need help with something strange

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • mynd12
    PCHF Member
    • Jun 2017
    • 14
    #1

    need help with something strange

    Hello. Recently my computer has been acting strange. From fps drops in games to windows being weird with characters. I will post some ss’s of what I mean and I have no idea what it is. Even if I try to just open something to edit then save it’s impossible to even see the files as there are no letters for them. I have tried swapping video cards along with different slots but still the same. Did the same thing with cpu’s and it’s the same. Only have the set of ram I have right now and I tried rotating them in and out to see if I have a bad stick but no success yet. I will put image links as I can’t even upload them directly without restarting.
    Spec: MSI 970 Pro Mobo
    FX-8350@4.0 Ghz
    GTX 1070
    840 evo SSD
    Gskill 1333 16gb of ram
    [MEDIA=imgur]a/dwdkP[/MEDIA]
    [MEDIA=imgur]a/oEHCl[/MEDIA]
    [MEDIA=imgur]a/b2Zac[/MEDIA]
    Tags: None
    • jmarket
      PCHF Owner
      • Jan 2015
      • 7634
      #2
      Hi mynd12 and welcome to PCHF

      Please download MiniToolBox and save it to your desktop. Run the program by right clicking on it and selecting Run as administrator. When the program opens select the following boxes:

      Flush DNS
      Report IE Proxy Settings
      Reset IE Proxy Settings
      Report FF Proxy Settings
      Reset FF Proxy Settings
      List content of Hosts
      List IP Configuration
      List Winsock Entries
      List last 10 Event Viewer Errors
      List Installed Programs
      List Devices (Only Problems)
      List Users, Partitions and Memory size

      Please post the log in your next reply

        Comment

        • mynd12
          PCHF Member
          • Jun 2017
          • 14
          #3
          Attached it to the post. Might show 8gigs of ram since i was still playing around with the ram but think I might of ruled that out. Could a bad mobo cause this by chance? Maybe not reading or transferring things correctly?

            Comment

            • jmarket
              PCHF Owner
              • Jan 2015
              • 7634
              #4
              Lease Obtained. . . . . . . . . . : Wednesday, June 14, 2017 1:40:10 AM
              Lease Expires . . . . . . . . . . : Wednesday, June 14, 2017 1:45:13 AM

              That’s a very short lease time.

              I see a lot of Microsoft Photos errors.

              Are you able to watch videos without issue? If you are, that will eliminate a video issue. I also see no anti-malware on your system as well as a torrent client. Before we’re able to assist you, we kindly ask that you remove uTorrent during the duration of your troubleshooting here at PCHF You can add it back once we’ve resolved your issue

              After removing it, please post a fresh MTB log and follow the below instructions:

              Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

              If you are unsure if your operating system is 32 or 64 Bit please go HERE.

              Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu.

              Forums - PC Help Forum
              https://pchelpforum.net/attachments/icon2-jpg.794
              PCHF Forums


              If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
              Frst will open with two dialogue boxes, accept the disclaimer.

              Forums - PC Help Forum
              https://pchelpforum.net/attachments/frst-disclaimer-jpg.795
              PCHF Forums

              Accept the default whitelist options,
              If the additions.txt options box is not checked please select it.
              Then select “Scan”

              Forums - PC Help Forum
              https://pchelpforum.net/attachments/frst-jpg.796
              PCHF Forums


              Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

              Forums - PC Help Forum
              https://pchelpforum.net/attachments/2016-08-12_152002-jpg.797
              PCHF Forums


              Please Copy and Paste the contents of these logs in your next post for review by our Security Team

              I will also move your thread to the Malware Removal area as I am concerned that you might be infected.

                Comment

                • mynd12
                  PCHF Member
                  • Jun 2017
                  • 14
                  #5
                  Ok removed utorrent and will attach all of that. Yes I can view videos just fine from them being on my computer to youtube videos. Can even watch streams on twitch just fine.

                  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-06-2017
                  Ran by Motion (administrator) on MOTION-PC (14-06-2017 17:09:12)
                  Running from C:\Users\Motion\Downloads
                  Loaded Profiles: Motion (Available Profiles: Motion & DefaultAppPool)
                  Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
                  Internet Explorer Version 11 (Default browser: Chrome)
                  Boot Mode: Normal
                  Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

                  ==================== Processes (Whitelisted) =================

                  (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

                  (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
                  (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
                  (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                  (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
                  (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
                  () C:\Windows\SysWOW64\PnkBstrA.exe
                  (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
                  (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
                  (OTi) C:\Windows\SysWOW64\UStorSrv.exe
                  (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
                  (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
                  (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.ex e
                  (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64. exe
                  (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
                  (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
                  (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
                  (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
                  (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
                  (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                  (Microsoft Corporation) C:\Windows\System32\dllhost.exe
                  (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
                  (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
                  (Spotify Ltd) C:\Users\Motion\AppData\Roaming\Spotify\SpotifyWeb Helper.exe
                  (Spotify Ltd) C:\Users\Motion\AppData\Roaming\Spotify\SpotifyWeb Helper.exe
                  (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
                  (SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
                  (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
                  (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
                  (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
                  (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
                  (Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung Magician\SamsungMagician.exe
                  (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

                  ==================== Registry (Whitelisted) ====================

                  (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

                  HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
                  HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
                  HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
                  HKLM...\Run: [ShadowPlay] => “C:\WINDOWS\system32\rundll32.exe” C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSyst emStart
                  HKLM-x32...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
                  HKLM-x32...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
                  HKU\S-1-5-21-1442195442-3689054388-281515-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
                  HKU\S-1-5-21-1442195442-3689054388-281515-1000...\Run: [Spotify] => C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e [7064176 2017-04-21] (Spotify Ltd)
                  HKU\S-1-5-21-1442195442-3689054388-281515-1000...\Run: [Spotify Web Helper] => C:\Users\Motion\AppData\Roaming\Spotify\SpotifyWeb Helper.exe [1446000 2017-04-21] (Spotify Ltd)
                  ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
                  ShellIconOverlayIdentifiers: [ GoogleDriveSynced] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
                  ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
                  ShellIconOverlayIdentifiers: [ OverlayExcluded] → {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
                  ShellIconOverlayIdentifiers: [ OverlayPending] → {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
                  ShellIconOverlayIdentifiers: [ OverlayProtected] → {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
                  ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] → {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
                  ShellIconOverlayIdentifiers-x32: [ OverlayPending] → {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
                  ShellIconOverlayIdentifiers-x32: [ OverlayProtected] → {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
                  Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-11-21]
                  ShortcutTarget: SteelSeries Engine 3.lnk → C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

                  ==================== Internet (Whitelisted) ====================

                  (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

                  Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
                  Tcpip..\Interfaces{847c0a9b-7e1c-4968-ad35-83173d8ea7bc}: [NameServer] 8.8.8.8,8.8.4.4
                  Tcpip..\Interfaces{847c0a9b-7e1c-4968-ad35-83173d8ea7bc}: [DhcpNameServer] 8.8.8.8 8.8.4.4
                  [HEADING=1]Internet Explorer:[/HEADING]
                  SearchScopes: HKU\S-1-5-21-1442195442-3689054388-281515-1000 → {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3321972&octid=EB_ORIGINAL_CTID &SearchSource=58&CUI=&UM=4&UP=SPEC5877B5-1FCA-4417-B44A-201755B656F1&q={searchTerms}&SSPV=
                  BHO: Norton Identity Safety → {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} → C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
                  BHO: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
                  BHO-x32: Norton Identity Safety → {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} → C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
                  BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-11] (Oracle Corporation)
                  BHO-x32: No Name → {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} → No File
                  BHO-x32: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
                  BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-11] (Oracle Corporation)
                  Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
                  Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
                  [HEADING=1]FireFox:[/HEADING]
                  FF DefaultProfile: 990g0168.default
                  FF ProfilePath: C:\Users\Motion\AppData\Roaming\Mozilla\Firefox\Pr ofiles\990g0168.default [2017-06-14]
                  FF Extension: (Video DownloadHelper) - C:\Users\Motion\AppData\Roaming\Mozilla\Firefox\Pr ofiles\990g0168.default\Extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-03-31]
                  FF Extension: (Adblock Plus) - C:\Users\Motion\AppData\Roaming\Mozilla\Firefox\Pr ofiles\990g0168.default\Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-31]
                  FF Extension: (Greasemonkey) - C:\Users\Motion\AppData\Roaming\Mozilla\Firefox\Pr ofiles\990g0168.default\Extensions{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-07]
                  FF HKLM...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
                  FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2017-06-05]
                  FF HKLM-x32...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
                  FF Plugin: @adobe.com/FlashPlayer → C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_ 126.dll [2017-06-13] ()
                  FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 → C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
                  FF Plugin-x32: @adobe.com/FlashPlayer → C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 126.dll [2017-06-13] ()
                  FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 → C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1. dll [2015-01-11] (Oracle Corporation)
                  FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 → C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-11] (Oracle Corporation)
                  FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 → C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
                  FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
                  FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-07] (NVIDIA Corporation)
                  FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-07] (NVIDIA Corporation)
                  FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
                  FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
                  FF Plugin-x32: @videolan.org/vlc,version=2.0.0 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
                  [HEADING=1]Chrome:[/HEADING]
                  CHR DefaultProfile: Default
                  CHR HomePage: Default → hxxp://comcast.net/
                  CHR StartupUrls: Default → “hxxp://comcast.net/”
                  CHR Profile: C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default [2017-06-14]
                  CHR Extension: (BetterTTV) - C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegp efgped [2017-04-21]
                  CHR Extension: (Google Drive) - C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-10-21]
                  CHR Extension: (Fast Proxy) - C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjcdfmmpdfjohenejbkaaafko eknjnh [2015-04-27]
                  CHR Extension: (Adblock Plus) - C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2017-03-21]
                  CHR Extension: (Norton Security Toolbar) - C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblf mpjdpe [2017-06-06]
                  CHR Extension: (Google Docs Offline) - C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-03-14]
                  CHR Extension: (Zalmos SSL Web Proxy for Free) - C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Extensions\idefjamndcpplnamdlbodoebjg kpdmpn [2014-12-15]
                  CHR Extension: (Chrome Web Store Payments) - C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-03-08]
                  CHR Extension: (Chrome Media Router) - C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-05-12]
                  CHR HKLM...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
                  CHR HKLM...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
                  CHR HKU\S-1-5-21-1442195442-3689054388-281515-1000\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Motion\AppData\Local\Google\Drive\user_de fault\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-07-19]
                  CHR HKU\S-1-5-21-1442195442-3689054388-281515-1000\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
                  CHR HKLM-x32...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
                  CHR HKLM-x32...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

                  ==================== Services (Whitelisted) ====================

                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                  R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
                  S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1536520 2017-05-09] ()
                  S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-09-30] (BitRaider, LLC)
                  R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe [326160 2017-05-26] (Symantec Corporation)
                  R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
                  S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
                  R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [462968 2017-06-07] (NVIDIA Corporation)
                  R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-06-07] (NVIDIA Corporation)
                  R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-09-24] ()
                  S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
                  S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
                  R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
                  R2 UStorage Server Service; C:\Windows\SysWOW64\UStorSrv.exe [139264 2004-09-20] (OTi) [File not signed]
                  S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
                  S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

                  ===================== Drivers (Whitelisted) ======================

                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                  R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20 170612.001\BHDrvx64.sys [1862784 2017-05-18] (Symantec Corporation)
                  S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [140800 2013-10-30] (SteelSeries Corporation) [File not signed]
                  R1 Capsax64Drv0; C:\WINDOWS\System32\Drivers\Capsax64Drv0.sys [35976 2014-08-15] (Colasoft Co., Ltd.)
                  R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1609040.008\cc Setx64.sys [174232 2017-05-11] (Symantec Corporation)
                  R1 CSN5PDTS82x64; C:\WINDOWS\System32\Drivers\CSN5PDTS82x64.sys [34840 2012-10-24] (Colasoft Co., Ltd.)
                  R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-10] (Symantec Corporation)
                  R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-10] (Symantec Corporation)
                  R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\201 70613.001\IDSvia64.sys [1053824 2017-05-20] (Symantec Corporation)
                  R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2015-05-18] (ASUSTeK Computer Inc.)
                  R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
                  S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
                  R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_2d81f3535ced17c6\nvlddmkm.sys [14461344 2017-06-08] (NVIDIA Corporation)
                  S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
                  R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
                  R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)
                  R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
                  S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation) [File not signed]
                  S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
                  R3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1609040.008\SR TSP64.SYS [770712 2017-05-11] (Symantec Corporation)
                  R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1609040.008\SR TSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
                  R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41824 2016-11-03] (SteelSeries ApS)
                  R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45928 2017-01-10] (SteelSeries ApS)
                  R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1609040.008\SY MEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
                  S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1609040.008\Sy mELAM.sys [24608 2017-05-11] (Symantec Corporation)
                  R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-03-15] (Symantec Corporation)
                  R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1609040.008\Ir onx64.SYS [291480 2017-05-11] (Symantec Corporation)
                  R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1609040.008\SY MNETS.SYS [567496 2017-05-11] (Symantec Corporation)
                  R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7. sys [41192 2016-09-12] (Windows (R) Win 7 DDK provider)
                  R3 VCSVADHWSer; C:\WINDOWS\system32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
                  S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
                  S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
                  S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
                  S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [35344 2015-10-02] ()
                  U3 idsvc; no ImagePath

                  ==================== NetSvcs (Whitelisted) ===================

                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                  ==================== One Month Created files and folders ========

                  (If an entry is included in the fixlist, the file/folder will be moved.)

