.023.00 - Lenovo)
REACHit (HKLM-x32...{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.11 - Lenovo)

Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.

O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_DDF34A59040FF57D719F4EF1CA2 787C3] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5
O4 - HKCU..\Run: [OneDrive] C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe /background
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe “C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe” 60
O4 - HKLM..\StartupApproved\Run32: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM..\StartupApproved\Run32: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
O4 - HKLM..\StartupApproved\Run32: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe “C:\Program Files (x86)\Lenovo\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”
O4 - HKLM..\StartupApproved\Run: [RtHDVBg_LENOVO_MICPKEY] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /LENOVO_MICPKEY
O4 - HKLM..\StartupApproved\Run: [SecurityHealth] C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4-32 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe
O4-32 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O22 - Task (Disabled): \Lenovo\Experience Improvement - C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienc eImprovement.exe
O22 - Task (Disabled): \Microsoft\Windows\Subscription\LicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe
O22 - Task (Disabled): \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - C:\WINDOWS\system32\usoclient.exe ScanInstallWait
O22 - Task (Ready): Adobe Flash Player PPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_ 0_0_171_pepper.exe -check pepperplugin
O22 - Task (Ready): Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O22 - Task (Ready): OFFICE2013ACT - C:\ProgramData\Office2013\OFFICEICON.vbs
O22 - Task (Ready): PrivaZer_SkipUAC - C:\Program Files (x86)\PrivaZer\PrivaZer.exe $(Arg0)
O22 - Task (Ready): \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance - C:\WINDOWS\system32\sc.exe control iMControllerService 128
O22 - Task (Ready): \Lenovo\ImController\Plugins\LenovoSystemUpdatePlu gin_TVSUUpdateTask - C:\WINDOWS\system32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
O22 - Task (Ready): \Lenovo\LSC\LSCHardwareScan - C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe -diag HWScan
O22 - Task (Ready): \Lenovo\LSC\Lenovo Solution Center Notifications - C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe /show
O22 - Task (Ready): \Lenovo\Lenovo Customer Feedback Program 64 35 - C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
O22 - Task (Ready): \Lenovo\Lenovo Solution Center Launcher - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe UpdateStatus
O22 - Task (Ready): \Lenovo\REACHit Agent Startup - C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe /nobrowser
O22 - Task (Ready): \Lenovo\REACHit Agent Update - C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe -update
O22 - Task (Ready): \Lenovo\SHPrompt - C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe
O22 - Task (Ready): \Lenovo\SHUpdate - C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe -runInBackground -tryTillSuccess
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\compattelrunner.exe
O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\WINDOWS\system32\compattelrunner.exe -maintenance
O22 - Task (Running): PDVDServ12 Task - C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
O22 - Task (Running): \Lenovo\QuickOptimizer - C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe
O23 - Service R3: Intel(R) Security Assist - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service S2: Intel(R) Security Assist Helper - (isaHelperSvc) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service S3: Lenovo Solution Center System Service - (LSC.Services.SystemService) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe
O23 - Service S3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S3: Windows Defender Antivirus Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe

Now click on fix checked.
After the fix is complete, then reboot your machine.

Make sure and disable Windows Defender & Windows Firewall, as you already Have Avast

Suggest installing this program as well. O&O Shutup

I will have a FRST fix coming up for you later on tonight.

**Malnutrition** · 06-11-2017, 10:19 PM

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

**jmarket** · 06-12-2017, 01:04 AM

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 11-06-2017
Ran by Doneff Family (11-06-2017 20:58:33) Run:1
Running from C:\Users\Doneff Family\Desktop
Loaded Profiles: Doneff Family (Available Profiles: Doneff Family)
Boot Mode: Normal[/HEADING]
fixlist content:

start
emptytemp:
CloseProcesses:
CreateRestorePoint:
HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM...\Run: [UMonit] => C:\Windows\SysWOW64\UMonit64.exe [53832 2015-07-15] ()
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION
HKU\S-1-5-21-113026621-1705679920-3439515112-1001...\Run: [GoogleChromeAutoLaunch_DDF34A59040FF57D719F4EF1CA2 787C3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-03] (Google Inc.)
CHR Extension: (Fair AdBlocker App) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbe pjmble [2017-06-08]
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck [2017-06-09]
CHR Extension: (Fair AdBlocker) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdh pknnjh [2017-06-08]
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-10]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-09]
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-09]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-09]
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-09]
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
C:\Program Files (x86)\Intel\Intel(R) Security Assist
C:\Users\Doneff Family\AppData\Local\TianTianData
U3 catchme; ??\C:\Users\DONEFF~1\AppData\Local\Temp\catchme.sy s <==== ATTENTION
2017-06-09 00:00 - 2017-06-09 00:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-09 00:00 - 2017-06-09 00:00 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
Folder: C:\Download
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
Folder: C:\Program Files\Windows Security
C:\Program Files\Common Files\McAfee
C:\WINDOWS\system32\diagtrack.dll
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Task: {1965A7D1-A727-4E7E-9344-622742807CB9} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost “LSC Memory” “$(Arg0)”
Task: {1C63D883-9F41-410C-B3E5-8C4F2D8A9AFD} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {40E699A4-DE8C-4458-B580-91B1C55CB4FF} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2017-06-10] (Goversoft LLC)
Task: {50DE43FB-062C-4960-8B67-3D21B52DA22B} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
Task: {6599FF25-1EAA-4B2A-91D3-B64A62336FEF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => sc control iMControllerService 128
Task: {7AFDC169-FB7D-45C7-92AF-E73656CF6EC8} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-05-20] (CyberLink Corp.)
Task: {7C338A71-2603-4BBE-BCF5-D1264B1FE9C4} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2017-02-14] (Lenovo)
Task: {83EFE97E-21B6-4B52-A661-188ACC502460} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-07-12] ()
Task: {94B31663-9A81-4798-95CE-74535FEF7C55} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-01] (Lenovo)
Task: {9BED05D7-939C-4B39-90E0-9C259BC2A40E} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
Task: {A7E1474D-32D6-4476-B8BF-3221576DF40E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoS ystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {B434B951-90B4-42FD-BAAB-1D1FF1ED0B5F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2017-02-14] ()
Task: {BAA90FE6-0470-46D2-8F03-6296E9398236} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2017-02-14] (Lenovo)
Task: {FA7F888E-1C02-41B7-9EDE-FA5B3721D918} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [2015-07-10] (Lenovo)
Task: {FAA81923-5158-4674-8CF6-67A327FCBA9F} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-07-12] ()
Task: {FD8AC639-096F-4468-8883-3D992B9957F8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-06-08] (Adobe Systems Incorporated)
Task: {FE472AB4-D27D-4024-9FF0-95C43397FF6C} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienc eImprovement.exe [2017-06-08] (Lenovo)
Task: {FE94CFD3-DCD1-41E6-A5DD-B517EF3A5CF7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_ 0_0_171_pepper.exe [2017-06-08] (Adobe Systems Incorporated)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mcpltsvc => “”=“”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcpltsvc => “”=“”
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: ipconfig /flushdns
reboot:
end

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \SecurityHealth => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \UMonit => value removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION => restored successfully
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Windows\CurrentVersion\Run \GoogleChromeAutoLaunch_DDF34A59040FF57D719F4EF1CA 2787C3 => value not found.
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbe pjmble => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdh pknnjh => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
HKLM\System\CurrentControlSet\Services\Intel(R) Security Assist => key removed successfully
Intel(R) Security Assist => service removed successfully
HKLM\System\CurrentControlSet\Services\isaHelperSv c => key removed successfully
isaHelperSvc => service removed successfully
C:\Program Files (x86)\Intel\Intel(R) Security Assist => moved successfully
“C:\Users\Doneff Family\AppData\Local\TianTianData” => not found.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
C:\WINDOWS\system32\MRT => moved successfully
C:\WINDOWS\system32\MRT.exe => moved successfully

========================= Folder: C:\Download ========================

====== End of Folder: ======

“C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier” => not found.
“C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater” => not found.