                  2017-06-14 17:06 - 2017-06-14 17:06 - 00047599 _____ C:\Users\Motion\Downloads\Addition.txt
                  2017-06-14 17:05 - 2017-06-14 17:09 - 00021149 _____ C:\Users\Motion\Downloads\FRST.txt
                  2017-06-14 17:05 - 2017-06-14 17:09 - 00000000 ____D C:\FRST
                  2017-06-14 17:01 - 2017-06-14 17:01 - 02438656 _____ (Farbar) C:\Users\Motion\Downloads\FRST64.exe
                  2017-06-14 16:18 - 2017-06-14 16:18 - 00000837 _____ C:\Users\Public\Desktop\Speccy.lnk
                  2017-06-14 16:18 - 2017-06-14 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
                  2017-06-14 16:18 - 2017-06-14 16:18 - 00000000 ____D C:\Program Files\Speccy
                  2017-06-14 16:16 - 2017-06-14 16:16 - 06293184 _____ (Piriform Ltd) C:\Users\Motion\Downloads\spsetup130.exe
                  2017-06-14 15:49 - 2017-06-14 16:07 - 3992293376 _____ C:\Users\Motion\Downloads\en_windows_10_pro_10240_ x64_dvd.iso
                  2017-06-14 15:48 - 2017-06-14 15:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
                  2017-06-14 15:23 - 2017-06-14 15:23 - 18357776 _____ (Microsoft Corporation) C:\Users\Motion\Downloads\MediaCreationTool (1).exe
                  2017-06-14 15:23 - 2017-06-14 15:23 - 00000000 ___HD C:$Windows.~WS
                  2017-06-14 14:46 - 2017-06-14 15:50 - 00000000 ____D C:\ESD
                  2017-06-14 14:45 - 2017-06-14 14:45 - 18357776 _____ (Microsoft Corporation) C:\Users\Motion\Downloads\MediaCreationTool.exe
                  2017-06-14 14:32 - 2017-06-14 14:32 - 01856832 _____ C:\Users\Motion\Downloads\DAZ LOADER WINDOWS 10 www.nvsoftwares.com.rar
                  2017-06-14 01:56 - 2017-06-14 01:56 - 01717944 _____ ( ) C:\Users\Motion\Downloads\cpu-z_1.79-en.exe
                  2017-06-14 01:56 - 2017-06-14 01:56 - 00000914 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
                  2017-06-14 01:56 - 2017-06-14 01:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
                  2017-06-14 01:56 - 2017-06-14 01:56 - 00000000 ____D C:\Program Files\CPUID
                  2017-06-14 01:44 - 2017-06-14 17:04 - 00035404 _____ C:\Users\Motion\Desktop\MTB.txt
                  2017-06-14 01:39 - 2017-06-14 01:39 - 00892416 _____ (Farbar) C:\Users\Motion\Downloads\MiniToolBox.exe
                  2017-06-13 21:27 - 2017-06-07 19:38 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
                  2017-06-13 21:27 - 2017-03-10 17:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
                  2017-06-13 21:27 - 2017-03-10 17:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
                  2017-06-13 21:27 - 2017-03-10 17:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
                  2017-06-13 21:27 - 2017-03-10 17:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
                  2017-06-13 14:13 - 2017-06-03 06:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
                  2017-06-13 14:13 - 2017-06-03 06:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
                  2017-06-13 14:13 - 2017-06-03 06:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
                  2017-06-13 14:13 - 2017-06-03 06:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
                  2017-06-13 14:13 - 2017-06-03 06:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
                  2017-06-13 14:13 - 2017-06-03 06:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
                  2017-06-13 14:13 - 2017-06-03 06:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
                  2017-06-13 14:13 - 2017-06-03 06:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
                  2017-06-13 14:13 - 2017-06-03 06:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
                  2017-06-13 14:13 - 2017-06-03 06:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
                  2017-06-13 14:13 - 2017-06-03 06:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
                  2017-06-13 14:13 - 2017-06-03 06:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
                  2017-06-13 14:13 - 2017-06-03 06:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
                  2017-06-13 14:13 - 2017-06-03 05:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
                  2017-06-13 14:13 - 2017-06-03 05:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
                  2017-06-13 14:13 - 2017-06-03 05:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
                  2017-06-13 14:13 - 2017-06-03 05:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
                  2017-06-13 14:13 - 2017-06-03 05:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
                  2017-06-13 14:13 - 2017-06-03 05:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
                  2017-06-13 14:13 - 2017-06-03 05:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
                  2017-06-13 14:13 - 2017-06-03 05:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
                  2017-06-13 14:13 - 2017-06-03 05:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
                  2017-06-13 14:13 - 2017-06-03 05:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
                  2017-06-13 14:13 - 2017-06-03 05:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
                  2017-06-13 14:13 - 2017-06-03 05:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
                  2017-06-13 14:13 - 2017-06-03 05:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
                  2017-06-13 14:13 - 2017-06-03 05:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
                  2017-06-13 14:13 - 2017-06-03 05:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
                  2017-06-13 14:13 - 2017-06-03 05:21 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
                  2017-06-13 14:13 - 2017-06-03 05:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
                  2017-06-13 14:13 - 2017-06-03 05:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
                  2017-06-13 14:13 - 2017-06-03 05:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
                  2017-06-13 14:13 - 2017-06-03 05:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
                  2017-06-13 14:13 - 2017-06-03 05:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
                  2017-06-13 14:13 - 2017-06-03 05:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
                  2017-06-13 14:13 - 2017-06-03 05:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
                  2017-06-13 14:13 - 2017-06-03 05:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
                  2017-06-13 14:13 - 2017-06-03 05:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
                  2017-06-13 14:13 - 2017-06-03 05:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
                  2017-06-13 14:13 - 2017-06-03 05:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
                  2017-06-13 14:13 - 2017-06-03 05:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
                  2017-06-13 14:13 - 2017-06-03 05:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
                  2017-06-13 14:13 - 2017-06-03 05:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authenticatio n.Identity.Provider.dll
                  2017-06-13 14:13 - 2017-06-03 05:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
                  2017-06-13 14:13 - 2017-06-03 05:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
                  2017-06-13 14:13 - 2017-06-03 05:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
                  2017-06-13 14:13 - 2017-06-03 05:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
                  2017-06-13 14:13 - 2017-06-03 05:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
                  2017-06-13 14:13 - 2017-06-03 05:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
                  2017-06-13 14:13 - 2017-06-03 05:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
                  2017-06-13 14:13 - 2017-06-03 05:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
                  2017-06-13 14:13 - 2017-06-03 05:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
                  2017-06-13 14:13 - 2017-06-03 05:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
                  2017-06-13 14:13 - 2017-06-03 05:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authenticatio n.Identity.Provider.dll
                  2017-06-13 14:13 - 2017-06-03 05:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
                  2017-06-13 14:13 - 2017-06-03 05:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
                  2017-06-13 14:13 - 2017-06-03 05:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
                  2017-06-13 14:13 - 2017-06-03 05:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
                  2017-06-13 14:13 - 2017-06-03 05:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
                  2017-06-13 14:13 - 2017-06-03 05:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
                  2017-06-13 14:13 - 2017-06-03 05:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
                  2017-06-13 14:13 - 2017-06-03 05:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
                  2017-06-13 14:13 - 2017-06-03 05:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
                  2017-06-13 14:13 - 2017-06-03 05:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
                  2017-06-13 14:13 - 2017-06-03 05:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
                  2017-06-13 14:13 - 2017-06-03 05:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
                  2017-06-13 14:13 - 2017-06-03 04:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
                  2017-06-13 14:13 - 2017-06-03 04:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
                  2017-06-13 14:13 - 2017-06-03 04:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
                  2017-06-13 14:13 - 2017-06-03 04:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
                  2017-06-13 14:13 - 2017-06-03 04:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
                  2017-06-13 14:13 - 2017-06-03 04:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
                  2017-06-13 14:13 - 2017-06-03 04:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
                  2017-06-13 14:13 - 2017-06-03 04:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
                  2017-06-13 14:13 - 2017-06-03 04:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
                  2017-06-13 14:13 - 2017-06-03 04:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
                  2017-06-13 14:13 - 2017-06-03 04:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
                  2017-06-13 14:13 - 2017-06-03 04:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
                  2017-06-13 14:13 - 2017-06-03 04:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
                  2017-06-13 14:13 - 2017-06-03 04:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
                  2017-06-13 14:13 - 2017-06-03 04:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
                  2017-06-13 14:13 - 2017-06-03 04:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
                  2017-06-13 14:13 - 2017-06-03 04:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
                  2017-06-13 14:13 - 2017-06-03 04:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
                  2017-06-13 14:13 - 2017-06-03 04:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
                  2017-06-13 14:13 - 2017-06-03 04:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
                  2017-06-13 14:13 - 2017-06-03 04:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
                  2017-06-13 14:13 - 2017-06-03 04:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
                  2017-06-13 14:13 - 2017-06-03 04:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
                  2017-06-13 14:13 - 2017-06-03 04:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
                  2017-06-13 14:13 - 2017-06-03 04:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
                  2017-06-13 14:13 - 2017-06-03 04:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
                  2017-06-13 14:13 - 2017-06-03 04:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
                  2017-06-13 14:13 - 2017-06-03 04:54 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
                  2017-06-13 14:13 - 2017-06-03 04:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
                  2017-06-13 14:13 - 2017-06-03 04:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
                  2017-06-13 14:12 - 2017-06-03 06:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
                  2017-06-13 14:12 - 2017-06-03 06:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
                  2017-06-13 14:12 - 2017-06-03 06:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
                  2017-06-13 14:12 - 2017-06-03 05:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
                  2017-06-13 14:12 - 2017-06-03 05:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
                  2017-06-13 14:12 - 2017-06-03 05:56 - 02228120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
                  2017-06-13 14:12 - 2017-06-03 05:56 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
                  2017-06-13 14:12 - 2017-06-03 05:56 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
                  2017-06-13 14:12 - 2017-06-03 05:56 - 01458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
                  2017-06-13 14:12 - 2017-06-03 05:56 - 00848288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
                  2017-06-13 14:12 - 2017-06-03 05:56 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
                  2017-06-13 14:12 - 2017-06-03 05:56 - 00844696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
                  2017-06-13 14:12 - 2017-06-03 05:56 - 00697760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
                  2017-06-13 14:12 - 2017-06-03 05:56 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
                  2017-06-13 14:12 - 2017-06-03 05:56 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
                  2017-06-13 14:12 - 2017-06-03 05:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions .dll
                  2017-06-13 14:12 - 2017-06-03 05:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
                  2017-06-13 14:12 - 2017-06-03 05:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
                  2017-06-13 14:12 - 2017-06-03 05:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
                  2017-06-13 14:12 - 2017-06-03 05:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
                  2017-06-13 14:12 - 2017-06-03 05:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
                  2017-06-13 14:12 - 2017-06-03 04:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
                  2017-06-13 11:58 - 2017-06-13 11:58 - 00003310 _____ C:\WINDOWS\System32\Tasks\SamsungMagician
                  2017-06-13 11:58 - 2017-06-13 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
                  2017-06-11 18:29 - 2017-06-11 18:29 - 00000000 ____D C:\Users\Motion\Documents\Apowersoft
                  2017-06-11 18:24 - 2017-06-11 20:28 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Apowersoft
                  2017-06-11 18:24 - 2017-06-11 18:29 - 00000000 ____D C:\ProgramData\Apowersoft
                  2017-06-11 14:05 - 2017-06-11 14:05 - 00000222 _____ C:\Users\Motion\Desktop\PLAYERUNKNOWN’S BATTLEGROUNDS.url
                  2017-06-11 13:20 - 2017-06-11 13:20 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
                  2017-06-09 17:48 - 2017-06-07 21:45 - 00512960 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 40201664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 35390584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 35281344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 28624320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 11056272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 11028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 10551256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 09248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 08808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 04115112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 03796928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 03625992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 03256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438253.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 01606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438253.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 01278712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 01275944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 01056888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00994240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00993360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00964216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00775864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00688784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00612088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00584128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
                  2017-06-09 17:46 - 2017-06-07 21:45 - 00045976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
                  2017-06-08 22:09 - 2017-06-08 22:09 - 00000000 ____D C:\Users\Motion\AppData\Local\DBG
                  2017-06-08 14:56 - 2017-06-08 14:56 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
                  2017-06-06 18:29 - 2017-06-14 13:13 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronizatio n-{14BC3DE3-D17C-4A7F-A60A-C358D15834E8}
                  2017-06-06 18:24 - 2017-06-14 15:22 - 00003248 _____ C:\WINDOWS\System32\Tasks\GPU Tweak II
                  2017-06-06 18:24 - 2017-06-06 18:24 - 00003396 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
                  2017-06-06 12:42 - 2017-06-06 12:42 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
                  2017-06-06 12:41 - 2017-06-06 12:41 - 00000000 ____D C:\WINDOWS\PCHEALTH
                  2017-06-06 12:41 - 2017-06-06 12:41 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
                  2017-06-06 12:41 - 2017-06-06 12:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
                  2017-06-05 15:31 - 2017-06-05 15:31 - 00000000 ____D C:\Windows.old
                  2017-06-05 15:30 - 2017-06-05 15:30 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFl owUI.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.Cura tedTileCollections.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
                  2017-06-05 15:30 - 2017-06-05 15:30 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store .dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker. dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dl l
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dl l
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dl l
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManage r.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
                  2017-06-05 15:30 - 2017-06-05 15:30 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
                  2017-06-05 15:28 - 2017-06-05 11:34 - 00000000 ____D C:\WINDOWS\ServiceProfiles
                  2017-06-05 15:27 - 2017-06-05 15:27 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
                  2017-06-05 15:26 - 2017-06-05 15:26 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
                  2017-06-05 15:26 - 2017-06-05 15:26 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
                  2017-06-05 15:26 - 2017-06-05 15:26 - 00000000 ____D C:\WINDOWS\system32\msmq
                  2017-06-05 15:26 - 2017-06-05 15:26 - 00000000 ____D C:\WINDOWS\system32\BestPractices
                  2017-06-05 15:26 - 2017-06-05 15:26 - 00000000 ____D C:\Program Files\Reference Assemblies
                  2017-06-05 15:26 - 2017-06-05 15:26 - 00000000 ____D C:\Program Files\MSBuild
                  2017-06-05 15:26 - 2017-06-05 15:26 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
                  2017-06-05 15:26 - 2017-06-05 15:26 - 00000000 ____D C:\Program Files (x86)\MSBuild
                  2017-06-05 15:26 - 2017-06-05 15:26 - 00000000 ____D C:\inetpub
                  2017-06-05 15:26 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
                  2017-06-05 15:26 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNativ e_v0300.dll
                  2017-06-05 15:26 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
                  2017-06-05 15:26 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
                  2017-06-05 15:26 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNativ e_v0300.dll
                  2017-06-05 15:26 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
                  2017-06-05 11:49 - 2017-06-05 11:49 - 00000000 ____D C:\ProgramData\USOShared
                  2017-06-05 11:47 - 2017-06-05 11:47 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
                  2017-06-05 11:46 - 2017-06-05 11:46 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
                  2017-06-05 11:45 - 2017-06-05 11:45 - 00000020 ___SH C:\Users\Motion\ntuser.ini
                  2017-06-05 11:44 - 2017-06-14 15:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
                  2017-06-05 11:44 - 2017-06-05 11:44 - 00000000 _SHDL C:\Users\Default\My Documents
                  2017-06-05 11:42 - 2017-06-14 15:50 - 00016821 _____ C:\WINDOWS\diagwrn.xml
                  2017-06-05 11:42 - 2017-06-14 15:50 - 00013338 _____ C:\WINDOWS\diagerr.xml
                  2017-06-05 11:39 - 2017-06-14 15:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
                  2017-06-05 11:38 - 2017-06-05 11:38 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
                  2017-06-05 11:36 - 2017-06-05 11:38 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
                  2017-06-05 11:36 - 2017-06-05 11:36 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
                  2017-06-05 11:36 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
                  2017-06-05 11:35 - 2017-06-14 15:25 - 01362280 _____ C:\WINDOWS\system32\PerfStringBackup.INI
                  2017-06-05 11:35 - 2017-06-14 15:07 - 00000000 ____D C:\Users\Motion
                  2017-06-05 11:35 - 2017-06-08 14:56 - 00000000 ____D C:\Users\DefaultAppPool
                  2017-06-05 11:35 - 2017-06-05 11:35 - 00975864 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
                  2017-06-05 11:35 - 2017-06-05 11:35 - 00000000 _SHDL C:\Users\Motion\My Documents
                  2017-06-05 11:35 - 2017-06-05 11:35 - 00000000 _SHDL C:\Users\Motion\Documents\My Videos
                  2017-06-05 11:35 - 2017-06-05 11:35 - 00000000 _SHDL C:\Users\Motion\Documents\My Pictures
                  2017-06-05 11:35 - 2017-06-05 11:35 - 00000000 _SHDL C:\Users\Motion\Documents\My Music
                  2017-06-05 11:35 - 2017-06-05 11:35 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
                  2017-06-05 11:35 - 2017-06-05 11:35 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
                  2017-06-05 11:35 - 2017-06-05 11:35 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
                  2017-06-05 11:35 - 2017-06-05 11:35 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
                  2017-06-05 11:34 - 2017-06-14 17:02 - 00000000 ____D C:\ProgramData\NVIDIA
                  2017-06-05 11:34 - 2017-06-14 15:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
                  2017-06-05 11:34 - 2017-06-13 21:25 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
                  2017-06-05 11:34 - 2017-06-13 19:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
                  2017-06-05 11:34 - 2017-06-13 14:30 - 00258736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
                  2017-06-05 11:34 - 2017-06-07 20:01 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
                  2017-06-05 11:34 - 2017-06-07 19:55 - 06467008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
                  2017-06-05 11:34 - 2017-06-07 19:55 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
                  2017-06-05 11:34 - 2017-06-07 19:55 - 01762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
                  2017-06-05 11:34 - 2017-06-07 19:55 - 00549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
                  2017-06-05 11:34 - 2017-06-07 19:55 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
                  2017-06-05 11:34 - 2017-06-07 19:55 - 00082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
                  2017-06-05 11:34 - 2017-06-07 19:55 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
                  2017-06-05 11:34 - 2017-06-07 08:42 - 08075477 _____ C:\WINDOWS\system32\nvcoproc.bin
                  2017-06-05 11:34 - 2017-06-05 11:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
                  2017-06-05 11:34 - 2017-06-05 11:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_ 00.Wdf
                  2017-06-05 11:34 - 2017-06-05 11:34 - 00000000 ____H C:\ProgramData\DP45977C.lfl
                  2017-06-05 11:34 - 2017-06-05 11:34 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
                  2017-06-05 11:34 - 2017-06-05 11:34 - 00000000 ____D C:\WINDOWS\system32\DAX2
                  2017-06-05 11:34 - 2017-06-05 11:34 - 00000000 ____D C:\Program Files\Realtek
                  2017-06-04 16:38 - 2017-06-14 15:50 - 00000000 ___DC C:\WINDOWS\Panther
                  2017-05-29 23:24 - 2017-05-29 23:24 - 00000000 ____D C:\Users\Motion\AppData\Local\Thalonet,_Inc._dba_H aste
                  2017-05-29 23:24 - 2017-05-29 23:24 - 00000000 ____D C:\Users\Motion\AppData\Local\Haste
                  2017-05-29 23:24 - 2017-05-29 23:24 - 00000000 ____D C:\Program Files\Haste
                  2017-05-29 23:24 - 2017-05-29 23:24 - 00000000 _____ C:\WINDOWS\system32\cd
                  2017-05-27 18:44 - 2017-05-27 18:44 - 00000221 _____ C:\Users\Motion\Desktop\Audiosurf.url
                  2017-05-22 16:50 - 2017-06-07 21:45 - 01615448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
                  2017-05-22 16:50 - 2017-06-07 21:45 - 00218712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
                  2017-05-22 16:50 - 2017-06-07 21:45 - 00045163 _____ C:\WINDOWS\system32\nvinfo.pb
                  2017-05-22 16:50 - 2017-05-18 03:35 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438233.dll
                  2017-05-22 16:50 - 2017-05-18 03:35 - 01606592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438233.dll
                  2017-05-22 16:50 - 2017-05-18 03:35 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
                  2017-05-22 16:50 - 2017-05-18 03:35 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
                  2017-05-22 16:50 - 2017-05-18 03:35 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
                  2017-05-22 16:35 - 2017-05-03 16:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
                  2017-05-22 16:35 - 2017-05-03 16:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
                  2017-05-22 16:35 - 2017-05-03 16:21 - 00048248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
                  2017-05-20 19:20 - 2017-05-20 19:20 - 00102608 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SY1
                  2017-05-20 12:47 - 2017-06-09 12:46 - 00000000 ____D C:\Users\Motion\AppData\LocalLow\uTorrent

                  ==================== One Month Modified files and folders ========

                  (If an entry is included in the fixlist, the file/folder will be moved.)

                  2017-06-14 17:02 - 2017-04-14 15:03 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Spotify
                  2017-06-14 17:00 - 2016-03-28 19:21 - 00000000 ____D C:\Users\Motion\AppData\Local\NPE
                  2017-06-14 15:57 - 2017-05-06 14:06 - 00000000 ____D C:\Users\Motion\Desktop\OpenHardwareMonitor
                  2017-06-14 15:05 - 2013-12-16 19:30 - 00000000 ____D C:\Users\Motion\AppData\Local\Battle.net
                  2017-06-14 13:31 - 2013-12-16 19:31 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
                  2017-06-14 13:18 - 2013-12-16 19:30 - 00000000 ____D C:\Program Files (x86)\Battle.net
                  2017-06-14 01:39 - 2017-03-18 07:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
                  2017-06-14 01:39 - 2013-12-16 19:38 - 00000000 ____D C:\Program Files (x86)\Steam
                  2017-06-13 22:47 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
                  2017-06-13 22:47 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
                  2017-06-13 21:37 - 2013-12-19 14:34 - 00000000 ____D C:\Users\Motion\AppData\Local\CrashDumps
                  2017-06-13 21:27 - 2017-05-12 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
                  2017-06-13 21:27 - 2017-05-10 14:11 - 00000000 ____D C:\Program Files (x86)\VulkanRT
                  2017-06-13 21:27 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
                  2017-06-13 14:37 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
                  2017-06-13 14:32 - 2015-07-30 01:21 - 00000000 __RHD C:\Users\Public\AccountPictures
                  2017-06-13 14:29 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
                  2017-06-13 14:29 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
                  2017-06-13 14:17 - 2013-12-19 04:35 - 00000000 ____D C:\WINDOWS\system32\MRT
                  2017-06-13 14:15 - 2013-12-19 04:35 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
                  2017-06-13 14:14 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
                  2017-06-13 12:09 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
                  2017-06-13 12:02 - 2013-12-16 18:00 - 00000000 ____D C:\Program Files (x86)\Samsung Magician
                  2017-06-13 11:58 - 2013-12-16 17:54 - 00000000 ____D C:\ProgramData\Samsung
                  2017-06-12 22:29 - 2015-09-26 02:02 - 00000000 ____D C:\Users\Motion\AppData\Roaming\discord
                  2017-06-12 20:19 - 2016-11-21 21:18 - 00000000 ____D C:\Users\Motion\AppData\Roaming\steelseries-engine-3-client
                  2017-06-12 19:37 - 2017-03-18 07:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
                  2017-06-12 03:03 - 2015-07-19 04:36 - 00000000 ___RD C:\Users\Motion\Google Drive
                  2017-06-11 21:16 - 2013-12-16 20:37 - 00000000 ____D C:\Users\Motion\AppData\Roaming\vlc
                  2017-06-11 21:12 - 2016-09-16 03:32 - 00000000 ____D C:\Users\Motion\Desktop\ViperRipper
                  2017-06-11 14:05 - 2015-10-05 15:56 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Steam
                  2017-06-09 19:05 - 2014-01-03 17:56 - 00000000 ____D C:\Users\Motion\AppData\Roaming\TS3Client
                  2017-06-09 17:50 - 2016-04-15 14:59 - 00000000 ____D C:\Program Files (x86)\Overwatch
                  2017-06-09 04:11 - 2013-12-22 17:55 - 00000000 ____D C:\Users\Motion\AppData\Roaming\TeamViewer
                  2017-06-08 13:36 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
                  2017-06-07 21:45 - 2017-05-12 16:04 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
                  2017-06-07 21:45 - 2017-03-18 22:31 - 00418752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
                  2017-06-07 21:21 - 2017-04-14 16:47 - 00000000 ____D C:\Users\Motion\AppData\Roaming\obs-studio
                  2017-06-06 18:49 - 2015-07-18 15:38 - 00000000 ____D C:\Program Files\Common Files\AV
                  2017-06-06 18:24 - 2017-03-15 02:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
                  2017-06-06 18:24 - 2017-03-15 02:41 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
                  2017-06-06 11:04 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
                  2017-06-05 15:33 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
                  2017-06-05 15:31 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
                  2017-06-05 15:31 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
                  2017-06-05 15:31 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
                  2017-06-05 15:31 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
                  2017-06-05 15:31 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
                  2017-06-05 15:31 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
                  2017-06-05 15:31 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
                  2017-06-05 15:31 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Provisioning
                  2017-06-05 15:31 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
                  2017-06-05 15:31 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
                  2017-06-05 15:31 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Dism
                  2017-06-05 15:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
                  2017-06-05 15:26 - 2017-03-18 16:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
                  2017-06-05 15:26 - 2017-03-18 16:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
                  2017-06-05 15:26 - 2017-03-18 16:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
                  2017-06-05 12:01 - 2015-07-30 01:21 - 00000000 ____D C:\Users\Motion\AppData\Local\Packages
                  2017-06-05 11:50 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
                  2017-06-05 11:49 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
                  2017-06-05 11:47 - 2015-07-30 01:23 - 00002401 _____ C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\OneDrive.lnk
                  2017-06-05 11:47 - 2015-07-30 01:23 - 00000000 ___RD C:\Users\Motion\OneDrive
                  2017-06-05 11:45 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
                  2017-06-05 11:45 - 2016-08-03 15:59 - 00000000 ____D C:\Users\Motion\AppData\Local\ConnectedDevicesPlat form
                  2017-06-05 11:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
                  2017-06-05 11:42 - 2017-04-06 18:34 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\OldSchool RuneScape
                  2017-06-05 11:42 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
                  2017-06-05 11:41 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
                  2017-06-05 11:41 - 2017-03-18 17:03 - 00000000 __RSD C:\WINDOWS\Media
                  2017-06-05 11:41 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
                  2017-06-05 11:41 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
                  2017-06-05 11:41 - 2015-07-30 01:20 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
                  2017-06-05 11:41 - 2013-12-16 17:51 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
                  2017-06-05 11:41 - 2013-12-16 17:51 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
                  2017-06-05 11:39 - 2017-03-18 17:03 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
                  2017-06-05 11:38 - 2017-05-12 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
                  2017-06-05 11:38 - 2017-05-03 13:43 - 00000000 ____D C:\WINDOWS\system32\UNP
                  2017-06-05 11:38 - 2017-04-14 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
                  2017-06-05 11:38 - 2017-04-06 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
                  2017-06-05 11:38 - 2017-03-23 02:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
                  2017-06-05 11:38 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
                  2017-06-05 11:38 - 2016-12-30 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
                  2017-06-05 11:38 - 2016-10-06 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
                  2017-06-05 11:38 - 2016-04-15 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
                  2017-06-05 11:38 - 2015-10-31 00:16 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Ixale
                  2017-06-05 11:38 - 2015-09-25 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoldWave
                  2017-06-05 11:38 - 2015-08-14 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Cutter
                  2017-06-05 11:38 - 2015-07-19 04:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
                  2017-06-05 11:38 - 2015-04-30 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
                  2017-06-05 11:38 - 2014-12-23 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
                  2017-06-05 11:38 - 2014-12-12 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
                  2017-06-05 11:38 - 2014-11-16 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
                  2017-06-05 11:38 - 2014-08-12 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
                  2017-06-05 11:38 - 2014-02-17 12:48 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Parsec
                  2017-06-05 11:38 - 2014-01-20 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoreCraft
                  2017-06-05 11:38 - 2014-01-03 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
                  2017-06-05 11:38 - 2013-12-24 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
                  2017-06-05 11:38 - 2013-12-24 02:46 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\WhoreCraft
                  2017-06-05 11:38 - 2013-12-18 00:44 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\WinRAR
                  2017-06-05 11:38 - 2013-12-18 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
                  2017-06-05 11:38 - 2013-12-16 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
                  2017-06-05 11:38 - 2013-12-16 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
                  2017-06-05 11:38 - 2013-12-16 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
                  2017-06-05 11:38 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
                  2017-06-05 11:37 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
                  2017-06-05 11:36 - 2017-05-05 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beats by Dr. Dre
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\IME
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\System
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\schemas
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Resources
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
                  2017-06-05 11:36 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
                  2017-06-05 11:36 - 2016-11-21 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
                  2017-06-05 11:36 - 2016-06-04 23:07 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\WonderFox Soft
                  2017-06-05 11:36 - 2016-04-24 03:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
                  2017-06-05 11:36 - 2015-09-30 03:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
                  2017-06-05 11:36 - 2015-09-26 02:02 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Hammer & Chisel, Inc
                  2017-06-05 11:36 - 2015-09-23 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
                  2017-06-05 11:36 - 2014-07-29 05:26 - 00000000 ____D C:\WINDOWS\system32\appmgmt
                  2017-06-05 11:36 - 2013-12-25 10:00 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\SteelSeries
                  2017-06-05 11:36 - 2013-12-17 16:32 - 00000000 ____D C:\WINDOWS\system32\SPReview
                  2017-06-05 11:36 - 2013-12-17 16:32 - 00000000 ____D C:\WINDOWS\system32\EventProviders
                  2017-06-05 11:36 - 2013-12-17 00:14 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\ESEA
                  2017-06-05 11:36 - 2013-12-17 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESEA
                  2017-06-05 11:36 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Microsoft Games
                  2017-06-05 11:34 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Help
                  2017-06-05 11:34 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
                  2017-06-05 04:51 - 2017-03-18 23:20 - 00000000 ___HD C:$WINDOWS.~BT
                  2017-06-03 02:32 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
                  2017-06-03 02:32 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
                  2017-06-03 00:31 - 2013-12-16 20:37 - 00001135 _____ C:\Users\Public\Desktop\VLC media player.lnk
                  2017-06-02 01:36 - 2013-12-16 20:04 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Mumble
                  2017-05-29 23:24 - 2014-04-25 01:32 - 00000000 ____D C:\Users\Motion\AppData\Local\Downloaded Installations
                  2017-05-25 14:06 - 2016-11-21 20:18 - 00000290 _____ C:\Users\Motion\Desktop\Overwatch smurf CDkey.txt
                  2017-05-22 16:35 - 2017-05-12 16:06 - 00001481 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
                  2017-05-22 16:35 - 2017-05-12 15:46 - 00000000 ____D C:\Users\Motion\AppData\Local\NVIDIA Corporation
                  2017-05-21 15:57 - 2014-01-03 17:52 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
                  2017-05-20 19:20 - 2017-03-15 02:41 - 00008339 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
                  2017-05-20 00:59 - 2017-05-12 16:08 - 00000000 ____D C:\Users\Motion\AppData\Roaming\NVIDIA
                  2017-05-17 16:12 - 2013-12-16 19:30 - 00000000 ____D C:\Users\Motion\AppData\Roaming\Battle.net

                  ==================== Files in the root of some directories =======

                  2014-01-26 01:30 - 2014-01-26 03:05 - 0036864 _____ () C:\Users\Motion\AppData\Roaming\RZR_0020302140998b b89f44a8ccec1d.db
                  2016-09-12 23:59 - 2016-09-13 00:12 - 0004012 _____ () C:\Users\Motion\AppData\Roaming\VoiceMeeterDefault .xml
                  2015-06-01 03:52 - 2015-06-01 03:52 - 0007605 _____ () C:\Users\Motion\AppData\Local\Resmon.ResmonCfg
                  2017-06-05 11:34 - 2017-06-05 11:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
                  [HEADING=1]Some files in TEMP:[/HEADING]
                  2017-05-22 16:52 - 2017-05-18 01:21 - 0754864 _____ (NVIDIA Corporation) C:\Users\Motion\AppData\Local\Temp\nvSCPAPI.dll
                  2017-05-22 16:52 - 2017-05-18 01:21 - 0869200 _____ (NVIDIA Corporation) C:\Users\Motion\AppData\Local\Temp\nvSCPAPI64.dll
                  2017-06-09 17:47 - 2017-05-18 01:21 - 0367552 _____ (NVIDIA Corporation) C:\Users\Motion\AppData\Local\Temp\nvStInst.exe
                  2017-05-19 15:42 - 2017-05-19 15:42 - 14608752 _____ (Samsung Electronics ) C:\Users\Motion\AppData\Local\Temp\Samsung_Magicia n_Installer.exe

                  ==================== Bamital & volsnap ======================

                  (There is no automatic fix for files that do not pass verification.)

                  C:\WINDOWS\system32\winlogon.exe => File is digitally signed
                  C:\WINDOWS\system32\wininit.exe => File is digitally signed
                  C:\WINDOWS\explorer.exe => File is digitally signed
                  C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
                  C:\WINDOWS\system32\svchost.exe => File is digitally signed
                  C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
                  C:\WINDOWS\system32\services.exe => File is digitally signed
                  C:\WINDOWS\system32\User32.dll => File is digitally signed
                  C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
                  C:\WINDOWS\system32\userinit.exe => File is digitally signed
                  C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
                  C:\WINDOWS\system32\rpcss.dll => File is digitally signed
                  C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
                  C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
                  C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

                  LastRegBack: 2017-06-05 11:33

                  ==================== End of FRST.txt ============================
                  [HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-06-2017
                  Ran by Motion (14-06-2017 17:09:41)
                  Running from C:\Users\Motion\Downloads
                  Windows 10 Pro Version 1703 (X64) (2017-06-05 15:44:38)
                  Boot Mode: Normal[/HEADING]
                  ==================== Accounts: =============================

                  Administrator (S-1-5-21-1442195442-3689054388-281515-500 - Administrator - Disabled)
                  DefaultAccount (S-1-5-21-1442195442-3689054388-281515-503 - Limited - Disabled)
                  Guest (S-1-5-21-1442195442-3689054388-281515-501 - Limited - Disabled)
                  HomeGroupUser$ (S-1-5-21-1442195442-3689054388-281515-1002 - Limited - Enabled)
                  Motion (S-1-5-21-1442195442-3689054388-281515-1000 - Administrator - Enabled) => C:\Users\Motion

                  ==================== Security Center ========================

                  (If an entry is included in the fixlist, it will be removed.)

                  AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  AV: Norton Security Suite (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
                  AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  AS: Norton Security Suite (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
                  FW: Norton Security Suite (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

                  ==================== Installed Programs ======================

                  (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

                  Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
                  Adobe Flash Player 26 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated)
                  Ansel (Version: 382.53 - NVIDIA Corporation) Hidden
                  Apple Application Support (32-bit) (HKLM-x32...{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
                  Apple Application Support (64-bit) (HKLM...{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
                  Apple Mobile Device Support (HKLM...{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
                  Apple Software Update (HKLM-x32...{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
                  ASUS GPU TweakII (HKLM-x32...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.3.7.0 - ASUSTek COMPUTER INC.)
                  ASUS GPU TweakII (x32 Version: 1.3.7.0 - ASUSTek COMPUTER INC.) Hidden
                  ASUS Product Register Program (HKLM-x32...{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.031 - ASUSTek Computer Inc.)
                  Audiosurf (HKLM...\Steam App 12900) (Version: - Dylan Fitterer)
                  Battle.net (HKLM-x32...\Battle.net) (Version: - Blizzard Entertainment)
                  Beats Updater (HKLM-x32...{321BEA75-4A58-4A42-911F-24933AE3E077}) (Version: 3.1.9.0 - Apple Inc.)
                  BitRaider Streaming Client (HKLM-x32...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
                  Blue Satin Skin (HKLM-x32...{B0C00181-ECF5-4124-A6DE-14EA663D4799}) (Version: 2.2.0 - Screaming Bee)
                  Bonjour (HKLM...{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
                  CCleaner (HKLM...\CCleaner) (Version: 5.28 - Piriform)
                  Counter-Strike: Global Offensive (HKLM-x32...\Steam App 730) (Version: - Valve)
                  CPUID CPU-Z 1.79.1 (HKLM...\CPUID CPU-Z_is1) (Version: - )
                  Debut Video Capture Software (HKLM-x32...\Debut) (Version: 1.88 - NCH Software)
                  Discord (HKU\S-1-5-21-1442195442-3689054388-281515-1000...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
                  FLV Cutter 1.0 (HKLM-x32...\FLV Cutter_is1) (Version: - spgsoft.com)
                  Fraps (remove only) (HKLM-x32...\Fraps) (Version: - )
                  GoldWave v6.15 (HKLM...\GoldWave v6.15) (Version: 6.15 - GoldWave Inc.)
                  Google Chrome (HKLM-x32...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
                  Google Drive (HKLM-x32...{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
                  Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
                  Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
                  H1Z1: King of the Kill (HKLM...\Steam App 433850) (Version: - Daybreak Game Company)
                  HD Video Converter Factory Pro 8.6 (HKLM-x32...\HD Video Converter Factory Pro) (Version: 8.6 - WonderFox Soft, Inc.)
                  Intel® RealSense™ SDK Runtime (HKLM-x32...\ARP_for_prd_rs_sdk_runtime_10.0.26.0396) (Version: 10.0.26.0396 - Intel Corporation)
                  Intel® RealSense™ SDK Runtime Gold (x86): Core (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
                  Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
                  Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
                  iTunes (HKLM...{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
                  Java 7 Update 71 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
                  Java 8 Update 25 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
                  Microsoft ASP.NET MVC 4 Runtime (HKLM-x32...{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
                  Microsoft OneDrive (HKU\S-1-5-21-1442195442-3689054388-281515-1000...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
                  Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
                  Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
                  Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
                  Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
                  Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
                  Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
                  Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
                  Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
                  Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
                  Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
                  Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
                  Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
                  Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
                  Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32...{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
                  Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32...{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
                  Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
                  Microsoft Word 2010 (HKLM-x32...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
                  Mumble 1.2.17 (HKLM-x32...{95A0093C-0C81-4D0B-BCA7-3CE11755A6BD}) (Version: 1.2.17 - Thorvald Natvig)
                  Norton Security Suite (HKLM-x32...\N360) (Version: 22.9.4.8 - Symantec Corporation)
                  NVIDIA 3D Vision Controller Driver 369.04 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
                  NVIDIA 3D Vision Driver 382.53 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.53 - NVIDIA Corporation)
                  NVIDIA GeForce Experience 3.6.0.74 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
                  NVIDIA Graphics Driver 382.53 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.53 - NVIDIA Corporation)
                  NVIDIA HD Audio Driver 1.3.34.27 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
                  NVIDIA PhysX System Software 9.17.0329 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
                  NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
                  NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
                  NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
                  OBS Studio (HKLM-x32...\OBS Studio) (Version: 18.0.1 - OBS Project)
                  OldSchool RuneScape Launcher 1.2.7 (HKLM-x32...{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
                  Overwatch (HKLM-x32...\Overwatch) (Version: - Blizzard Entertainment)
                  Parsec (HKU\S-1-5-21-1442195442-3689054388-281515-1000...\a53dc3b81e52c50e) (Version: 1.0.0.53 - Parsec)
                  PLAYERUNKNOWN’S BATTLEGROUNDS (HKLM...\Steam App 578080) (Version: - Bluehole, Inc.)
                  PS3 Media Server (HKLM-x32...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
                  Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
                  Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
                  Samsung Magician (HKLM-x32...{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
                  Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32...{90140000-001B-0000-0000-0000000FF1CE}Office14.WORD{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
                  SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden
                  SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
                  Skype™ 7.22 (HKLM-x32...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
                  Speccy (HKLM...\Speccy) (Version: 1.30 - Piriform)
                  Spotify (HKU\S-1-5-21-1442195442-3689054388-281515-1000...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
                  Star Wars: The Old Republic (HKLM-x32...{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
                  StarParse (HKU\S-1-5-21-1442195442-3689054388-281515-1000...{fxApplication}}_is1) (Version: 1.0 - Ixale)
                  SteelSeries Engine 3.9.2 (HKLM...\SteelSeries Engine 3) (Version: 3.9.2 - SteelSeries ApS)
                  TeamSpeak 3 Client (HKLM...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
                  TeamViewer 12 (HKLM-x32...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
                  Virtual Audio Cable 4.10 (HKLM...\Virtual Audio Cable 4.10) (Version: - )
                  VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.6 - VideoLAN)
                  Vulkan Run Time Libraries 1.0.42.1 (HKLM...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
                  Warcraft Logs Uploader (HKLM-x32...\com.warcraft.logs) (Version: 4.14 - UNKNOWN)
                  Warcraft Logs Uploader (x32 Version: 4.14 - UNKNOWN) Hidden
                  Windows 10 Update and Privacy Settings (HKLM...{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
                  Windows Driver Package - Apple, Inc. (KernelModeUSB) USBDevice (03/30/2017 11.40.49.146) (HKLM...\183E383A1862B0622EB93E70D34D830E28AFFBAA) (Version: 03/30/2017 11.40.49.146 - Apple, Inc.)
                  WinPcap 4.1.3 (HKLM-x32...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
                  WinRAR 5.01 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
                  World of Warcraft (HKLM-x32...\World of Warcraft) (Version: - Blizzard Entertainment)

                  ==================== Custom CLSID (Whitelisted): ==========================

                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                  HKU\S-1-5-21-1442195442-3689054388-281515-1000...\ChromeHTML: → <==== ATTENTION

                  ==================== Scheduled Tasks (Whitelisted) =============

                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                  Task: {072BDFAF-E5F8-4D4F-9B0D-076F90BB2444} - \ASUS\ASUS Product Register Service → No File <==== ATTENTION
                  Task: {07D824AF-EBA5-46F6-84D4-5DBDCAEDAE2B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\WSCStub.exe [2017-05-26] (Symantec Corporation)
                  Task: {08429F2E-4C7D-43F2-8DD9-598229681D3B} - \Microsoft\Windows\Media Center\PvrScheduleTask → No File <==== ATTENTION
                  Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 → No File <==== ATTENTION
                  Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 → No File <==== ATTENTION
                  Task: {0A381A6A-2C98-4B44-A1E3-C98C55C733C5} - {F390DCB0-A4B5-4D58-BEB0-FCD78DC2EF7D} → No File <==== ATTENTION
                  Task: {0C608C29-961F-4F3F-9B94-A7EC19685F5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d → No File <==== ATTENTION
                  Task: {1179ED30-56C8-48B8-9B77-2A0916F4104B} - \Microsoft\Windows\Media Center\mcupdate → No File <==== ATTENTION
                  Task: {12132F44-FE16-4473-BD76-2889C886F04D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d → No File <==== ATTENTION
                  Task: {17F18DA4-9145-4AD0-84EB-A83826383E4A} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService → No File <==== ATTENTION
                  Task: {18817394-C0FE-41E2-A99F-5AA74CAC10DC} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask → No File <==== ATTENTION
                  Task: {19EFE6D2-E76D-4B84-A9DA-33887E15D16E} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
                  Task: {1B81E26A-ED95-43D0-9A09-F5B8BCD82977} - \OfficeSoftwareProtectionPlatform\SvcRestartTask → No File <==== ATTENTION
                  Task: {1C2783C7-F0BD-4F4D-9F40-8ECC38D5FC36} - \Microsoft\Windows\Media Center\mcupdate_scheduled → No File <==== ATTENTION
                  Task: {1DBF876E-AD40-48FE-9667-CD8FEB6F92CC} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
                  Task: {1F5466D9-2DFE-4841-9B8A-8126CAC93B32} - \Microsoft\Windows\Media Center\PBDADiscovery → No File <==== ATTENTION
                  Task: {23BA308B-A6F7-4950-8AE0-06082CAD336B} - \Microsoft\Windows\Media Center\UpdateRecordPath → No File <==== ATTENTION
                  Task: {25AB2E25-1DDD-4F30-ACD2-A12A986457D4} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate → No File <==== ATTENTION
                  Task: {2A0EDCC3-4419-402E-9CD6-B9F4164B7926} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 → No File <==== ATTENTION
                  Task: {323D8B00-0D7B-4271-A17C-F0364220CC02} - \Norton Security Suite\Norton Error Analyzer → No File <==== ATTENTION
                  Task: {336C6AB1-88A9-4FF2-B095-15EDBFDFE1DB} - \Microsoft\Windows\Media Center\ActivateWindowsSearch → No File <==== ATTENTION
                  Task: {3D94AAAC-F1DA-44A1-A007-A51980E10CA0} - \Microsoft\Windows\ErrorDetails\EnableErrorDetails Update → No File <==== ATTENTION
                  Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific → No File <==== ATTENTION
                  Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMi gration → No File <==== ATTENTION
                  Task: {48E567D4-E9ED-4789-9EC1-80848BFC5A0F} - \Apple\AppleSoftwareUpdate → No File <==== ATTENTION
                  Task: {4904050F-939C-4327-952C-F2B252AC9C33} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent → No File <==== ATTENTION
                  Task: {490A4C7C-C50F-40F4-8F54-2BB79897142D} - \Microsoft\Windows\Media Center\InstallPlayReady → No File <==== ATTENTION
                  Task: {4A053736-D52E-46FB-AC33-D5900E16ECE7} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask → No File <==== ATTENTION
                  Task: {4E0476A8-D3AC-46CB-A57F-07EFF987FADB} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks → No File <==== ATTENTION
                  Task: {50A08BCA-F67A-475E-BF58-E073F060839F} - \Microsoft\Windows\Media Center\PvrRecoveryTask → No File <==== ATTENTION
                  Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - \Microsoft\Windows\DeviceDirectoryClient\RegisterD eviceScreenOnOff → No File <==== ATTENTION
                  Task: {5233F96F-F36F-4D06-90C7-9C051913656D} - \WPD\SqmUpload_S-1-5-21-1442195442-3689054388-281515-1000 → No File <==== ATTENTION
                  Task: {528F6781-A23B-4F3B-B61E-2B7666314E37} - \Microsoft\Windows\SideShow\SystemDataProviders → No File <==== ATTENTION
                  Task: {5AA011EA-2456-499C-AFF5-5809A8364004} - \Microsoft\Windows\Media Center\RegisterSearch → No File <==== ATTENTION
                  Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls → No File <==== ATTENTION
                  Task: {5E721D19-BC16-4B70-B9EB-EC5DC8D464D3} - \Norton Security Suite\Norton Error Processor → No File <==== ATTENTION
                  Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install → No File <==== ATTENTION
                  Task: {61E554C9-AB30-4BC5-BB6D-83D31FEA3FED} - \NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                  Task: {6A6B9D47-1652-4628-BD49-C98876C26561} - \Microsoft\Windows\Media Center\StartRecording → No File <==== ATTENTION
                  Task: {6A8F16CC-23F9-4949-B411-BEBB504C176A} - \GoogleUpdateTaskMachineCore → No File <==== ATTENTION
                  Task: {6BFD247C-FC07-48D1-8583-4A24E4999252} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d → No File <==== ATTENTION
                  Task: {6F3F97AD-E4F3-40E2-A9C8-61D7270E4BF0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)
                  Task: {734DDA58-0005-42F4-A1F3-4E8D5B6DE09A} - \Microsoft\Windows\MobilePC\HotStart → No File <==== ATTENTION
                  Task: {7502C703-6198-4C20-969E-F883DA9E3462} - \NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                  Task: {775FF797-5F82-462D-946A-74B09848DAE8} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                  Task: {7998AE30-CFF0-47DB-A34D-AD0EB0AD7789} - \Microsoft\Windows\Media Center\ehDRMInit → No File <==== ATTENTION
                  Task: {799DF890-412D-4092-8FEB-98283E56C85A} - \NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                  Task: {7E95BED2-0EB0-48C1-8309-88C7766F5AD6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent → No File <==== ATTENTION
                  Task: {7FCA810C-B51F-4B7F-8F8A-31A5F543C102} - \Microsoft\Windows\Media Center\OCURDiscovery → No File <==== ATTENTION
                  Task: {81DAEAB6-6529-4C32-B611-1EF7F7548E13} - \NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                  Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker _ReadyToReboot → No File <==== ATTENTION
                  Task: {884A8E87-C6A7-44A3-B98C-E4E224C03011} - System32\Tasks\Remediation\AntimalwareMigrationTas k => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2017-05-26] (Symantec Corporation)
                  Task: {8913E5DD-CF9E-4E06-8217-F20B7FDE1FF0} - \Microsoft\Windows\Media Center\OCURActivate → No File <==== ATTENTION
                  Task: {8B025B54-5496-40E4-8D6A-B1067EE5A7D1} - \CCleanerSkipUAC → No File <==== ATTENTION
                  Task: {8B2D34F0-1750-47E0-A7BA-C84BE5B29723} - \Adobe Flash Player Updater → No File <==== ATTENTION
                  Task: {93AC721B-C482-48CF-81FC-AF25BE551556} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B → No File <==== ATTENTION
                  Task: {94C19A6A-E501-4E37-90DD-AE3A34A84008} - \Microsoft\XblGameSave\XblGameSaveTaskLogon → No File <==== ATTENTION
                  Task: {9B6C36CA-EB3F-49B6-AF55-FC0C2F7D5B00} - System32\Tasks\Norton 360\Norton Security Suite Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
                  Task: {9E7ADBB1-E801-4B12-B304-D3885A47F687} - \NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                  Task: {A364E297-00AD-490D-900E-22AC34598C71} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install → No File <==== ATTENTION
                  Task: {A3828C25-B37D-474D-BFE4-6A09E52D680E} - \GoogleUpdateTaskMachineUA → No File <==== ATTENTION
                  Task: {A6268224-6D82-4582-95FD-44A57B809970} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 → No File <==== ATTENTION
                  Task: {A62CC689-308F-407C-AED4-0ED1B52F3459} - \Microsoft\Windows\SideShow\AutoWake → No File <==== ATTENTION
                  Task: {B022DDCD-37DB-4653-8788-2A0F1B682E17} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd → No File <==== ATTENTION
                  Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurve yor → No File <==== ATTENTION
                  Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - \Microsoft\Windows\DeviceDirectoryClient\RegisterD evicePeriodic6 → No File <==== ATTENTION
                  Task: {B3936E47-5E06-491A-A987-7C6C265403D6} - \Microsoft\Windows\UpdateOrchestrator\MusUx_Update Interval → No File <==== ATTENTION
                  Task: {BFDA0A39-0BA5-4424-A52A-F304C64D297B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess → No File <==== ATTENTION
                  Task: {C4161F9F-C3F4-49BF-990A-5A6F9D70C2A3} - \Microsoft\Windows\RemovalTools\MRT_HB → No File <==== ATTENTION
                  Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterD evicePeriodic1 → No File <==== ATTENTION
                  Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup → No File <==== ATTENTION
                  Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - \Microsoft\Windows\DeviceDirectoryClient\RegisterD eviceConnectedToNetwork → No File <==== ATTENTION
                  Task: {D323D1CB-5535-4FC4-9BAA-0DC06D66C7B9} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask → No File <==== ATTENTION
                  Task: {D67F303B-0B6D-4A7D-B251-D40DF1971360} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                  Task: {D7DFFA31-FC51-4CE0-9F34-CB02C81A4E84} - \Microsoft\Windows\Media Center\RecordingRestart → No File <==== ATTENTION
                  Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHand ler → No File <==== ATTENTION
                  Task: {E6600707-C14B-4E9B-A0BC-63281D225B5F} - \Microsoft\Windows\SideShow\GadgetManager → No File <==== ATTENTION
                  Task: {E7C11A0B-8A42-48DE-A741-FD40502C9068} - \Microsoft\Windows\UNP\RunCampaignManager → No File <==== ATTENTION
                  Task: {E8A1718D-6448-4414-97F8-0CC236CBDE86} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig → No File <==== ATTENTION
                  Task: {E94BB589-63B9-4442-8591-ECEE37FFB809} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                  Task: {E9CC1CB3-E17F-46C4-9E5B-B34E364BDE5F} - \Microsoft\Windows\Media Center\ReindexSearchRoot → No File <==== ATTENTION
                  Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker _Display → No File <==== ATTENTION
                  Task: {EF6E6ABB-419F-40F8-8078-41973FE962CD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d → No File <==== ATTENTION
                  Task: {F1A34B79-7056-457A-9E3B-69374ED42DB9} - \Microsoft\Windows\SideShow\SessionAgent → No File <==== ATTENTION
                  Task: {F4556879-705F-47BD-B2F5-615802BD197F} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [2016-09-01] (TODO: )
                  Task: {F66B98E1-4E4A-4334-AF59-D76A14BBB656} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d → No File <==== ATTENTION
                  Task: {F93A29D0-09F9-40BD-B783-98C799EA7DBB} - \Microsoft\Windows\Media Center\PeriodicScanRetry → No File <==== ATTENTION

                  (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

                  ==================== Shortcuts & WMI ========================

                  (The entries could be listed to be restored or removed.)

                  ==================== Loaded Modules (Whitelisted) ==============

                  2016-11-17 02:28 - 2016-11-17 02:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
                  2016-11-17 02:28 - 2016-11-17 02:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
                  2014-09-05 04:13 - 2015-09-24 05:56 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
                  2017-05-12 16:05 - 2017-05-03 16:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
                  2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
                  2017-03-18 16:59 - 2017-03-18 22:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
                  2017-05-11 12:45 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libg lesv2.dll
                  2017-05-11 12:45 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libe gl.dll
                  2017-05-12 16:05 - 2017-05-03 16:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
                  2017-05-12 16:05 - 2017-05-03 16:20 - 65709176 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll

                  ==================== Alternate Data Streams (Whitelisted) =========

                  (If an entry is included in the fixlist, only the ADS will be removed.)

                  AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B [964]

                  ==================== Safe Mode (Whitelisted) ===================

                  (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

                  ==================== Association (Whitelisted) ===============

                  (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

                  ==================== Internet Explorer trusted/restricted ===============

                  (If an entry is included in the fixlist, it will be removed from the registry.)

                  ==================== Hosts content: ===============================

                  (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

                  2009-07-13 22:34 - 2015-10-11 23:37 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

                  ==================== Other Areas ============================

                  (Currently there is no automatic fix for this section.)

                  HKU\S-1-5-21-1442195442-3689054388-281515-1000\Control Panel\Desktop\Wallpaper → C:\Users\Motion\Pictures\avatar-2009.jpg
                  DNS Servers: 8.8.8.8 - 8.8.4.4
                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
                  Windows Firewall is enabled.

                  ==================== MSCONFIG/TASK MANAGER disabled items ==

                  HKLM...\StartupApproved\Run: => “iTunesHelper”
                  HKLM...\StartupApproved\Run32: => “iTunesHelper”
                  HKLM...\StartupApproved\Run32: => “Wondershare Helper Compact.exe”
                  HKU\S-1-5-21-1442195442-3689054388-281515-1000...\StartupApproved\Run: => “OneDrive”

                  ==================== FirewallRules (Whitelisted) ===============

                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                  FirewallRules: [{440B806B-1311-4C20-9164-87E8A796921D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\Ques tViewer.exe
                  FirewallRules: [{3E790E2C-C675-4D59-8B96-75D5D868ED57}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\Ques tViewer.exe
                  FirewallRules: [{055CDAAE-D29E-47F8-9BFD-E98B4AAA33EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
                  FirewallRules: [{7468F1B6-0296-49E8-8991-869F74BEBBA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
                  FirewallRules: [{2086DE96-EB9B-42A1-925F-8A45C077BF9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
                  FirewallRules: [{312E05E3-4F23-43E1-8F50-913BCC9AEFFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
                  FirewallRules: [{FC11106D-FCCF-4AF1-B957-4A254FFA209B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
                  FirewallRules: [{A64FAA69-946C-4835-8F73-3F774B0A35F5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  FirewallRules: [{64466A77-1E5A-4DE2-928B-880F5DE4E2FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
                  FirewallRules: [{2082E10D-9AA1-4663-8402-B8602E4CFFAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
                  FirewallRules: [{44894860-84E8-4E6B-B1EB-EFE013376CA4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
                  FirewallRules: [{0EBFE818-B6E7-4F86-A845-F02DBD8505C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
                  FirewallRules: [{256FC810-343E-4370-BC5E-01AAECF6BE09}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
                  FirewallRules: [{F5D0ADFB-E850-4552-A5D8-F3A467FED992}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
                  FirewallRules: [{FF8C74B2-5B99-4535-8173-56637B77C124}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
                  FirewallRules: [{F7FF5990-7329-4FD4-8610-3C64F79A7967}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
                  FirewallRules: [{E53AD3AA-D89B-49A6-B138-4266FB43E951}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
                  FirewallRules: [{567C0522-9DF3-4BB1-BAD0-EAA0E9ED51E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
                  FirewallRules: [{8493B0AA-4AE5-4186-BBE4-B801DF955A4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
                  FirewallRules: [{B466C5F1-ED7F-4AF5-A91B-03D5E6802FEC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
                  FirewallRules: [{7337CAC3-90AB-4133-8A58-2EE5E586101D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\H1Z1 King of the Kill\LaunchPad.exe
                  FirewallRules: [{A43909B4-1479-41CA-978C-52DEEE2BD78D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\H1Z1 King of the Kill\LaunchPad.exe
                  FirewallRules: [{709C1687-6B5C-4D54-80AB-84FA1B1EAE0C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries \Win32\RocketLeague.exe
                  FirewallRules: [{4F4E4FDD-DE2F-4459-8D38-2D10E99CDAD0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries \Win32\RocketLeague.exe
                  FirewallRules: [{F292DFAD-7837-4D73-9D3C-D13686C15C54}] => (Allow) C:\Program Files\iTunes\iTunes.exe
                  FirewallRules: [{7BFE71AD-6440-4A83-806B-91446D246CAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
                  FirewallRules: [{B8B3E373-E025-44A1-BE4E-3A8056A1D1FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
                  FirewallRules: [{D8AF0063-A3E9-4AA0-8DFE-E23F291D8062}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
                  FirewallRules: [{41ECEB2B-5226-48D6-862F-F2461B001937}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
                  FirewallRules: [{60206C1E-7040-497A-A980-79211C3A878E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
                  FirewallRules: [{B673FE0C-552A-46F5-A992-2C2DFA7E83E3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
                  FirewallRules: [{5862A7D1-561D-4A1F-938B-ED913CE4D9D2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
                  FirewallRules: [{D8BC28F5-BFD2-4F33-9234-BBD26B9F3BBB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
                  FirewallRules: [{54F1A98E-2A85-45B4-8D2B-201E017ACB1A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
                  FirewallRules: [{329DD9F9-15E6-4E02-840D-21EDD4C8492E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
                  FirewallRules: [UDP Query User{B14DFB5B-090E-4D82-A5F0-D0DA3CE2F8E8}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
                  FirewallRules: [TCP Query User{7AAD6409-5328-48B4-817E-8EAA832B8F83}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
                  FirewallRules: [{EB501267-32D4-47DB-8699-ADE820377DE0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
                  FirewallRules: [{C3177010-2D5A-42F3-9D22-EF28911A0A2B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
                  FirewallRules: [{14F6692E-8B58-4AB1-A94A-26125AF3175C}] => (Allow) C:\Users\Motion\AppData\Roaming\uTorrent\uTorrent. exe
                  FirewallRules: [{DDBC9A36-4516-46E1-BD3C-66EEB94CC585}] => (Allow) C:\Users\Motion\AppData\Roaming\uTorrent\uTorrent. exe
                  FirewallRules: [{B72B141E-6241-4F01-8AA3-12D93483475C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
                  FirewallRules: [{83A844E7-1258-4C02-BF62-593F632FC4B6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
                  FirewallRules: [{35DC62FB-B90F-4632-9557-FB5D7BE4B5A0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
                  FirewallRules: [{FFEE0560-3A9C-4D84-9F09-6279B69BB91E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
                  FirewallRules: [{BBEF6479-9D9E-4D00-BE6B-FD27CCBB6FD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
                  FirewallRules: [{AD057AF0-58CD-4BA6-8867-68804132A59E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
                  FirewallRules: [{79E842AD-9E3C-41E5-B20B-7E9AD309C92A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
                  FirewallRules: [{EDC1AEFB-C60F-48C2-AEA0-DE3E2167C4B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
                  FirewallRules: [{74DAACE5-3833-499A-9855-4B1EF40BE407}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
                  FirewallRules: [{2B5A4C81-8A11-4A98-A787-10C492E3C0BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
                  FirewallRules: [{74F22E20-8883-4BBF-9563-12BA3CC88CD0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
                  FirewallRules: [{7C02D978-D7B2-4478-A08C-5B6056A9F64B}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
                  FirewallRules: [{D0A9FC78-4D57-4CB3-8201-9510D33E65CE}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
                  FirewallRules: [{7D41D31C-7458-4136-95F3-F951EB2398B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Ag ent.exe
                  FirewallRules: [{03452DEA-816B-460A-B3C8-00515B09F2B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Ag ent.exe
                  FirewallRules: [{FABFBF89-478E-41CD-9D63-FDF9345BD9C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Ag ent.exe
                  FirewallRules: [{35CFBC02-79A9-4C09-A2FA-609DB91EA172}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Ag ent.exe
                  FirewallRules: [TCP Query User{C696FE80-4149-4DF9-9CFC-12A5D3CEF626}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
                  FirewallRules: [UDP Query User{D5E4E172-DA07-40D9-BFFC-FA4F15057003}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
                  FirewallRules: [{DFB7D873-462D-4025-905C-31E3374D191C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
                  FirewallRules: [{FA3F9B17-D174-4B34-AC65-FF960FC7EC8A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe

                  ==================== Restore Points =========================

                  13-06-2017 11:57:45 RAPID

                  ==================== Faulty Device Manager Devices =============

                  ==================== Event log errors: =========================
                  [HEADING=1]Application errors:[/HEADING]
                  Error: (06/14/2017 04:18:24 PM) (Source: Perflib) (EventID: 1008) (User: )
                  Description: The Open Procedure for service “BITS” in DLL “C:\Windows\System32\bitsperf.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

                  Error: (06/13/2017 09:37:24 PM) (Source: Application Error) (EventID: 1000) (User: )
                  Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1704.25001, time stamp: 0x58ff9585
                  Faulting module name: SharedLibrary.dll, version: 1.4.24201.0, time stamp: 0x574e6cd1
                  Exception code: 0x800700ce
                  Fault offset: 0x000000000041cf48
                  Faulting process id: 0x26dc
                  Faulting application start time: 0x01d2e4aec60e1d4f
                  Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425. 10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
                  Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1 .3_1.3.24201.0_x64__8wekyb3d8bbwe\SharedLibrary.dl l
                  Report Id: 363bf7ef-4c8f-47f8-b35f-07fa5de07827
                  Faulting package full name: Microsoft.Windows.Photos_17.425.10010.0_x64__8weky b3d8bbwe
                  Faulting package-relative application ID: App

                  Error: (06/13/2017 09:37:20 PM) (Source: Application Error) (EventID: 1000) (User: )
                  Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1704.25001, time stamp: 0x58ff9585
                  Faulting module name: SharedLibrary.dll, version: 1.4.24201.0, time stamp: 0x574e6cd1
                  Exception code: 0x800700ce
                  Fault offset: 0x000000000041cf48
                  Faulting process id: 0x107c
                  Faulting application start time: 0x01d2e4aec34f9906
                  Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425. 10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
                  Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1 .3_1.3.24201.0_x64__8wekyb3d8bbwe\SharedLibrary.dl l
                  Report Id: 487a4f0b-eefb-4c85-b608-054b6f9cc8b1
                  Faulting package full name: Microsoft.Windows.Photos_17.425.10010.0_x64__8weky b3d8bbwe
                  Faulting package-relative application ID: App

                  Error: (06/13/2017 09:37:16 PM) (Source: Application Error) (EventID: 1000) (User: )
                  Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1704.25001, time stamp: 0x58ff9585
                  Faulting module name: SharedLibrary.dll, version: 1.4.24201.0, time stamp: 0x574e6cd1
                  Exception code: 0x800700ce
                  Fault offset: 0x000000000041cf48
                  Faulting process id: 0x2488
                  Faulting application start time: 0x01d2e4aec13cf840
                  Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425. 10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
                  Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1 .3_1.3.24201.0_x64__8wekyb3d8bbwe\SharedLibrary.dl l
                  Report Id: 6457162d-6b48-4712-afef-55c086257e42
                  Faulting package full name: Microsoft.Windows.Photos_17.425.10010.0_x64__8weky b3d8bbwe
                  Faulting package-relative application ID: App

                  Error: (06/13/2017 09:37:11 PM) (Source: Application Error) (EventID: 1000) (User: )
                  Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1704.25001, time stamp: 0x58ff9585
                  Faulting module name: SharedLibrary.dll, version: 1.4.24201.0, time stamp: 0x574e6cd1
                  Exception code: 0x800700ce
                  Fault offset: 0x000000000041cf48
                  Faulting process id: 0x26e4
                  Faulting application start time: 0x01d2e4aebe41dcce
                  Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425. 10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
                  Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1 .3_1.3.24201.0_x64__8wekyb3d8bbwe\SharedLibrary.dl l
                  Report Id: 818a8e68-2a7a-43f4-a5a2-6166f54e2977
                  Faulting package full name: Microsoft.Windows.Photos_17.425.10010.0_x64__8weky b3d8bbwe
                  Faulting package-relative application ID: App

                  Error: (06/13/2017 09:37:08 PM) (Source: Application Error) (EventID: 1000) (User: )
                  Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1704.25001, time stamp: 0x58ff9585
                  Faulting module name: SharedLibrary.dll, version: 1.4.24201.0, time stamp: 0x574e6cd1
                  Exception code: 0x800700ce
                  Fault offset: 0x000000000041cf48
                  Faulting process id: 0x2514
                  Faulting application start time: 0x01d2e4aebc4df073
                  Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425. 10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
                  Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1 .3_1.3.24201.0_x64__8wekyb3d8bbwe\SharedLibrary.dl l
                  Report Id: 7c82853d-59d6-46ed-bd2c-d163959c3c9f
                  Faulting package full name: Microsoft.Windows.Photos_17.425.10010.0_x64__8weky b3d8bbwe
                  Faulting package-relative application ID: App

                  Error: (06/13/2017 09:37:04 PM) (Source: Application Error) (EventID: 1000) (User: )
                  Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1704.25001, time stamp: 0x58ff9585
                  Faulting module name: SharedLibrary.dll, version: 1.4.24201.0, time stamp: 0x574e6cd1
                  Exception code: 0x800700ce
                  Fault offset: 0x000000000041cf48
                  Faulting process id: 0x680
                  Faulting application start time: 0x01d2e4aeba1277b8
                  Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425. 10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
                  Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1 .3_1.3.24201.0_x64__8wekyb3d8bbwe\SharedLibrary.dl l
                  Report Id: 6b46decc-b2b7-40fa-894d-545372d8ad00
                  Faulting package full name: Microsoft.Windows.Photos_17.425.10010.0_x64__8weky b3d8bbwe
                  Faulting package-relative application ID: App

                  Error: (06/13/2017 09:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
                  Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1704.25001, time stamp: 0x58ff9585
                  Faulting module name: SharedLibrary.dll, version: 1.4.24201.0, time stamp: 0x574e6cd1
                  Exception code: 0x800700ce
                  Fault offset: 0x000000000041cf48
                  Faulting process id: 0x2c48
                  Faulting application start time: 0x01d2e4aeb798be04
                  Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425. 10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
                  Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1 .3_1.3.24201.0_x64__8wekyb3d8bbwe\SharedLibrary.dl l
                  Report Id: 8a1aceb5-e5b4-49bc-9a84-d061d3ed8fb1
                  Faulting package full name: Microsoft.Windows.Photos_17.425.10010.0_x64__8weky b3d8bbwe
                  Faulting package-relative application ID: App

                  Error: (06/13/2017 09:36:57 PM) (Source: Application Error) (EventID: 1000) (User: )
                  Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1704.25001, time stamp: 0x58ff9585
                  Faulting module name: SharedLibrary.dll, version: 1.4.24201.0, time stamp: 0x574e6cd1
                  Exception code: 0x800700ce
                  Fault offset: 0x000000000041cf48
                  Faulting process id: 0x2be4
                  Faulting application start time: 0x01d2e4aeb53d0fcf
                  Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425. 10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
                  Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1 .3_1.3.24201.0_x64__8wekyb3d8bbwe\SharedLibrary.dl l
                  Report Id: 3bb6fac9-a53a-4ab2-8265-0494a1fe0414
                  Faulting package full name: Microsoft.Windows.Photos_17.425.10010.0_x64__8weky b3d8bbwe
                  Faulting package-relative application ID: App

                  Error: (06/13/2017 09:25:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
                  Description: Local Hostname Motion-PC.local already in use; will try Motion-PC-2.local instead
                  [HEADING=1]System errors:[/HEADING]
                  Error: (06/14/2017 05:01:59 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
                  Description: 5

                  Error: (06/14/2017 04:56:08 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
                  Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WMI Performance Adapter service, but this action failed with the following error:
                  An instance of the service is already running.

                  Error: (06/14/2017 04:54:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
                  Description: The TeamViewer 12 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.

                  Error: (06/14/2017 04:54:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
                  Description: The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

                  Error: (06/14/2017 03:21:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
                  Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
                  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

                  Error: (06/14/2017 03:21:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
                  Description: The CldFlt service failed to start due to the following error:
                  The request is not supported.

                  Error: (06/14/2017 03:21:32 PM) (Source: EventLog) (EventID: 6008) (User: )
                  Description: The previous system shutdown at 3:05:11 PM on ‎6/‎14/‎2017 was unexpected.

                  Error: (06/14/2017 03:07:47 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
                  Description: 5

                  Error: (06/14/2017 02:45:05 PM) (Source: cdrom) (EventID: 7) (User: )
                  Description: The device, \Device\CdRom0, has a bad block.

                  Error: (06/14/2017 01:23:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
                  Description: The Net.Msmq Listener Adapter service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
                  [HEADING=1]CodeIntegrity:[/HEADING]
                  Date: 2017-06-05 11:45:30.818
                  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64 .dll that did not meet the Store signing level requirements.

                  ==================== Memory info ===========================

                  Processor: AMD FX™-8350 Eight-Core Processor
                  Percentage of memory in use: 30%
                  Total physical RAM: 8140 MB
                  Available physical RAM: 5653.92 MB
                  Total Virtual: 16332 MB
                  Available Virtual: 13704.46 MB

                  ==================== Drives ================================

                  Drive c: () (Fixed) (Total:232.35 GB) (Free:58.9 GB) NTFS

                  ==================== MBR & Partition Table ==================

                  ================================================== ======
                  Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: D753C7CB)
                  Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
                  Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
                  Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

                  ==================== End of Addition.txt ============================

                    Comment

                    • Malnutrition
                      PCHF Moderator
                      • Jul 2016
                      • 7041
                      #6
                      Update all old programs with Patch My PC

                      Rogue Killer Scan.

                      Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

                      Link 1
                      Link 2

                      [ul]
                      [li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/...5-54-png.1658/ [/li]
                      [li]After All items are checked then press Remove Selected.[/li]
                      [li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
                      [li]Copy the content of the report and paste it here in your next reply.[/li][/ul]

                      JRT Scan.

                      Please download Junkware Removal Tool and save it on your desktop.

                      [ul]
                      [li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]
                      FRST Fix.

                      Click Here To Download Fixlist.

                      Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

                        Comment

                        • mynd12
                          PCHF Member
                          • Jun 2017
                          • 14
                          #7
                          RogueKiller V12.11.2.0 (x64) [Jun 12 2017] (Free) by Adlice Software
                          mail : Support Form | Contact • Adlice Software
                          Feedback : https://forum.adlice.com
                          Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
                          Blog : http://www.adlice.com

                          Operating System : Windows 10 (10.0.15063) 64 bits version
                          Started in : Normal mode
                          User : Motion [Administrator]
                          Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
                          Mode : Delete – Date : 06/15/2017 12:22:24 (Duration : 00:27:10)

                          ¤¤¤ Processes : 0 ¤¤¤

                          ¤¤¤ Registry : 9 ¤¤¤
                          [PUP.Conduit|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Conduit → Deleted
                          [PUP.Conduit|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Conduit → Deleted
                          [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1442195442-3689054388-281515-1000\Software\1ClickDownload → Deleted
                          [PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1442195442-3689054388-281515-1000\Software\Conduit → Deleted
                          [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1442195442-3689054388-281515-1000\Software\PowerPack → Deleted
                          [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1442195442-3689054388-281515-1000\Software\1ClickDownload → Deleted
                          [PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1442195442-3689054388-281515-1000\Software\Conduit → Deleted
                          [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1442195442-3689054388-281515-1000\Software\PowerPack → Deleted
                          [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} → Deleted

                          ¤¤¤ Tasks : 0 ¤¤¤

                          ¤¤¤ Files : 0 ¤¤¤

                          ¤¤¤ WMI : 0 ¤¤¤

                          ¤¤¤ Hosts File : 0 ¤¤¤

                          ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

                          ¤¤¤ Web browsers : 2 ¤¤¤
                          [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [ http://comcast.net/ ] → Deleted
                          [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [ http://comcast.net/ ] → Deleted

                          ¤¤¤ MBR Check : ¤¤¤
                          +++++ PhysicalDrive0: Samsung SSD 840 EVO 250GB +++++
                          — User —
                          [MBR] ed5002abecbd40aed2df59ea8f472415
                          [BSP] 0214b96577a3369fc2850a72e8b533a3 : Windows Vista/7/8|VT.Unknown MBR Code
                          Partition table:
                          0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
                          1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 237923 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
                          2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 487473152 | Size: 450 MB
                          User = LL1 … OK
                          User = LL2 … OK

                          +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
                          Error reading User MBR! ([15] The device is not ready. )
                          Error reading LL1 MBR! NOT VALID!
                          Error reading LL2 MBR! ([32] The request is not supported. )

                          +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
                          Error reading User MBR! ([15] The device is not ready. )
                          Error reading LL1 MBR! NOT VALID!
                          Error reading LL2 MBR! ([32] The request is not supported. )

                          +++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++
                          Error reading User MBR! ([15] The device is not ready. )
                          Error reading LL1 MBR! NOT VALID!
                          Error reading LL2 MBR! ([32] The request is not supported. )

                          +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
                          Error reading User MBR! ([15] The device is not ready. )
                          Error reading LL1 MBR! NOT VALID!
                          Error reading LL2 MBR! ([32] The request is not supported. )
                          Code:
                          Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64 
Ran by Motion (Administrator) on Thu 06/15/2017 at 13:11:07.10
                          File System: 1

                          Successfully deleted: C:\end (File)

                          Registry: 1

                          Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} (Registry Key)
                          Code:
                          Scan was completed on Thu 06/15/2017 at 13:13:22.69
End of JRT log
                          [HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
                          Ran by Motion (15-06-2017 13:33:11) Run:2
                          Running from C:\Users\Motion\Desktop
                          Loaded Profiles: Motion (Available Profiles: Motion & DefaultAppPool)
                          Boot Mode: Normal[/HEADING]
                          fixlist content:

                          start
                          emptytemp:
                          CloseProcesses:
                          CreateRestorePoint:
                          HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
                          HKLM-x32...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
                          HKU\S-1-5-21-1442195442-3689054388-281515-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
                          SearchScopes: HKU\S-1-5-21-1442195442-3689054388-281515-1000 → {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3321972&octid=EB_ORIGINAL_CTID &SearchSource=58&CUI=&UM=4&UP=SPEC5877B5-1FCA-4417-B44A-201755B656F1&q={searchTerms}&SSPV=
                          BHO-x32: No Name → {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} → No File
                          FF Extension: (Video DownloadHelper) - C:\Users\Motion\AppData\Roaming\Mozilla\Firefox\Pr ofiles\990g0168.default\Extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-03-31]
                          CHR HomePage: Default → hxxp://comcast.net/
                          CHR StartupUrls: Default → “hxxp://comcast.net/”
                          R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-06-07] (NVIDIA Corporation)
                          S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
                          S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
                          S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
                          U3 idsvc; no ImagePath
                          2017-06-14 14:32 - 2017-06-14 14:32 - 01856832 _____ C:\Users\Motion\Downloads\DAZ LOADER WINDOWS 10 www.nvsoftwares.com.rar
                          C:\WINDOWS\System32\Tasks\SamsungMagician
                          C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
                          C:\ProgramData\DP45977C.lfl
                          C:\Users\Motion\AppData\LocalLow\uTorrent
                          2014-01-26 01:30 - 2014-01-26 03:05 - 0036864 _____ () C:\Users\Motion\AppData\Roaming\RZR_0020302140998b b89f44a8ccec1d.db
                          HKU\S-1-5-21-1442195442-3689054388-281515-1000...\ChromeHTML: → <==== ATTENTION
                          Task: {072BDFAF-E5F8-4D4F-9B0D-076F90BB2444} - \ASUS\ASUS Product Register Service → No File <==== ATTENTION
                          Task: {08429F2E-4C7D-43F2-8DD9-598229681D3B} - \Microsoft\Windows\Media Center\PvrScheduleTask → No File <==== ATTENTION
                          Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 → No File <==== ATTENTION
                          Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 → No File <==== ATTENTION
                          Task: {0A381A6A-2C98-4B44-A1E3-C98C55C733C5} - {F390DCB0-A4B5-4D58-BEB0-FCD78DC2EF7D} → No File <==== ATTENTION
                          Task: {0C608C29-961F-4F3F-9B94-A7EC19685F5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d → No File <==== ATTENTION
                          Task: {1179ED30-56C8-48B8-9B77-2A0916F4104B} - \Microsoft\Windows\Media Center\mcupdate → No File <==== ATTENTION
                          Task: {12132F44-FE16-4473-BD76-2889C886F04D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d → No File <==== ATTENTION
                          Task: {17F18DA4-9145-4AD0-84EB-A83826383E4A} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService → No File <==== ATTENTION
                          Task: {18817394-C0FE-41E2-A99F-5AA74CAC10DC} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask → No File <==== ATTENTION
                          Task: {1B81E26A-ED95-43D0-9A09-F5B8BCD82977} - \OfficeSoftwareProtectionPlatform\SvcRestartTask → No File <==== ATTENTION
                          Task: {1C2783C7-F0BD-4F4D-9F40-8ECC38D5FC36} - \Microsoft\Windows\Media Center\mcupdate_scheduled → No File <==== ATTENTION
                          Task: {1F5466D9-2DFE-4841-9B8A-8126CAC93B32} - \Microsoft\Windows\Media Center\PBDADiscovery → No File <==== ATTENTION
                          Task: {23BA308B-A6F7-4950-8AE0-06082CAD336B} - \Microsoft\Windows\Media Center\UpdateRecordPath → No File <==== ATTENTION
                          Task: {25AB2E25-1DDD-4F30-ACD2-A12A986457D4} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate → No File <==== ATTENTION
                          Task: {2A0EDCC3-4419-402E-9CD6-B9F4164B7926} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 → No File <==== ATTENTION
                          Task: {323D8B00-0D7B-4271-A17C-F0364220CC02} - \Norton Security Suite\Norton Error Analyzer → No File <==== ATTENTION
                          Task: {336C6AB1-88A9-4FF2-B095-15EDBFDFE1DB} - \Microsoft\Windows\Media Center\ActivateWindowsSearch → No File <==== ATTENTION
                          Task: {3D94AAAC-F1DA-44A1-A007-A51980E10CA0} - \Microsoft\Windows\ErrorDetails\EnableErrorDetails Update → No File <==== ATTENTION
                          Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific → No File <==== ATTENTION
                          Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMi gration → No File <==== ATTENTION
                          Task: {48E567D4-E9ED-4789-9EC1-80848BFC5A0F} - \Apple\AppleSoftwareUpdate → No File <==== ATTENTION
                          Task: {4904050F-939C-4327-952C-F2B252AC9C33} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent → No File <==== ATTENTION
                          Task: {490A4C7C-C50F-40F4-8F54-2BB79897142D} - \Microsoft\Windows\Media Center\InstallPlayReady → No File <==== ATTENTION
                          Task: {4A053736-D52E-46FB-AC33-D5900E16ECE7} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask → No File <==== ATTENTION
                          Task: {4E0476A8-D3AC-46CB-A57F-07EFF987FADB} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks → No File <==== ATTENTION
                          Task: {50A08BCA-F67A-475E-BF58-E073F060839F} - \Microsoft\Windows\Media Center\PvrRecoveryTask → No File <==== ATTENTION
                          Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - \Microsoft\Windows\DeviceDirectoryClient\RegisterD eviceScreenOnOff → No File <==== ATTENTION
                          Task: {5233F96F-F36F-4D06-90C7-9C051913656D} - \WPD\SqmUpload_S-1-5-21-1442195442-3689054388-281515-1000 → No File <==== ATTENTION
                          Task: {528F6781-A23B-4F3B-B61E-2B7666314E37} - \Microsoft\Windows\SideShow\SystemDataProviders → No File <==== ATTENTION
                          Task: {5AA011EA-2456-499C-AFF5-5809A8364004} - \Microsoft\Windows\Media Center\RegisterSearch → No File <==== ATTENTION
                          Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls → No File <==== ATTENTION
                          Task: {5E721D19-BC16-4B70-B9EB-EC5DC8D464D3} - \Norton Security Suite\Norton Error Processor → No File <==== ATTENTION
                          Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install → No File <==== ATTENTION
                          Task: {61E554C9-AB30-4BC5-BB6D-83D31FEA3FED} - \NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                          Task: {6A6B9D47-1652-4628-BD49-C98876C26561} - \Microsoft\Windows\Media Center\StartRecording → No File <==== ATTENTION
                          Task: {6A8F16CC-23F9-4949-B411-BEBB504C176A} - \GoogleUpdateTaskMachineCore → No File <==== ATTENTION
                          Task: {6BFD247C-FC07-48D1-8583-4A24E4999252} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d → No File <==== ATTENTION
                          Task: {6F3F97AD-E4F3-40E2-A9C8-61D7270E4BF0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)
                          Task: {734DDA58-0005-42F4-A1F3-4E8D5B6DE09A} - \Microsoft\Windows\MobilePC\HotStart → No File <==== ATTENTION
                          Task: {7502C703-6198-4C20-969E-F883DA9E3462} - \NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                          Task: {775FF797-5F82-462D-946A-74B09848DAE8} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                          Task: {7998AE30-CFF0-47DB-A34D-AD0EB0AD7789} - \Microsoft\Windows\Media Center\ehDRMInit → No File <==== ATTENTION
                          Task: {799DF890-412D-4092-8FEB-98283E56C85A} - \NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                          Task: {7E95BED2-0EB0-48C1-8309-88C7766F5AD6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent → No File <==== ATTENTION
                          Task: {7FCA810C-B51F-4B7F-8F8A-31A5F543C102} - \Microsoft\Windows\Media Center\OCURDiscovery → No File <==== ATTENTION
                          Task: {81DAEAB6-6529-4C32-B611-1EF7F7548E13} - \NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                          Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker _ReadyToReboot → No File <==== ATTENTION
                          Task: {8913E5DD-CF9E-4E06-8217-F20B7FDE1FF0} - \Microsoft\Windows\Media Center\OCURActivate → No File <==== ATTENTION
                          Task: {8B025B54-5496-40E4-8D6A-B1067EE5A7D1} - \CCleanerSkipUAC → No File <==== ATTENTION
                          Task: {8B2D34F0-1750-47E0-A7BA-C84BE5B29723} - \Adobe Flash Player Updater → No File <==== ATTENTION
                          Task: {93AC721B-C482-48CF-81FC-AF25BE551556} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B → No File <==== ATTENTION
                          Task: {94C19A6A-E501-4E37-90DD-AE3A34A84008} - \Microsoft\XblGameSave\XblGameSaveTaskLogon → No File <==== ATTENTION
                          Task: {9E7ADBB1-E801-4B12-B304-D3885A47F687} - \NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                          Task: {A364E297-00AD-490D-900E-22AC34598C71} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install → No File <==== ATTENTION
                          Task: {A3828C25-B37D-474D-BFE4-6A09E52D680E} - \GoogleUpdateTaskMachineUA → No File <==== ATTENTION
                          Task: {A6268224-6D82-4582-95FD-44A57B809970} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 → No File <==== ATTENTION
                          Task: {A62CC689-308F-407C-AED4-0ED1B52F3459} - \Microsoft\Windows\SideShow\AutoWake → No File <==== ATTENTION
                          Task: {B022DDCD-37DB-4653-8788-2A0F1B682E17} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd → No File <==== ATTENTION
                          Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurve yor → No File <==== ATTENTION
                          Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - \Microsoft\Windows\DeviceDirectoryClient\RegisterD evicePeriodic6 → No File <==== ATTENTION
                          Task: {B3936E47-5E06-491A-A987-7C6C265403D6} - \Microsoft\Windows\UpdateOrchestrator\MusUx_Update Interval → No File <==== ATTENTION
                          Task: {BFDA0A39-0BA5-4424-A52A-F304C64D297B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess → No File <==== ATTENTION
                          Task: {C4161F9F-C3F4-49BF-990A-5A6F9D70C2A3} - \Microsoft\Windows\RemovalTools\MRT_HB → No File <==== ATTENTION
                          Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterD evicePeriodic1 → No File <==== ATTENTION
                          Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup → No File <==== ATTENTION
                          Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - \Microsoft\Windows\DeviceDirectoryClient\RegisterD eviceConnectedToNetwork → No File <==== ATTENTION
                          Task: {D323D1CB-5535-4FC4-9BAA-0DC06D66C7B9} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask → No File <==== ATTENTION
                          Task: {D67F303B-0B6D-4A7D-B251-D40DF1971360} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                          Task: {D7DFFA31-FC51-4CE0-9F34-CB02C81A4E84} - \Microsoft\Windows\Media Center\RecordingRestart → No File <==== ATTENTION
                          Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHand ler → No File <==== ATTENTION
                          Task: {E6600707-C14B-4E9B-A0BC-63281D225B5F} - \Microsoft\Windows\SideShow\GadgetManager → No File <==== ATTENTION
                          Task: {E7C11A0B-8A42-48DE-A741-FD40502C9068} - \Microsoft\Windows\UNP\RunCampaignManager → No File <==== ATTENTION
                          Task: {E8A1718D-6448-4414-97F8-0CC236CBDE86} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig → No File <==== ATTENTION
                          Task: {E94BB589-63B9-4442-8591-ECEE37FFB809} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} → No File <==== ATTENTION
                          Task: {E9CC1CB3-E17F-46C4-9E5B-B34E364BDE5F} - \Microsoft\Windows\Media Center\ReindexSearchRoot → No File <==== ATTENTION
                          Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker _Display → No File <==== ATTENTION
                          Task: {EF6E6ABB-419F-40F8-8078-41973FE962CD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d → No File <==== ATTENTION
                          Task: {F1A34B79-7056-457A-9E3B-69374ED42DB9} - \Microsoft\Windows\SideShow\SessionAgent → No File <==== ATTENTION
                          Task: {F4556879-705F-47BD-B2F5-615802BD197F} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [2016-09-01] (TODO: )
                          Task: {F66B98E1-4E4A-4334-AF59-D76A14BBB656} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d → No File <==== ATTENTION
                          Task: {F93A29D0-09F9-40BD-B783-98C799EA7DBB} - \Microsoft\Windows\Media Center\PeriodicScanRetry → No File <==== ATTENTIO
                          AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B [964]
                          C:\WINDOWS\system32\Drivers\etc\hosts
                          Hosts:
                          HKLM...\StartupApproved\Run: => “iTunesHelper”
                          HKLM...\StartupApproved\Run32: => “iTunesHelper”
                          HKLM...\StartupApproved\Run32: => “Wondershare Helper Compact.exe”
                          HKU\S-1-5-21-1442195442-3689054388-281515-1000...\StartupApproved\Run: => “OneDrive”
                          RemoveProxy:
                          CMD: netsh advfirewall reset
                          CMD: netsh advfirewall set allprofiles state On
                          CMD: ipconfig /flushdns
                          reboot:
                          end

                          Processes closed successfully.
                          Restore point was successfully created.
                          HKLM\Software\Microsoft\Windows\CurrentVersion\Run \SecurityHealth => value not found.
                          HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\Wondershare Helper Compact.exe => value not found.
                          HKU\S-1-5-21-1442195442-3689054388-281515-1000\Software\Microsoft\Windows\CurrentVersion\Run \CCleaner Monitoring => value not found.
                          HKU\S-1-5-21-1442195442-3689054388-281515-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
                          HKLM\Software\Classes\CLSID{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} => key not found.
                          HKLM\Software\Wow6432Node\Classes\CLSID{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} => key not found.
                          C:\Users\Motion\AppData\Roaming\Mozilla\Firefox\Pr ofiles\990g0168.default\Extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => not found.
                          Chrome HomePage => not found.
                          Chrome StartupUrls => not found.
                          NvTelemetryContainer => service not found.
                          Sense => service not found.
                          WdNisSvc => service not found.
                          WinDefend => service not found.
                          idsvc => service not found.
                          “C:\Users\Motion\Downloads\DAZ LOADER WINDOWS 10 www.nvsoftwares.com.rar” => not found.
                          “C:\WINDOWS\System32\Tasks\SamsungMagician” => not found.
                          “C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2” => not found.
                          “C:\ProgramData\DP45977C.lfl” => not found.
                          “C:\Users\Motion\AppData\LocalLow\uTorrent” => not found.
                          “C:\Users\Motion\AppData\Roaming\RZR_0020302140998 bb89f44a8ccec1d.db” => not found.
                          HKU\S-1-5-21-1442195442-3689054388-281515-1000_Classes\ChromeHTML => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{072BDFA F-E5F8-4D4F-9B0D-076F90BB2444} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\ASU S Product Register Service => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{08429F2 E-4C7D-43F2-8DD9-598229681D3B} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PvrScheduleTask => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{088482F A-65B8-4E17-9ABF-1DCD48E8D373} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Tcpip\IpAddressConflict1 => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{09F06BF E-A3C8-40E3-846A-6E6F4000C238} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Tcpip\IpAddressConflict2 => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0A381A6 A-2C98-4B44-A1E3-C98C55C733C5} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{F390DCB0-A4B5-4D58-BEB0-FCD78DC2EF7D} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0C608C2 9-961F-4F3F-9B94-A7EC19685F5A} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1179ED3 0-56C8-48B8-9B77-2A0916F4104B} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\mcupdate => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{12132F4 4-FE16-4473-BD76-2889C886F04D} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Logon-5d => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{17F18DA 4-9145-4AD0-84EB-A83826383E4A} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\ConfigureInternetTimeService => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1881739 4-C0FE-41E2-A99F-5AA74CAC10DC} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\ObjectStoreRecoveryTask => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1B81E26 A-ED95-43D0-9A09-F5B8BCD82977} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSo ftwareProtectionPlatform\SvcRestartTask => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1C2783C 7-F0BD-4F4D-9F40-8ECC38D5FC36} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\mcupdate_scheduled => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1F5466D 9-2DFE-4841-9B8A-8126CAC93B32} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PBDADiscovery => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{23BA308 B-A6F7-4950-8AE0-06082CAD336B} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\UpdateRecordPath => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{25AB2E2 5-1DDD-4F30-ACD2-A12A986457D4} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\ErrorDetails\ErrorDetailsUpdate => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2A0EDCC 3-4419-402E-9CD6-B9F4164B7926} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PBDADiscoveryW2 => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{323D8B0 0-0D7B-4271-A17C-F0364220CC02} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Suite\Norton Error Analyzer => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{336C6AB 1-88A9-4FF2-B095-15EDBFDFE1DB} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\ActivateWindowsSearch => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3D94AAA C-F1DA-44A1-A007-A51980E10CA0} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\ErrorDetails\EnableErrorDetailsUpdate => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{4520E8A 9-AF06-4122-859B-E4B655B29B36} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\AppID\SmartScreenSpecific => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{486D715 E-6AA2-44CF-BC48-B6990CBB53C6} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Shell\WindowsParentalControlsMigration => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{48E567D 4-E9ED-4789-9EC1-80848BFC5A0F} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\Ap pleSoftwareUpdate => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{4904050 F-939C-4327-952C-F2B252AC9C33} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{490A4C7 C-C50F-40F4-8F54-2BB79897142D} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\InstallPlayReady => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{4A05373 6-D52E-46FB-AC33-D5900E16ECE7} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\MediaCenterRecoveryTask => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{4E0476A 8-D3AC-46CB-A57F-07EFF987FADB} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\DispatchRecoveryTasks => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{50A08BC A-F67A-475E-BF58-E073F060839F} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PvrRecoveryTask => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{51B7FB1 5-4DCB-400E-9A98-10E802F21FB3} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\DeviceDirectoryClient\RegisterDeviceScre enOnOff => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{5233F96 F-F36F-4D06-90C7-9C051913656D} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmU pload_S-1-5-21-1442195442-3689054388-281515-1000 => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{528F678 1-A23B-4F3B-B61E-2B7666314E37} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\SideShow\SystemDataProviders => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{5AA011E A-2456-499C-AFF5-5809A8364004} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\RegisterSearch => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{5B42DD9 C-5A26-4F27-BB95-34603F0997E5} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Shell\WindowsParentalControls => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{5E721D1 9-BC16-4B70-B9EB-EC5DC8D464D3} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Suite\Norton Error Processor => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{611C823 C-437B-46E7-9683-5312DFFCFD7B} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\UpdateOrchestrator\Policy Install => key removed successfully
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{61E554C 9-AB30-4BC5-BB6D-83D31FEA3FED} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6A6B9D4 7-1652-4628-BD49-C98876C26561} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\StartRecording => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6A8F16C C-23F9-4949-B411-BEBB504C176A} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineCore => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6BFD247 C-FC07-48D1-8583-4A24E4999252} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6F3F97A D-E4F3-40E2-A9C8-61D7270E4BF0} => key not found.
                          C:\WINDOWS\System32\Tasks\SamsungMagician => not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SamsungM agician => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{734DDA5 8-0005-42F4-A1F3-4E8D5B6DE09A} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\MobilePC\HotStart => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7502C70 3-6198-4C20-969E-F883DA9E3462} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_ {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{775FF79 7-5F82-462D-946A-74B09848DAE8} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvDriver UpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7998AE3 0-CFF0-47DB-A34D-AD0EB0AD7789} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\ehDRMInit => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{799DF89 0-412D-4092-8FEB-98283E56C85A} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfil eUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7E95BED 2-0EB0-48C1-8309-88C7766F5AD6} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxcontent => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7FCA810 C-B51F-4B7F-8F8A-31A5F543C102} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\OCURDiscovery => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{81DAEAB 6-6529-4C32-B611-1EF7F7548E13} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmMon_ {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{848DCC3 6-520C-4946-BF68-C7EFFEFA2F84} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToR eboot => key removed successfully
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8913E5D D-CF9E-4E06-8217-F20B7FDE1FF0} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\OCURActivate => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8B025B5 4-5496-40E4-8D6A-B1067EE5A7D1} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner SkipUAC => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8B2D34F 0-1750-47E0-A7BA-C84BE5B29723} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{93AC721 B-C482-48CF-81FC-AF25BE551556} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{94C19A6 A-E501-4E37-90DD-AE3A34A84008} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\XblGameSave\XblGameSaveTaskLogon => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9E7ADBB 1-E801-4B12-B304-D3885A47F687} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRepO nLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A364E29 7-00AD-490D-900E-22AC34598C71} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\UpdateOrchestrator\Maintenance Install => key removed successfully
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A3828C2 5-B37D-474D-BFE4-6A09E52D680E} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineUA => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A626822 4-6D82-4582-95FD-44A57B809970} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PBDADiscoveryW1 => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A62CC68 9-308F-407C-AED4-0ED1B52F3459} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\SideShow\AutoWake => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B022DDC D-37DB-4653-8788-2A0F1B682E17} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B0CBAB4 3-44FC-469B-A4CE-87426761FDCE} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\PerfTrack\BackgroundConfigSurveyor => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B320E05 8-C6FA-413F-876B-0C9B4428AE66} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\DeviceDirectoryClient\RegisterDevicePeri odic6 => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B3936E4 7-5E06-491A-A987-7C6C265403D6} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\UpdateOrchestrator\MusUx_UpdateInterval => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{BFDA0A3 9-0BA5-4424-A52A-F304C64D297B} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\launchtrayprocess => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C4161F9 F-C3F4-49BF-990A-5A6F9D70C2A3} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\RemovalTools\MRT_HB => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C6B2579 B-4962-4D12-883D-BBD420573A6C} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\DeviceDirectoryClient\RegisterDevicePeri odic1 => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C9ACBFD 2-20AA-4A3F-BE1A-A3D5279BB1BB} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Plug and Play\Plug and Play Cleanup => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D19A272 6-897E-4F7D-9CE4-0773B449CE9E} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\DeviceDirectoryClient\RegisterDeviceConn ectedToNetwork => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D323D1C B-5535-4FC4-9BAA-0DC06D66C7B9} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\SqlLiteRecoveryTask => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D67F303 B-0B6D-4A7D-B251-D40DF1971360} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfil eUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D7DFFA3 1-FC51-4CE0-9F34-CB02C81A4E84} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\RecordingRestart => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E6010D4 3-6AE7-4B59-8E67-EC78FD8E8E96} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\NetCfg\BindingWorkItemQueueHandler => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E660070 7-C14B-4E9B-A0BC-63281D225B5F} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\SideShow\GadgetManager => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E7C11A0 B-8A42-48DE-A741-FD40502C9068} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\UNP\RunCampaignManager => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E8A1718 D-6448-4414-97F8-0CC236CBDE86} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfig => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E94BB58 9-63B9-4442-8591-ECEE37FFB809} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNodeLa uncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E9CC1CB 3-E17F-46C4-9E5B-B34E364BDE5F} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\ReindexSearchRoot => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{EA3F661 E-B31C-44A9-B40C-E3D5D56149D4} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\UpdateOrchestrator\USO_UxBroker_Display => key removed successfully
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{EF6E6AB B-419F-40F8-8078-41973FE962CD} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F1A34B7 9-7056-457A-9E3B-69374ED42DB9} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\SideShow\SessionAgent => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F455687 9-705F-47BD-B2F5-615802BD197F} => key not found.
                          C:\WINDOWS\System32\Tasks\GPU Tweak II => not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPU Tweak II => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F66B98E 1-4E4A-4334-AF59-D76A14BBB656} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Time-5d => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F93A29D 0-09F9-40BD-B783-98C799EA7DBB} => key not found.
                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Media Center\PeriodicScanRetry => key not found.
                          “C:\ProgramData\TEMP” => “:9A870F8B” ADS not found.
                          C:\WINDOWS\system32\Drivers\etc\hosts => moved successfully
                          Hosts restored successfully.
                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\iTunesHelper => value not found.
                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \iTunesHelper => value not found.
                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32\iTunesHelper => value not found.
                          HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\iTunesHelper => value not found.
                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32\Wondershare Helper Compact.exe => value not found.
                          HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\Wondershare Helper Compact.exe => value not found.
                          HKU\S-1-5-21-1442195442-3689054388-281515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\OneDrive => value not found.
                          HKU\S-1-5-21-1442195442-3689054388-281515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \OneDrive => value not found.

                          ========= RemoveProxy: =========

                          HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
                          HKU\S-1-5-21-1442195442-3689054388-281515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully
                          HKU\S-1-5-21-1442195442-3689054388-281515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

                          ========= End of RemoveProxy: =========

                          ========= netsh advfirewall reset =========

                          Ok.

                          ========= End of CMD: =========

                          ========= netsh advfirewall set allprofiles state On =========

                          Ok.

                          ========= End of CMD: =========

                          ========= ipconfig /flushdns =========

                          Windows IP Configuration

                          Successfully flushed the DNS Resolver Cache.

                          ========= End of CMD: =========

                          =========== EmptyTemp: ==========

                          BITS transfer queue => 6053888 B
                          DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10611652 B
                          Java, Flash, Steam htmlcache => 0 B
                          Windows/system/drivers => 0 B
                          Edge => 0 B
                          Chrome => 12288457 B
                          Firefox => 0 B
                          Opera => 0 B

                          Temp, IE cache, history, cookies, recent:
                          Default => 0 B
                          Users => 0 B
                          ProgramData => 0 B
                          Public => 0 B
                          systemprofile => 0 B
                          systemprofile32 => 0 B
                          LocalService => 2462 B
                          NetworkService => 0 B
                          Motion => 72705 B
                          DefaultAppPool => 0 B

                          RecycleBin => 54519 B
                          EmptyTemp: => 27.7 MB temporary data Removed.

                          ================================

                          The system needed a reboot.

                          ==== End of Fixlog 13:33:41 ====

                          Just a note it did it after I had restarted and the tool finished for the last one.

                            Comment

                            • Malnutrition
                              PCHF Moderator
                              • Jul 2016
                              • 7041
                              #8
                              Adware Cleaner Scan.

                              Please download AdwCleaner by Xplode onto your desktop.

                              [ul]
                              [li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]
                              Malwarebytes.
                              [ul]
                              [li]Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left )[/li][li]Perform the installation[/li][li]Uncheck “Enable Free Trial of Malwarebytes Anti-Malware Premium” if it’s asked[/li][li]Malwarebytes will update, let this update,[/li][li]Click on the “Settings” tab and then on the “Detection and Protection” tab, Check the box “Search for Rootkits”[/li][li]Click on the “Analysis” tab and then on “Start analysis”[/li][li]Once the review is complete, check that all detections are checked and then click [Delete Selection][/li][li]If Malwarebytes asks you to restart your PC, click “Yes”[/li][li]When restarting your PC, restarts Malwarebytes[/li][li]Opens the “History” tab and then “Application logs”[/li][li]Double click on the last Scan Log in date (the one above)[/li][li]At the bottom click [Export] → select “Text file (* .txt)”[/li][li]In the explorer selects the desktop, name it mbam.txt, click [Save][/li][/ul]
                              Full Zemana Scan.

                              Zemana Deep Scan
                              [ul]
                              [li]
                              • [/li][li]Right click on Zemana and run as admin.[/li][/ul]
                                [ul]
                                [li]Click the Cog/Sproket Wheel, at the top right of Zemana[/li][/ul]
                                [ul]
                                [li]Select Advanced - I have read the warning and wish to proceed.[/li][/ul]
                                [ul]
                                [li]Place a tick next to Detect Suspicious (Root CA) Certificates.[/li][/ul]
                                [ul]
                                [li]Then click the house icon in Zemana.[/li][/ul]
                                [ul]
                                [li]Then hit your start button at the lower left hand corner of your desktop.[/li][/ul]
                                [ul]
                                [li]Then left click on Computer.[/li][/ul]
                                [ul]
                                [li]Drag Local Disk C: or whichever drive you decide to check first.[/li]
                                [li]Into the area of Zemana that reads Drag and drop files here to scan them.[/li][/ul]
                                [ul]
                                [li]http://i.imgur.com/bOVO6lY.png[/li][/ul]
                                [ul]
                                [li]Once the scan has completed click graph icon on the top right of the programs User interface.[/li][/ul]
                                [ul]
                                [li]Double click to open the latest log-file.[/li][/ul]
                                [ul]
                                [li]Copy it to your clipboard.[/li][/ul]
                                [ul]
                                [li]Post the log here in your next reply.[/li][/ul]


                              ZHP Diag Scan

                              Download ZHP Diag to your desktop.
                              1. Right Click Run as Admin.
                              2. Click the Options button.

                              Click on Check All
                              Then Click Validate
                              Then click close.

                              Forums - PC Help Forum
                              https://pchelpforum.net/attachments/upload_2017-4-26_17-16-39-png.2074/
                              PCHF Forums



                              2. Click the Scanner button.

                              Forums - PC Help Forum
                              https://pchelpforum.net/attachments/upload_2017-2-23_3-32-26-png.1647/
                              PCHF Forums


                              When complete please push the report button.
                              A notepad will open… copy and paste the report in your next reply.

                                Comment

                                • mynd12
                                  PCHF Member
                                  • Jun 2017
                                  • 14
                                  #9
                                  [HEADING=1]AdwCleaner v6.047 - Logfile created 16/06/2017 at 13:27:23[/HEADING]
                                  [HEADING=1]Updated on 19/05/2017 by Malwarebytes[/HEADING]
                                  [HEADING=1]Database : 2017-06-16.2 [Server][/HEADING]
                                  [HEADING=1]Operating System : Windows 10 Pro (X64)[/HEADING]
                                  [HEADING=1]Username : Motion - MOTION-PC[/HEADING]
                                  [HEADING=1]Running from : C:\Users\Motion\Downloads\adwcleaner_6.047.exe[/HEADING]
                                  [HEADING=1]Mode: Clean[/HEADING]
                                  [HEADING=1]Support : Malwarebytes Help Center[/HEADING]
                                  ***** [ Services ] *****

                                  ***** [ Folders ] *****

                                  [-] Folder deleted: C:\Users\Motion\AppData\Local\VirtualStore\Program Files (x86)\Save

                                  ***** [ Files ] *****

                                  ***** [ DLL ] *****

                                  ***** [ WMI ] *****

                                  ***** [ Shortcuts ] *****

                                  ***** [ Scheduled Tasks ] *****

                                  ***** [ Registry ] *****

                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Codejock.SkinFramework.13.3. 1
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobal Settings.13.3.1
                                  [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFramework.13.3. 1
                                  [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobal Settings.13.3.1
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\AppID{19975B78-1907-4DD6-A437-4C48120F46A4}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\AppID{C007DADD-132A-624C-088E-59EE6CF0711F}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{045F91B3-695F-423A-98C7-8DE3C47AA020}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{A1440EC3-F0FA-407A-B811-DE6668C06D29}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{C815E3DA-0823-49B0-9270-D1771D58B317}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{E4A994B0-5550-4680-A4C6-B9470B888069}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{F9EB11AB-9384-4736-9B33-993940F88895}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{128507E0-C56F-43C0-BCF1-8193B35FE4C4}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{40217CB8-4463-4030-B324-AC6A8075FEC8}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{63C40CBE-DE43-4B56-BCEB-E14B825CF245}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\Interface{AFA0E6A1-28D7-4F2C-87A7-7266367B4655}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{BD0C1912-66C3-49CC-8B12-7B347BF6C846}
                                  [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL

                                  ***** [ Web browsers ] *****

                                  [-] [C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
                                  [-] [C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
                                  [-] [C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: conduit.search

                                  :: “Tracing” keys deleted
                                  :: Winsock settings cleared

                                  C:\AdwCleaner\AdwCleaner[C0].txt - [3535 Bytes] - [16/06/2017 13:27:23]
                                  C:\AdwCleaner\AdwCleaner[S0].txt - [3860 Bytes] - [16/06/2017 13:27:06]

                                  ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3681 Bytes] ##########

                                  Malwarebytes
                                  www.malwarebytes.com

                                  -Log Details-
                                  Scan Date: 6/16/17
                                  Scan Time: 1:34 PM
                                  Log File: malware.txt
                                  Administrator: Yes

                                  -Software Information-
                                  Version: 3.1.2.1733
                                  Components Version: 1.0.141
                                  Update Package Version: 1.0.2164
                                  License: Trial

                                  -System Information-
                                  OS: Windows 10
                                  CPU: x64
                                  File System: NTFS
                                  User: MOTION-PC\Motion

                                  -Scan Summary-
                                  Scan Type: Threat Scan
                                  Result: Completed
                                  Objects Scanned: 453592
                                  Threats Detected: 0
                                  (No malicious items detected)
                                  Threats Quarantined: 0
                                  (No malicious items detected)
                                  Time Elapsed: 2 min, 26 sec

                                  -Scan Options-
                                  Memory: Enabled
                                  Startup: Enabled
                                  Filesystem: Enabled
                                  Archives: Enabled
                                  Rootkits: Enabled
                                  Heuristics: Enabled
                                  PUP: Enabled
                                  PUM: Enabled

                                  -Scan Details-
                                  Process: 0
                                  (No malicious items detected)

                                  Module: 0
                                  (No malicious items detected)

                                  Registry Key: 0
                                  (No malicious items detected)

                                  Registry Value: 0
                                  (No malicious items detected)

                                  Registry Data: 0
                                  (No malicious items detected)

                                  Data Stream: 0
                                  (No malicious items detected)

                                  Folder: 0
                                  (No malicious items detected)

                                  File: 0
                                  (No malicious items detected)

                                  Physical Sector: 0
                                  (No malicious items detected)

                                  (end)

                                  Zemana AntiMalware 2.73.2.38 (Installed)

                                  Scan Result : Completed
                                  Scan Date : 2017/6/16
                                  Operating System : Windows 10 64-bit
                                  Processor : 8X AMD FX™-8350 Eight-Core Processor
                                  BIOS Mode : Legacy
                                  CUID : 12DA8BEB5D52D22BD6E648
                                  Scan Type : Custom Scan
                                  Duration : 11m 26s
                                  Scanned Objects : 456913
                                  Detected Objects : 0
                                  Excluded Objects : 0
                                  Read Level : Normal
                                  Auto Upload : Enabled
                                  Detect All Extensions : Disabled
                                  Scan Documents : Disabled
                                  Domain Info : WORKGROUP,0,2
                                  [HEADING=1]Detected Objects[/HEADING]
                                  No threats detected

                                  ~ ZHPDiag v2017.6.15.99 By Nicolas Coolman (2017/06/15)
                                  ~ Run by Motion (Administrator) (2017/06/16 13:55:23)
                                  ~ Web: https://www.nicolascoolman.com
                                  ~ Blog: https://nicolascoolman.eu/
                                  ~ Facebook: ZHP
                                  ~ Certificate: Legal
                                  ~ State version: Version OK
                                  ~ Mode: Scan
                                  ~ Report: C:\Users\Motion\Desktop\ZHPDiag.txt
                                  ~ Report: C:\Users\Motion\AppData\Roaming\ZHP\ZHPDiag.txt
                                  ~ UAC: Activate
                                  ~ System startup: Normal (Normal boot)
                                  Windows 10 Pro, 64-bit (Build 15063) =>.Microsoft Corporation

                                  —\ Internet Browsers (3) - 0s
                                  ~ GCIE: Google Chrome v59.0.3071.86
                                  ~ MSIE: Microsoft Edge v40
                                  ~ MSIE: Internet Explorer v11.413.15063.0

                                  —\ Windows Product Information (3) - 3s
                                  ~ Windows Server License Manager Script : OK
                                  ~ Licence Script File Génération : OK
                                  Windows Automatic Updates : OK

                                  —\ System protection software (1) - 4s
                                  Norton Security Suite v22.9.4.8 (Protection)

                                  —\ System protection software (Superfluous) (1) - 5s
                                  ~ Zemana AntiMalware v2.73.0.38 (Superfluous)

                                  —\ Surveillance software (1) - 6s
                                  ~ Adobe Flash Player 26 NPAPI (Surveillance)

                                  —\ Information on the system (6) - 0s
                                  ~ Operating System: AMD64 Family 21 Model 2 Stepping 0, AuthenticAMD
                                  ~ Operating System: 64-bit
                                  ~ Boot mode: Normal (Normal boot)
                                  Total RAM: 16723.968 MB (75% free) : OK =>.RAM Value
                                  System Restore: Activé (Enable)
                                  System drive C: has 47 GB (19%) free of 237 GB : OK =>.Disk Space

                                  —\ Connection to the system mode (3) - 0s
                                  ~ Computer Name: MOTION-PC
                                  ~ User Name: Motion
                                  ~ Logged in as Administrator

                                  —\ Enumeration of the disk units (1) - 0s
                                  ~ Drive C: has 47 GB free of 237 GB (System)

                                  —\ State of the Windows Security Center (7) - 0s
                                  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
                                  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
                                  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
                                  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
                                  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
                                  [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
                                  [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

                                  —\ Search Generic System Files (24) - 1s
                                  [MD5.E719D0A5DBC7D5ACFC179D361EF8C2FC] - 05/06/2017 - (.Microsoft Corporation - Windows Explorer.) – C:\WINDOWS\Explorer.exe [4847928] =>.Microsoft Windows®
                                  [MD5.ECB702B8C5650381C0784F1EEABB97BC] - 18/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\WINDOWS\System32\rundll32.exe [68608] =>.Microsoft Corporation
                                  [MD5.9A4BA96E87A1FD69381249557BDE2BF0] - 18/03/2017 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\WINDOWS\System32\Wininit.exe [318232] =>.Microsoft Windows Publisher®
                                  [MD5.2B1361AFBF330AF9A652A336EE77CBCB] - 05/06/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\WINDOWS\System32\wininet.dll [3307008] =>.Microsoft Corporation
                                  [MD5.D0F1FB0E90BFBD14865B770E2567BE1D] - 05/06/2017 - (.Microsoft Corporation - Windows Logon Application.) – C:\WINDOWS\System32\Winlogon.exe [707072] =>.Microsoft Corporation
                                  [MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 18/03/2017 - (.Microsoft Corporation - Software Licensing Library.) – C:\WINDOWS\System32\sppcomapi.dll [414208] =>.Microsoft Corporation
                                  [MD5.0F9FA6A2D4EAE50393DCE473759A9845] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\System32\dnsapi.dll [661224] =>.Microsoft Windows®
                                  [MD5.3F969D5ADEAB3284ABD500B37D74A8F8] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\Syswow64\dnsapi.dll [508344] =>.Microsoft Windows®
                                  [MD5.AC1928C2F7505BD556C552F153B062AB] - 18/03/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\WINDOWS\System32\drivers\AFD.sys [610712] =>.Microsoft Windows®
                                  [MD5.01733BEEE02E51F712330D5909BD701C] - 18/03/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\WINDOWS\System32\drivers\atapi.sys [29088] =>.Microsoft Windows®
                                  [MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 18/03/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\WINDOWS\System32\drivers\Cdfs.sys [93184] =>.Microsoft Corporation
                                  [MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 18/03/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\WINDOWS\System32\drivers\Cdrom.sys [160256] =>.Microsoft Corporation
                                  [MD5.185A4519B7764F4DEF714D890A7A9FD2] - 18/03/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\WINDOWS\System32\drivers\DfsC.sys [150528] =>.Microsoft Corporation
                                  [MD5.DD1A6F4998E7E21564FA9BAFE21C87ED] - 18/03/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\WINDOWS\System32\drivers\HDAudBus.sys [86528] =>.Microsoft Corporation
                                  [MD5.C6C8315E3262FAE460529C6DA2951682] - 18/03/2017 - (.Microsoft Corporation - i8042 Port Driver.) – C:\WINDOWS\System32\drivers\i8042prt.sys [115200] =>.Microsoft Corporation
                                  [MD5.DCC05E5EAA580C97F13B434FAFACED85] - 18/03/2017 - (.Microsoft Corporation - IP Network Address Translator.) – C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
                                  [MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 18/03/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\WINDOWS\System32\drivers\MRxSmb.sys [467352] =>.Microsoft Windows®
                                  [MD5.30C2F67EC84EB11B22011620107E0325] - 18/03/2017 - (.Microsoft Corporation - MBT Transport driver.) – C:\WINDOWS\System32\drivers\netBT.sys [305152] =>.Microsoft Corporation
                                  [MD5.731FD52461C8107E5B19B9AEDBB82BFB] - 18/03/2017 - (.Microsoft Corporation - NT File System Driver.) – C:\WINDOWS\System32\drivers\ntfs.sys [2328480] =>.Microsoft Windows®
                                  [MD5.2CC6C325B271C7CA60F374F8F868CB45] - 18/03/2017 - (.Microsoft Corporation - Parallel Port Driver.) – C:\WINDOWS\System32\drivers\Parport.sys [97792] =>.Microsoft Corporation
                                  [MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 18/03/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008] =>.Microsoft Corporation
                                  [MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 18/03/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\WINDOWS\System32\drivers\rdpdr.sys [183296] =>.Microsoft Corporation
                                  [MD5.892AB2637603A5E9507C39E61101C3C3] - 03/06/2017 - (.Microsoft Corporation - TDI Translation Driver.) – C:\WINDOWS\System32\drivers\tdx.sys [119712] =>.Microsoft Windows®
                                  [MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 18/03/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) – C:\WINDOWS\System32\drivers\volsnap.sys [397216] =>.Microsoft Windows®

                                  —\ Non Microsoft non disabled Windows Services (12) - 1s
                                  O23 - Service: Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
                                  O23 - Service: Bonjour Service (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
                                  O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                                  O23 - Service: Malwarebytes Service (MBAMService) . (.Malwarebytes - Malwarebytes Service.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
                                  O23 - Service: Norton 360 (N360) . (.Symantec Corporation - Norton 360.) - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe =>.Symantec Corporation®
                                  O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
                                  O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe =>.NVIDIA Corporation®
                                  O23 - Service: PnkBstrA (PnkBstrA) . (…) - C:\Windows\System32\PnkBstrA.exe (.not file.)
                                  O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
                                  O23 - Service: TeamViewer 12 (TeamViewer) . (.TeamViewer GmbH - TeamViewer 12.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe =>.TeamViewer GmbH®
                                  O23 - Service: UStorage Server Service (UStorage Server Service) . (.OTi - OTi Content Service.) - C:\Windows\SysWOW64\UStorSrv.exe
                                  O23 - Service: ZAM Controller Service (ZAMSvc) . (.Copyright 2017. - ZAM.) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®

                                  —\ Services not Microsoft (SR=Run, SS=Stop) (19) - 45s
                                  SS - Demand [13/06/2017] [ 272384] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe =>.Adobe Systems Incorporated®
                                  SR - Auto [03/04/2017] [ 83768] Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
                                  SS - Demand [09/05/2017] [ 1536520] BattlEye Service (BEService) . (…) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe =>.BattlEye Innovations e.K.®
                                  SR - Auto [12/08/2015] [ 462096] Bonjour Service (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
                                  SS - Demand [30/09/2015] [ 363208] BitRaider Mini-Support Service Stub Loader (BRSptStub) . (.BitRaider, LLC.) - C:\ProgramData\BitRaider\BRSptStub.exe =>.BitRaider LLC®
                                  SS - Auto [29/08/2015] [ 144200] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                                  SS - Demand [29/08/2015] [ 144200] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                                  SS - Demand [09/05/2017] [ 689464] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe =>.Apple Inc.®
                                  SR - Auto [09/05/2017] [ 4470736] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
                                  SR - Auto [26/05/2017] [ 326160] Norton 360 (N360) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe =>.Symantec Corporation®
                                  SR - Auto [26/05/2017] [ 326160] NVIDIA LocalSystem Container (NvContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
                                  SS - Demand [26/05/2017] [ 326160] NVIDIA NetworkService Container (NvContainerNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
                                  SR - Auto [26/05/2017] [ 326160] NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe =>.NVIDIA Corporation®
                                  SS - Demand [26/05/2017] [ 326160] Remote Packet Capture Protocol v.0 (experimental) (rpcapd) . (.Riverbed Technology, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe =>.Riverbed Technology, Inc.®
                                  SS - Auto [26/05/2017] [ 326160] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
                                  SS - Demand [26/05/2017] [ 326160] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valve®
                                  SR - Auto [26/05/2017] [ 326160] TeamViewer 12 (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe =>.TeamViewer GmbH®
                                  SR - Auto [26/05/2017] [ 326160] UStorage Server Service (UStorage Server Service) . (.OTi.) - C:\Windows\SysWOW64\UStorSrv.exe
                                  SR - Auto [26/05/2017] [ 326160] ZAM Controller Service (ZAMSvc) . (.Copyright 2017..) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®

                                  —\ Task Planned Automatically (2) - 13s
                                  [MD5.CAB759C94DF72ACFFC41BD11CCF64024] [APT] [Norton WSC Integration] (.Symantec Corporation.) – C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\wscstub.exe [3799808] (.Activate.) =>.Symantec Corporation®
                                  O39 - APT: Norton WSC Integration - (.Symantec Corporation.) – C:\WINDOWS\System32\Tasks\Norton WSC Integration [3396] =>.Symantec Corporation®

                                  —\ Auto loading programs from Registry and folders (12) - 1s
                                  O4 - HKLM..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) – C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp®
                                  O4 - HKLM..\Run: [ShadowPlay] . (.Microsoft Corporation - Windows host process (Rundll32).) – C:\Windows\System32\rundll32.exe =>.Microsoft Corporation
                                  O4 - HKLM..\Run: [Malwarebytes TrayApp] . (.Malwarebytes - Malwarebytes Tray Application.) – C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe =>.Malwarebytes Corporation®
                                  O4 - HKLM..\Run: [ZAM] . (.Copyright 2017. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
                                  O4 - HKCU..\Run: [Spotify] . (.Spotify Ltd - Spotify.) – C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e =>.Spotify AB®
                                  O4 - HKCU..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) – C:\Users\Motion\AppData\Roaming\Spotify\SpotifyWeb Helper.exe =>.Spotify AB®
                                  O4 - HKLM..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) – C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation®
                                  O4 - HKLM..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) – C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle America, Inc.®
                                  O4 - HKUS\S-1-5-19..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
                                  O4 - HKUS\S-1-5-20..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
                                  O4 - HKUS\S-1-5-21-1442195442-3689054388-281515-1000..\Run: [Spotify] . (.Spotify Ltd - Spotify.) – C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e =>.Spotify AB®
                                  O4 - HKUS\S-1-5-21-1442195442-3689054388-281515-1000..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) – C:\Users\Motion\AppData\Roaming\Spotify\SpotifyWeb Helper.exe =>.Spotify AB®

                                  —\ Process running (36) - 4s
                                  [MD5.AB9FA82F86F04E1BADD864BF3C56D9C6] - (.NVIDIA Corporation - NVIDIA Container.) – C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [462968] [PID.1856] =>.NVIDIA Corporation®
                                  [MD5.AB9FA82F86F04E1BADD864BF3C56D9C6] - (.NVIDIA Corporation - NVIDIA Container.) – C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [462968] [PID.2188] =>.NVIDIA Corporation®
                                  [MD5.B5C2F92EE1106DFE7BB1CCE4D35B6037] - (.Apple Inc. - Bonjour Service.) – C:\Program Files\Bonjour\mDNSResponder.exe [462096] [PID.3440] =>.Apple Inc.®
                                  [MD5.7DEFAE8665BCEDDC2C9983138D69D7A5] - (.Apple Inc. - MobileDeviceService.) – C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768] [PID.3448] =>.Apple Inc.®
                                  [MD5.2D36E9065B914A7040A4BE31485A4418] - (.OTi - OTi Content Service.) – C:\Windows\SysWOW64\UStorSrv.exe [139264] [PID.3472]
                                  [MD5.176372CCCD2A3B36224D0490A24FDCD5] - (.NVIDIA Corporation - NVIDIA Container.) – C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224] [PID.3480] =>.NVIDIA Corporation®
                                  [MD5.64FF1074A536F845B811317D4073B1BF] - (.Symantec Corporation - Norton 360.) – C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe [326160] [PID.3508] =>.Symantec Corporation®
                                  [MD5.CD421DDB5C6E5458CE52EDC36DE7DC5B] - (…) – C:\Windows\SysWOW64\PnkBstrA.exe [76152] [PID.3516] =>.Even Balance, Inc.®
                                  [MD5.C8E2119AF16AFD29569F391FB802897A] - (.TeamViewer GmbH - TeamViewer 12.) – C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848] [PID.3596] =>.TeamViewer GmbH®
                                  [MD5.64FF1074A536F845B811317D4073B1BF] - (.Symantec Corporation - Norton 360.) – C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe [326160] [PID.4940] =>.Symantec Corporation®
                                  [MD5.4E07BCEE4826241D1DA33C033752CD15] - (.NVIDIA Corporation - NVIDIA Container.) – C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [450168] [PID.6180] =>.NVIDIA Corporation®
                                  [MD5.97E967065DA488402BFB18AB0FA33470] - (.NVIDIA Corporation - NVIDIA Settings.) – C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [2457208] [PID.10608] =>.NVIDIA Corporation®
                                  [MD5.22EBD5AE3B3220D713E544D1D3AB3FEE] - (.Realtek Semiconductor - Realtek HD Audio Manager.) – C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800] [PID.11328] =>.Realtek Semiconductor Corp®
                                  [MD5.243F49E6B1AA97E01876020E17BDB4A9] - (.Spotify Ltd - SpotifyWebHelper.) – C:\Users\Motion\AppData\Roaming\Spotify\SpotifyWeb Helper.exe [1446000] [PID.11592] =>.Spotify AB®
                                  [MD5.5D5A0A0DC8849FCB262C3F00177AA75E] - (.SteelSeries ApS - SteelSeries Engine 3 Core.) – C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe [12881472] [PID.11864] =>.SteelSeries ApS®
                                  [MD5.3478F1FF18525696611C79EDD204F672] - (.NVIDIA Corporation - NVIDIA Capture Server.) – C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe [7583352] [PID.11916] =>.NVIDIA Corporation®
                                  [MD5.A443A7C05ABF0FCD16E89593F63B633B] - (.Oracle Corporation - Java Update Scheduler.) – C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288] [PID.11996] =>.Oracle America, Inc.®
                                  [MD5.1D4105EEE74EA14A88388725813D2E8F] - (.NVIDIA Corporation - NVIDIA ShadowPlay Helper.) – C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe [545400] [PID.8264] =>.NVIDIA Corporation®
                                  [MD5.4BA1E9912A0040B0B38EA8B97EEF04BB] - (.NVIDIA Corporation - NVIDIA Share.) – C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [1693816] [PID.11096] =>.NVIDIA Corporation®
                                  [MD5.4BA1E9912A0040B0B38EA8B97EEF04BB] - (.NVIDIA Corporation - NVIDIA Share.) – C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe [1693816] [PID.11748] =>.NVIDIA Corporation®
                                  [MD5.2F9FDC3B49B98E7ABFC24CAF6450B101] - (.Node.js - NVIDIA Web Helper Service.) – C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [15553656] [PID.992] =>.NVIDIA Corporation®
                                  [MD5.CBB916388EBCEA1BDAAD17EE2844515E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.2912] =>.Google Inc®
                                  [MD5.CBB916388EBCEA1BDAAD17EE2844515E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.2988] =>.Google Inc®
                                  [MD5.CBB916388EBCEA1BDAAD17EE2844515E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.3656] =>.Google Inc®
                                  [MD5.CBB916388EBCEA1BDAAD17EE2844515E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.6920] =>.Google Inc®
                                  [MD5.CBB916388EBCEA1BDAAD17EE2844515E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.12696] =>.Google Inc®
                                  [MD5.CBB916388EBCEA1BDAAD17EE2844515E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.892] =>.Google Inc®
                                  [MD5.DD7423ABBE2913E70D50E9318AD57EE4] - (.Google Inc. - Google Installer.) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] [PID.11904] =>.Google Inc®
                                  [MD5.33E6E5822E22A5E1DEA523C06155FD07] - (.Google Inc. - Google Crash Handler.) – C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.ex e [288848] [PID.2804] =>.Google Inc®
                                  [MD5.27BEAF3F308ED2276F3863C2F2597556] - (.Google Inc. - Google Crash Handler.) – C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64. exe [366672] [PID.11876] =>.Google Inc®
                                  [MD5.D76E56108E6482905D3FAEA0649919E4] - (.Malwarebytes - Malwarebytes Service.) – C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736] [PID.7188] =>.Malwarebytes Corporation®
                                  [MD5.5602FF42444B4991E69C62E493BDAEC4] - (.Malwarebytes - Malwarebytes Tray Application.) – C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704] [PID.10444] =>.Malwarebytes Corporation®
                                  [MD5.44032F0F62931EE6547972F8BE798014] - (.Copyright 2017. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15537808] [PID.13248] =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
                                  [MD5.44032F0F62931EE6547972F8BE798014] - (.Copyright 2017. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15537808] [PID.12208] =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
                                  [MD5.CBD2EDA664046DA2F871746C055B566C] - (…) – C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524. 10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe [20480] [PID.13304] =>.Microsoft Corporation
                                  [MD5.572F9513C1E32B1A54148DC976B17F6A] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\Motion\Downloads\ZHPDiag3.exe [2750848] [PID.10940] =>.Nicolas Coolman

                                  —\ Google Chrome, Start,Search,Extensions (19) - 0s
                                  G0 - GCSP: Preferences [User Data\Default][HomePage] http://ajax.googleapis.com =>.Google Inc.
                                  G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
                                  G0 - GCSP: Preferences [User Data\Default][HomePage] http://clients5.google.com =>.Google Inc.
                                  G0 - GCSP: Preferences [User Data\Default][HomePage] http://lh3.googleusercontent.com =>.Google Inc.
                                  G0 - GCSP: Preferences [User Data\Default][HomePage] http://ogs.google.com =>.Google Inc.
                                  G0 - GCSP: Preferences [User Data\Default][HomePage] http://pchelpforum.net
                                  G0 - GCSP: Preferences [User Data\Default][HomePage] http://pchf2-jew4efcjsvzg0rz43cny.stackpathdns.com
                                  G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com =>.Google Inc.
                                  G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.com =>.Google Inc.
                                  G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com =>.Google Inc.
                                  G2 - GCE: Preference [User Data\Default] [ajopnjidmegmdimjlfnijceegpefgped] BetterTTV
                                  G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. =>.Google Inc.
                                  G2 - GCE: Preference [User Data\Default] [bkjcdfmmpdfjohenejbkaaafkoeknjnh] Fast Proxy =>.Legitimate
                                  G2 - GCE: Preference [User Data\Default] [cfhdojbkjhnklbpkdaibdccddilifddb] Google Chrome manifest =>.Google Inc. =>.Adblock
                                  G2 - GCE: Preference [User Data\Default] [cjabmdjcfcfdmffimndhafhblfmpjdpe] Norton Security Toolbar
                                  G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest =>.Google Inc. =>.Google Inc.
                                  G2 - GCE: Preference [User Data\Default] [idefjamndcpplnamdlbodoebjgkpdmpn] Zalmos SSL Web Proxy for Free
                                  G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
                                  G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

                                  —\ Mozilla Firefox,Plugins,Start,Search,Extensions (3) - 1s
                                  P2 - EXT FILE: (.Adblock Plus - Ads were yesterday!.) – C:\Users\Motion\AppData\Roaming\Mozilla\Firefox\Pr ofiles\990g0168.default\extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi =>.Adblock Plus
                                  P2 - EXT FILE: (.Aaron Boodman; http://youngpup.net/ - A User Script Manager for Firefox.) – C:\Users\Motion\AppData\Roaming\Mozilla\Firefox\Pr ofiles\990g0168.default\extensions{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi =>.Aaron Boodman; http://youngpup.net/
                                  P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) – C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 126.dll =>.Adobe Systems Incorporated

                                  —\ Internet Explorer Extensions, Start, Search (15) - 0s
                                  R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
                                  R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

                                  —\ Internet Explorer, Proxy Management (5) - 0s
                                  R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
                                  R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
                                  R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
                                  R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
                                  R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies =>.Microsoft

                                  —\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
                                  F2 - REG:system.ini: UserInit=
                                  F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
                                  F2 - REG:system.ini: VMApplet=

                                  —\ Hosts file redirection (1) - 0s
                                  ~ Le fichier hôte est sain (The hosts file is clean) (1)

                                  —\ Browser Helper Object (BHO) (2) - 0s
                                  O2 - BHO: Norton Identity Safety [64Bits] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} . (.Symantec Corporation - coIEPlugIn.) – C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll =>.Symantec Corporation®
                                  O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) – C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL =>.Microsoft Corporation®

                                  —\ Global shortcuts Startup (118) - 7s
                                  O4 - GS\Desktop [Administrator]: Discord.lnk . (.GitHub - Update.) C:\Users\Motion\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
                                  O4 - GS\Desktop [Administrator]: ESEA Client.lnk . (.Turtle Entertainment Online, Inc. - .) C:\Program Files (x86)\ESEA\ESEA Client\eseaclient.exe
                                  O4 - GS\Desktop [Administrator]: FLV Cutter.lnk . (.spgsoft.com - .) C:\Program Files (x86)\FLV Cutter\FLV Cutter.exe =>.spgsoft.com
                                  O4 - GS\Desktop [Administrator]: HD Video Converter Factory Pro.lnk . (.WonderFox Soft, Inc - .) C:\Program Files (x86)\WonderFox Soft\HD Video Converter Factory Pro\VideoConverterFactoryPro.exe =>.E-Mig Technology, Inc.®
                                  O4 - GS\Desktop [Administrator]: Mumble.lnk . (.Thorvald Natvig - Mumble - Low-latency VoIP client.) C:\Program Files (x86)\Mumble\mumble.exe -m {008793EAD91BA0702533DC9B7AA097F47B} =>.Thorvald Natvig
                                  O4 - GS\Desktop [Administrator]: OldSchool RuneScape.lnk . (…) C:\Users\Motion\jagexcache\jagexlauncher\bin\Jagex Launcher.exe oldschool
                                  O4 - GS\Desktop [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e =>.Spotify AB®
                                  O4 - GS\Desktop [Administrator]: StarParse.lnk . (…) C:\Users\Motion\AppData\Local\StarParse\StarParse. exe
                                  O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Motion\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                  O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                  O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
                                  O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
                                  O4 - GS\sendTo [Administrator]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
                                  O4 - GS\sendTo [Administrator]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 12.) C:\Program Files (x86)\TeamViewer\TeamViewer.exe --sendto =>.TeamViewer GmbH®
                                  O4 - GS\TaskBar [Administrator]: Volume Mixer.lnk . (.Microsoft Corporation - Volume Mixer.) C:\Windows\System32\SndVol.exe =>.Microsoft Windows®
                                  O4 - GS\Programs [Administrator]: csgo.lnk . (…) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe =>.Valve®
                                  O4 - GS\Programs [Administrator]: OldSchool RuneScape.lnk . (…) C:\Users\Motion\jagexcache\jagexlauncher\bin\Jagex Launcher.exe oldschool
                                  O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Motion\AppData\Local\Microsoft\OneDrive\O neDrive.exe =>.Microsoft Windows®
                                  O4 - GS\Programs [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e =>.Spotify AB®
                                  O4 - GS\Programs [Administrator]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNPUXHost.) C:\Windows\System32\UNP\UNPUXHost.exe =>.Microsoft Corporation
                                  O4 - GS\Desktop [Guest]: Discord.lnk . (.GitHub - Update.) C:\Users\Motion\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
                                  O4 - GS\Desktop [Guest]: ESEA Client.lnk . (.Turtle Entertainment Online, Inc. - .) C:\Program Files (x86)\ESEA\ESEA Client\eseaclient.exe
                                  O4 - GS\Desktop [Guest]: FLV Cutter.lnk . (.spgsoft.com - .) C:\Program Files (x86)\FLV Cutter\FLV Cutter.exe =>.spgsoft.com
                                  O4 - GS\Desktop [Guest]: HD Video Converter Factory Pro.lnk . (.WonderFox Soft, Inc - .) C:\Program Files (x86)\WonderFox Soft\HD Video Converter Factory Pro\VideoConverterFactoryPro.exe =>.E-Mig Technology, Inc.®
                                  O4 - GS\Desktop [Guest]: Mumble.lnk . (.Thorvald Natvig - Mumble - Low-latency VoIP client.) C:\Program Files (x86)\Mumble\mumble.exe -m {008793EAD91BA0702533DC9B7AA097F47B} =>.Thorvald Natvig
                                  O4 - GS\Desktop [Guest]: OldSchool RuneScape.lnk . (…) C:\Users\Motion\jagexcache\jagexlauncher\bin\Jagex Launcher.exe oldschool
                                  O4 - GS\Desktop [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e =>.Spotify AB®
                                  O4 - GS\Desktop [Guest]: StarParse.lnk . (…) C:\Users\Motion\AppData\Local\StarParse\StarParse. exe
                                  O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Motion\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                  O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                  O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
                                  O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
                                  O4 - GS\sendTo [Guest]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
                                  O4 - GS\sendTo [Guest]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 12.) C:\Program Files (x86)\TeamViewer\TeamViewer.exe --sendto =>.TeamViewer GmbH®
                                  O4 - GS\TaskBar [Guest]: Volume Mixer.lnk . (.Microsoft Corporation - Volume Mixer.) C:\Windows\System32\SndVol.exe =>.Microsoft Windows®
                                  O4 - GS\Programs [Guest]: csgo.lnk . (…) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe =>.Valve®
                                  O4 - GS\Programs [Guest]: OldSchool RuneScape.lnk . (…) C:\Users\Motion\jagexcache\jagexlauncher\bin\Jagex Launcher.exe oldschool
                                  O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Motion\AppData\Local\Microsoft\OneDrive\O neDrive.exe =>.Microsoft Windows®
                                  O4 - GS\Programs [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e =>.Spotify AB®
                                  O4 - GS\Programs [Guest]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNPUXHost.) C:\Windows\System32\UNP\UNPUXHost.exe =>.Microsoft Corporation
                                  O4 - GS\Desktop [Motion]: Discord.lnk . (.GitHub - Update.) C:\Users\Motion\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
                                  O4 - GS\Desktop [Motion]: ESEA Client.lnk . (.Turtle Entertainment Online, Inc. - .) C:\Program Files (x86)\ESEA\ESEA Client\eseaclient.exe
                                  O4 - GS\Desktop [Motion]: FLV Cutter.lnk . (.spgsoft.com - .) C:\Program Files (x86)\FLV Cutter\FLV Cutter.exe =>.spgsoft.com
                                  O4 - GS\Desktop [Motion]: HD Video Converter Factory Pro.lnk . (.WonderFox Soft, Inc - .) C:\Program Files (x86)\WonderFox Soft\HD Video Converter Factory Pro\VideoConverterFactoryPro.exe =>.E-Mig Technology, Inc.®
                                  O4 - GS\Desktop [Motion]: Mumble.lnk . (.Thorvald Natvig - Mumble - Low-latency VoIP client.) C:\Program Files (x86)\Mumble\mumble.exe -m {008793EAD91BA0702533DC9B7AA097F47B} =>.Thorvald Natvig
                                  O4 - GS\Desktop [Motion]: OldSchool RuneScape.lnk . (…) C:\Users\Motion\jagexcache\jagexlauncher\bin\Jagex Launcher.exe oldschool
                                  O4 - GS\Desktop [Motion]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e =>.Spotify AB®
                                  O4 - GS\Desktop [Motion]: StarParse.lnk . (…) C:\Users\Motion\AppData\Local\StarParse\StarParse. exe
                                  O4 - GS\Desktop [Motion]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Motion\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                  O4 - GS\Quicklaunch [Motion]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                  O4 - GS\Quicklaunch [Motion]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O4 - GS\sendTo [Motion]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
                                  O4 - GS\sendTo [Motion]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
                                  O4 - GS\sendTo [Motion]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
                                  O4 - GS\sendTo [Motion]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 12.) C:\Program Files (x86)\TeamViewer\TeamViewer.exe --sendto =>.TeamViewer GmbH®
                                  O4 - GS\TaskBar [Motion]: Volume Mixer.lnk . (.Microsoft Corporation - Volume Mixer.) C:\Windows\System32\SndVol.exe =>.Microsoft Windows®
                                  O4 - GS\Programs [Motion]: csgo.lnk . (…) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe =>.Valve®
                                  O4 - GS\Programs [Motion]: OldSchool RuneScape.lnk . (…) C:\Users\Motion\jagexcache\jagexlauncher\bin\Jagex Launcher.exe oldschool
                                  O4 - GS\Programs [Motion]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Motion\AppData\Local\Microsoft\OneDrive\O neDrive.exe =>.Microsoft Windows®
                                  O4 - GS\Programs [Motion]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e =>.Spotify AB®
                                  O4 - GS\Programs [Motion]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNPUXHost.) C:\Windows\System32\UNP\UNPUXHost.exe =>.Microsoft Corporation
                                  O4 - GS\CommonDesktop [Public]: ASUS GPU TweakII.lnk . (.TODO: - GPUTweakII.) C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe =>.ASUSTeK Computer Inc.®
                                  O4 - GS\CommonDesktop [Public]: Battle.net.lnk . (.Blizzard Entertainment - Blizzard App Launcher.) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe =>.Blizzard Entertainment, Inc.®
                                  O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
                                  O4 - GS\CommonDesktop [Public]: CPUID CPU-Z.lnk . (.CPUID - CPU-Z Application.) C:\Program Files\CPUID\CPU-Z\cpuz.exe =>.CPUID®
                                  O4 - GS\CommonDesktop [Public]: Debut Video Capture Software.lnk . (.NCH Software - Debut Video Capture Software.) C:\Program Files (x86)\NCH Software\Debut\debut.exe =>.NCH Software®
                                  O4 - GS\CommonDesktop [Public]: Fraps.lnk . (.Beepa P/L - Fraps.) C:\Fraps\fraps.exe =>.Beepa P/L
                                  O4 - GS\CommonDesktop [Public]: GeForce Experience.lnk . (.NVIDIA Corporation - NVIDIA GeForce Experience.) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe =>.NVIDIA Corporation®
                                  O4 - GS\CommonDesktop [Public]: GoldWave.lnk . (.GoldWave Inc. - .) C:\Program Files (x86)\GoldWave\GoldWave.exe =>.GoldWave Inc.
                                  O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                  O4 - GS\CommonDesktop [Public]: iTunes.lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
                                  O4 - GS\CommonDesktop [Public]: Malwarebytes.lnk . (.Malwarebytes - Malwarebytes.) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe =>.Malwarebytes Corporation®
                                  O4 - GS\CommonDesktop [Public]: OBS Studio.lnk . (…) C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe =>.Open Source Developer, Hugh Bailey®
                                  O4 - GS\CommonDesktop [Public]: Overwatch.lnk . (.Blizzard Entertainment - Overwatch Setup.) C:\Program Files (x86)\Overwatch\Overwatch Launcher.exe =>.Blizzard Entertainment, Inc.®
                                  O4 - GS\CommonDesktop [Public]: PS3 Media Server.lnk . (.PS3 Media Server - PS3 Media Server.) C:\Program Files (x86)\PS3 Media Server\pms.exe =>.PS3 Media Server
                                  O4 - GS\CommonDesktop [Public]: RogueKiller.lnk . (…) C:\Program Files\RogueKiller\RogueKiller64.exe =>.Adlice®
                                  O4 - GS\CommonDesktop [Public]: Skype.lnk . (…) C:\WINDOWS\Installer{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe =>.Skype Technologies
                                  O4 - GS\CommonDesktop [Public]: Speccy.lnk . (.Piriform Ltd - Speccy.) C:\Program Files\Speccy\Speccy64.exe =>.Piriform Ltd®
                                  O4 - GS\CommonDesktop [Public]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
                                  O4 - GS\CommonDesktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe =>.TeamSpeak Systems GmbH®
                                  O4 - GS\CommonDesktop [Public]: TeamViewer 12.lnk . (.TeamViewer GmbH - TeamViewer 12.) C:\Program Files (x86)\TeamViewer\TeamViewer.exe =>.TeamViewer GmbH®
                                  O4 - GS\CommonDesktop [Public]: VLC media player.lnk . (.VideoLAN - VLC media player.) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe =>.VideoLAN®
                                  O4 - GS\CommonDesktop [Public]: Warcraft Logs Uploader.lnk . (…) C:\Program Files (x86)\Warcraft Logs Uploader\Warcraft Logs Uploader.exe
                                  O4 - GS\CommonDesktop [Public]: World of Warcraft.lnk . (.Blizzard Entertainment - World of Warcraft Setup.) C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe =>.Blizzard Entertainment, Inc.®
                                  O4 - GS\CommonDesktop [Public]: Zemana AntiMalware.lnk . (.Copyright 2017. - ZAM.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
                                  O4 - GS\Programs [Public]: csgo.lnk . (…) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe =>.Valve®
                                  O4 - GS\Programs [Public]: OldSchool RuneScape.lnk . (…) C:\Users\Motion\jagexcache\jagexlauncher\bin\Jagex Launcher.exe oldschool
                                  O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Motion\AppData\Local\Microsoft\OneDrive\O neDrive.exe =>.Microsoft Windows®
                                  O4 - GS\Programs [Public]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e =>.Spotify AB®
                                  O4 - GS\Programs [Public]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNPUXHost.) C:\Windows\System32\UNP\UNPUXHost.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
                                  O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\WINDOWS\system32\eudcedit.exe =>.Microsoft Corporation
                                  O4 - GS\Startup [Public]: SteelSeries Engine 3.lnk . (.SteelSeries ApS - SteelSeries Engine 3 Core.) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath=“C:\ProgramData\SteelSeries\SteelSeries Engine 3” -dbEnv=production -auto=true =>.SteelSeries ApS®
                                  O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\WINDOWS\system32\mblctr.exe /open =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
                                  O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
                                  O4 - GS\ProgramsCommon [Public]: Apple Software Update.lnk . (…) C:\WINDOWS\Installer{52D87F32-70E4-4348-8148-C0B9F35B1314}\AppleSoftwareUpdateIco.exe =>.Apple Inc.
                                  O4 - GS\ProgramsCommon [Public]: Debut Video Capture Software.lnk . (.NCH Software - Debut Video Capture Software.) C:\Program Files (x86)\NCH Software\Debut\debut.exe =>.NCH Software®
                                  O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                  O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
                                  O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
                                  O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
                                  O4 - GS\ProgramsCommon [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe =>.TeamSpeak Systems GmbH®
                                  O4 - GS\ProgramsCommon [Public]: TeamViewer 12.lnk . (.TeamViewer GmbH - TeamViewer 12.) C:\Program Files (x86)\TeamViewer\TeamViewer.exe =>.TeamViewer GmbH®
                                  O4 - GS\ProgramsCommon [Public]: Warcraft Logs Uploader.lnk . (…) C:\Program Files (x86)\Warcraft Logs Uploader\Warcraft Logs Uploader.exe
                                  O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation

                                  —\ Lop.com/Domain Hijackers (3) - 0s
                                  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 =>.France Google Cloud
                                  O17 - HKLM\System\CCS\Services\Tcpip..{847c0a9b-7e1c-4968-ad35-83173d8ea7bc}: NameServer = 8.8.8.8,8.8.4.4 =>.France Google Cloud
                                  O17 - HKLM\System\CCS\Services\Tcpip..{847c0a9b-7e1c-4968-ad35-83173d8ea7bc}: DhcpNameServer = 8.8.8.8 8.8.4.4 =>.France Google Cloud

                                  —\ Extra protocols (24) - 0s
                                  O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                                  O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
                                  O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
                                  O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                                  O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                                  O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
                                  O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) – C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll =>.Microsoft Corporation®
                                  O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
                                  O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                                  O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
                                  O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
                                  O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                                  O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
                                  O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
                                  O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
                                  O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
                                  O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) – C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL =>.Microsoft Corporation®

                                  —\ Software installed (109) - 11s
                                  O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {8C9AA2C1-D07A-48E8-9DD8-471A072947F4} =>.Adobe Systems Incorporated
                                  O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe AIR =>.Adobe Systems Incorporated®
                                  O42 - Logiciel: Adobe Flash Player 26 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
                                  O42 - Logiciel: Ansel - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}Ansel =>.NVIDIA Corporation
                                  O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM][64Bits] – {E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E} =>.Apple Inc.
                                  O42 - Logiciel: Apple Application Support (64-bit) - (.Apple Inc..) [HKLM][64Bits] – {9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE} =>.Apple Inc.
                                  O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] – {0A596141-97D5-45FA-9281-98DFAF48D579} =>.Apple Inc.
                                  O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] – {52D87F32-70E4-4348-8148-C0B9F35B1314} =>.Apple Inc.
                                  O42 - Logiciel: ASUS GPU TweakII - (.ASUSTek COMPUTER INC..) [HKLM][64Bits] – {0075AAC2-EA9F-490E-83F7-5D5F81EB2A43} =>.ASUSTek Computer Inc.
                                  O42 - Logiciel: ASUS GPU TweakII - (.ASUSTek COMPUTER INC..) [HKLM][64Bits] – InstallShield                                  {0075AAC2-EA9F-490E-83F7-5D5F81EB2A43} =>.ASUSTek Computer Inc.
                                  O42 - Logiciel: ASUS Product Register Program - (.ASUSTek Computer Inc..) [HKLM][64Bits] – {C87D79F6-F813-4812-B7A9-CCCAAB8B1188} =>.ASUSTek Computer Inc.
                                  O42 - Logiciel: Audiosurf - (.Dylan Fitterer.) [HKLM][64Bits] – Steam App 12900 =>.Valve®
                                  O42 - Logiciel: Battle.net - (.Blizzard Entertainment.) [HKLM][64Bits] – Battle.net =>.Blizzard Entertainment, Inc.®
                                  O42 - Logiciel: Beats Updater - (.Apple Inc..) [HKLM][64Bits] – {321BEA75-4A58-4A42-911F-24933AE3E077} =>.Apple Inc.
                                  O42 - Logiciel: BitRaider Streaming Client - (.BitRaider, LLC.) [HKLM][64Bits] – BitRaider Streaming Client =>.Electronic Arts®
                                  O42 - Logiciel: Blue Satin Skin - (.Screaming Bee.) [HKLM][64Bits] – {B0C00181-ECF5-4124-A6DE-14EA663D4799} =>.Screaming Bee
                                  O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] – {56DDDFB8-7F79-4480-89D5-25E1F52AB28F} =>.Apple Inc.
                                  O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] – CCleaner =>.Piriform Ltd®
                                  O42 - Logiciel: Counter-Strike: Global Offensive - (.Valve.) [HKLM][64Bits] – Steam App 730 =>.Valve®
                                  O42 - Logiciel: CPUID CPU-Z 1.79.1 - (.CPUID Inc.) [HKLM][64Bits] – CPUID CPU-Z_is1 =>.CPUID Inc
                                  O42 - Logiciel: Debut Video Capture Software - (.NCH Software.) [HKLM][64Bits] – Debut =>.NCH Software®
                                  O42 - Logiciel: Discord - (.Hammer & Chisel, Inc..) [HKCU][64Bits] – Discord =>.Hammer & Chisel Inc.®
                                  O42 - Logiciel: FLV Cutter 1.0 - (.spgsoft.com.) [HKLM][64Bits] – FLV Cutter_is1 =>.spgsoft.com
                                  O42 - Logiciel: Fraps (remove only) - (.Beepa.) [HKLM][64Bits] – Fraps =>.Beepa
                                  O42 - Logiciel: GoldWave v6.15 - (.GoldWave Inc..) [HKLM][64Bits] – GoldWave v6.15 =>.GoldWave Inc.
                                  O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] – Google Chrome =>.Google Inc®
                                  O42 - Logiciel: Google Drive - (.Google, Inc..) [HKLM][64Bits] – {A1238426-ECDF-4639-BE2F-8D12A97AE23C} =>.Google, Inc.
                                  O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
                                  O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] – {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
                                  O42 - Logiciel: H1Z1: King of the Kill - (.Daybreak Game Company.) [HKLM][64Bits] – Steam App 433850 =>.Valve®
                                  O42 - Logiciel: HD Video Converter Factory Pro 8.6 - (.WonderFox Soft, Inc..) [HKLM][64Bits] – HD Video Converter Factory Pro =>.WonderFox Soft, Inc.
                                  O42 - Logiciel: Intel® RealSense™ SDK Runtime - (.Intel Corporation.) [HKLM][64Bits] – ARP_for_prd_rs_sdk_runtime_10.0.26.0396 =>.Intel(R) Software Development Products®
                                  O42 - Logiciel: Intel® RealSense™ SDK Runtime Gold (x64): Core - (.Intel Corporation.) [HKLM][64Bits] – {7ECCC65E-1D74-11E6-B005-2C44FD873B55} =>.Intel Corporation
                                  O42 - Logiciel: Intel® RealSense™ SDK Runtime Gold (x64): User Segmentation - (.Intel Corporation.) [HKLM][64Bits] – {A315DE30-1D74-11E6-A4F2-2C44FD873B55} =>.Intel Corporation
                                  O42 - Logiciel: Intel® RealSense™ SDK Runtime Gold (x86): Core - (.Intel Corporation.) [HKLM][64Bits] – {4BAB7070-1D73-11E6-8844-2C44FD873B55} =>.Intel Corporation
                                  O42 - Logiciel: Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration - (.Intel Corporation.) [HKLM][64Bits] – {676C639E-1D73-11E6-BF2F-2C44FD873B55} =>.Intel Corporation
                                  O42 - Logiciel: Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation - (.Intel Corporation.) [HKLM][64Bits] – {51040000-1D73-11E6-A45D-2C44FD873B55} =>.Intel Corporation
                                  O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] – {F0C7385A-9D20-45F3-8101-05D383885180} =>.Apple Inc.
                                  O42 - Logiciel: Java 7 Update 71 - (.Oracle.) [HKLM][64Bits] – {26A24AE4-039D-4CA4-87B4-2F83217051FF} =>.Oracle
                                  O42 - Logiciel: Java 8 Update 131 - (.Oracle Corporation.) [HKLM][64Bits] – {26A24AE4-039D-4CA4-87B4-2F32180131F0} =>.Oracle Corporation
                                  O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] – {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
                                  O42 - Logiciel: Malwarebytes version 3.1.2.1733 - (.Malwarebytes.) [HKLM][64Bits] – {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1 =>.Malwarebytes Corporation®
                                  O42 - Logiciel: Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291. - (.Microsoft Corporation.) [HKLM][64Bits] – {25E80DAA-FD87-DCE5-202C-CC02F6673002} =>.Microsoft Corporation
                                  O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU][64Bits] – OneDriveSetup.exe =>.Microsoft Windows®
                                  O42 - Logiciel: Microsoft Word 2010 - (.Microsoft Corporation.) [HKLM][64Bits] – Office14.WORD =>.Microsoft Corporation®
                                  O42 - Logiciel: Mumble 1.2.17 - (.Thorvald Natvig.) [HKLM][64Bits] – {95A0093C-0C81-4D0B-BCA7-3CE11755A6BD} =>.Thorvald Natvig
                                  O42 - Logiciel: Norton Security Suite - (.Symantec Corporation.) [HKLM][64Bits] – N360 =>.Symantec Corporation®
                                  O42 - Logiciel: NVIDIA 3D Vision Controller Driver 369.04 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA 3D Vision Driver 382.53 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Backend - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Container - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Control Panel 382.53 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Display Container - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Display Container LS - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Display Session Container - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Display Watchdog Plugin - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA GeForce Experience 3.6.0.74 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Graphics Driver 382.53 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA HD Audio Driver 1.3.34.27 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA LocalSystem Container - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Message Bus for NvContainer - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA NetworkService Container - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Optimus Update 25.0.0.0 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA PhysX System Software 9.17.0524 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Session Container - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA ShadowPlay 3.6.0.74 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay =>.NVIDIA Corporation
                                  O42 - Logiciel: Nvidia Share - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] – NVIDIAStereo =>.NVIDIA Corporation®
                                  O42 - Logiciel: NVIDIA Telemetry Container - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Update 25.0.0.0 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Update Core - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA User Container - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Virtual Audio 3.70.2 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Watchdog Plugin for NvContainer - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog =>.NVIDIA Corporation
                                  O42 - Logiciel: NvNodejs - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs =>.NVIDIA Corporation
                                  O42 - Logiciel: NvTelemetry - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry =>.NVIDIA Corporation
                                  O42 - Logiciel: NvvHci - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci =>.NVIDIA Corporation
                                  O42 - Logiciel: OBS Studio - (.OBS Project.) [HKLM][64Bits] – OBS Studio =>.OBS Project
                                  O42 - Logiciel: OldSchool RuneScape Launcher 1.2.7 - (.Jagex Ltd.) [HKLM][64Bits] – {FEDDCE73-34B8-4980-90B8-8619A78C902C} =>.Jagex Ltd
                                  O42 - Logiciel: Overwatch - (.Blizzard Entertainment.) [HKLM][64Bits] – Overwatch =>.Blizzard Entertainment, Inc.®
                                  O42 - Logiciel: Parsec - (.Parsec.) [HKCU][64Bits] – a53dc3b81e52c50e
                                  O42 - Logiciel: PLAYERUNKNOWN’S BATTLEGROUNDS - (.Bluehole, Inc..) [HKLM][64Bits] – Steam App 578080 =>.Valve®
                                  O42 - Logiciel: PS3 Media Server - (.PS3 Media Server.) [HKLM][64Bits] – PS3 Media Server =>.PS3 Media Server
                                  O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] – {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
                                  O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
                                  O42 - Logiciel: RogueKiller version 12.11.1.0 - (.Adlice Software.) [HKLM][64Bits] – 8B3D7924-ED89-486B-8322-E8594065D5CB_is1 =>.Adlice®
                                  O42 - Logiciel: Samsung Magician - (.Samsung Electronics.) [HKLM][64Bits] – {29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1 =>.Samsung Electronics Co., Ltd.®
                                  O42 - Logiciel: SHIELD Streaming - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv =>.NVIDIA Corporation
                                  O42 - Logiciel: SHIELD Wireless Controller Driver - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController =>.NVIDIA Corporation
                                  O42 - Logiciel: Skype™ 7.37 - (.Skype Technologies S.A..) [HKLM][64Bits] – {3B7E914A-93D5-4A29-92BB-AF8C3F66C431} =>.Skype Technologies S.A.
                                  O42 - Logiciel: Speccy - (.Piriform.) [HKLM][64Bits] – Speccy =>.Piriform Ltd®
                                  O42 - Logiciel: Spotify - (.Spotify AB.) [HKCU][64Bits] – Spotify =>.Spotify AB®
                                  O42 - Logiciel: Star Wars: The Old Republic - (.Electronic Arts, Inc..) [HKLM][64Bits] – {3B11D799-48E0-48ED-BFD7-EA655676D8BB} =>.Electronic Arts®
                                  O42 - Logiciel: StarParse - (.Ixale.) [HKCU][64Bits] – {fxApplication}}_is1 =>.Ixale
                                  O42 - Logiciel: SteelSeries Engine 3.10.2 - (.SteelSeries ApS.) [HKLM][64Bits] – SteelSeries Engine 3 =>.SteelSeries ApS®
                                  O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM][64Bits] – TeamSpeak 3 Client =>.TeamSpeak Systems GmbH
                                  O42 - Logiciel: TeamViewer 12 - (.TeamViewer.) [HKLM][64Bits] – TeamViewer =>.TeamViewer GmbH®
                                  O42 - Logiciel: Virtual Audio Cable 4.10 - (..) [HKLM][64Bits] – Virtual Audio Cable 4.10 =>.NTONYX Ltd.®
                                  O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] – VLC media player =>.VideoLAN
                                  O42 - Logiciel: Vulkan Run Time Libraries 1.0.42.1 - (.LunarG, Inc..) [HKLM][64Bits] – VulkanRT1.0.42.1 =>.LunarG, Inc.®
                                  O42 - Logiciel: Warcraft Logs Uploader - (.UNKNOWN.) [HKLM][64Bits] – {8363B16F-C0CB-02BE-1CD5-4F9239491460}
                                  O42 - Logiciel: Warcraft Logs Uploader - (.UNKNOWN.) [HKLM][64Bits] – com.warcraft.logs
                                  O42 - Logiciel: Windows 10 Update and Privacy Settings - (.Microsoft Corporation.) [HKLM][64Bits] – {293F2009-0145-450B-B4AA-063D43FB368C} =>.Microsoft Corporation
                                  O42 - Logiciel: Windows Driver Package - Apple, Inc. (KernelModeUSB) USBDevice (03/30/2017 - (.Apple, Inc..) [HKLM][64Bits] – 183E383A1862B0622EB93E70D34D830E28AFFBAA =>.Apple, Inc.
                                  O42 - Logiciel: WinPcap 4.1.3 - (.Riverbed Technology, Inc..) [HKLM][64Bits] – WinPcapInst =>.Riverbed Technology, Inc.
                                  O42 - Logiciel: WinRAR 5.40 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] – WinRAR archiver =>.win.rar GmbH®
                                  O42 - Logiciel: World of Warcraft - (.Blizzard Entertainment.) [HKLM][64Bits] – World of Warcraft =>.Blizzard Entertainment, Inc.®
                                  O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM][64Bits] – {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.

                                  —\ HKCU & HKLM Software Keys (130) - 11s
                                  HKLM\SOFTWARE\Wow6432Node\Acoustica =>.Acoustica
                                  HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
                                  HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
                                  HKLM\SOFTWARE\Wow6432Node\AMD =>.AMD
                                  HKLM\SOFTWARE\Wow6432Node\Apple Inc. =>.Apple Inc.
                                  HKLM\SOFTWARE\Wow6432Node\Asus =>.ASUS
                                  HKLM\SOFTWARE\Wow6432Node\BioWare =>.BioWare
                                  HKLM\SOFTWARE\Wow6432Node\Blizzard Entertainment =>.Blizzard Entertainment
                                  HKLM\SOFTWARE\Wow6432Node\Celavimus
                                  HKLM\SOFTWARE\Wow6432Node\Celemony Software GmbH =>.Celemony Software GmbH
                                  HKLM\SOFTWARE\Wow6432Node\Colasoft =>.Colasoft Ltd
                                  HKLM\SOFTWARE\Wow6432Node\Electronic Arts =>.Electronic Arts
                                  HKLM\SOFTWARE\Wow6432Node\Fraps =>.Beepa
                                  HKLM\SOFTWARE\Wow6432Node\GamersFirst =>.GamersFirst
                                  HKLM\SOFTWARE\Wow6432Node\Google =>.Google
                                  HKLM\SOFTWARE\Wow6432Node\IM Providers =>.IM Providers
                                  HKLM\SOFTWARE\Wow6432Node\InstallShield =>.InstallShield
                                  HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
                                  HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
                                  HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
                                  HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
                                  HKLM\SOFTWARE\Wow6432Node\Licenses =>.Microsoft Corporation
                                  HKLM\SOFTWARE\Wow6432Node\Logitech =>.Logitech
                                  HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
                                  HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
                                  HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
                                  HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
                                  HKLM\SOFTWARE\Wow6432Node\MSI =>.MSI
                                  HKLM\SOFTWARE\Wow6432Node\NCH Software =>.NCH Software
                                  HKLM\SOFTWARE\Wow6432Node\NCH Swift Sound =>.NCH Swift Sound
                                  HKLM\SOFTWARE\Wow6432Node\Norton =>.Symantec Corporation
                                  HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
                                  HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
                                  HKLM\SOFTWARE\Wow6432Node\OBS Studio =>.OBS Studio
                                  HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
                                  HKLM\SOFTWARE\Wow6432Node\Origin Games =>.Electronic Arts, Inc.
                                  HKLM\SOFTWARE\Wow6432Node\Overwolf =>.Overwolf
                                  HKLM\SOFTWARE\Wow6432Node\Piriform =>.Piriform
                                  HKLM\SOFTWARE\Wow6432Node\Propellerhead Software =>.Propellerhead Software