========================= Folder: C:\Program Files\Windows Security ========================

2017-06-08 19:47 - 2017-06-08 19:51 - 0000000 ____D () C:\Program Files\Windows Security\BrowserCore
2017-03-18 16:58 - 2017-03-18 16:58 - 0080288 _____ (Microsoft Corporation) C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 0000216 _____ () C:\Program Files\Windows Security\BrowserCore\manifest.json
2017-06-08 19:51 - 2017-06-08 19:51 - 0000000 ____D () C:\Program Files\Windows Security\BrowserCore\en-US
2017-03-18 22:27 - 2017-03-18 01:47 - 0014848 _____ (Microsoft Corporation) C:\Program Files\Windows Security\BrowserCore\en-US\BrowserCore.exe.mui

====== End of Folder: ======

C:\Program Files\Common Files\McAfee => moved successfully
C:\WINDOWS\system32\diagtrack.dll => moved successfully
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} => removed successfully
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{1965A7D 1-A727-4E7E-9344-622742807CB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1965A7D 1-A727-4E7E-9344-622742807CB9} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\PLA\LS C Memory => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\PLA\LSC Memory => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1C63D88 3-9F41-410C-B3E5-8C4F2D8A9AFD} => key not found.
C:\WINDOWS\System32\Tasks\OFFICE2013ACT => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OFFICE20 13ACT => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{40E699A 4-DE8C-4458-B580-91B1C55CB4FF} => key not found.
C:\WINDOWS\System32\Tasks\PrivaZer_SkipUAC => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PrivaZer _SkipUAC => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{50DE43F B-062C-4960-8B67-3D21B52DA22B} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\REACHit Agent Startup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\R EACHit Agent Startup => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6599FF2 5-1EAA-4B2A-91D3-B64A62336FEF} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\ImController\Leno vo iM Controller Scheduled Maintenance => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\I mController\Lenovo iM Controller Scheduled Maintenance => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{7AFDC16 9-FB7D-45C7-92AF-E73656CF6EC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7AFDC16 9-FB7D-45C7-92AF-E73656CF6EC8} => key removed successfully
C:\WINDOWS\System32\Tasks\PDVDServ12 Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PDVDServ 12 Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7C338A7 1-2603-4BBE-BCF5-D1264B1FE9C4} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\L SC\Lenovo Solution Center Notifications => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{83EFE97 E-21B6-4B52-A661-188ACC502460} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\SHUpdate => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\S HUpdate => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{94B3166 3-9A81-4798-95CE-74535FEF7C55} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\L enovo Customer Feedback Program 64 35 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9BED05D 7-939C-4B39-90E0-9C259BC2A40E} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\REACHit Agent Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\R EACHit Agent Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A7E1474 D-32D6-4476-B8BF-3221576DF40E} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\ImController\Plug ins\LenovoSystemUpdatePlugin_TVSUUpdateTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\I mController\Plugins\LenovoSystemUpdatePlugin_TVSUU pdateTask => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B434B95 1-90B4-42FD-BAAB-1D1FF1ED0B5F} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Solution Center Launcher => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\L enovo Solution Center Launcher => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{BAA90FE 6-0470-46D2-8F03-6296E9398236} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\LSC\LSCHardwareSc an => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\L SC\LSCHardwareScan => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FA7F888 E-1C02-41B7-9EDE-FA5B3721D918} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\QuickOptimizer => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Q uickOptimizer => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FAA8192 3-5158-4674-8CF6-67A327FCBA9F} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\SHPrompt => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\S HPrompt => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FD8AC63 9-096F-4468-8883-3D992B9957F8} => key not found.
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FE472AB 4-D27D-4024-9FF0-95C43397FF6C} => key not found.
C:\WINDOWS\System32\Tasks\Lenovo\Experience Improvement => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\E xperience Improvement => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FE94CFD 3-DCD1-41E6-A5DD-B517EF3A5CF7} => key not found.
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Min imal\mcpltsvc => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Net work\mcpltsvc => key removed successfully

========= RemoveProxy: =========

HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state Off =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19245011 B
Java, Flash, Steam htmlcache => 46653726 B
Windows/system/drivers => 21208 B
Edge => 183310 B
Chrome => 906815179 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 3282 B
NetworkService => 0 B
Doneff Family => 29354747 B

RecycleBin => 0 B
EmptyTemp: => 966.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 21:00:26 ====

**Malnutrition** · 06-12-2017, 06:49 PM

Any issues to speak of?

It's like a popup but...

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment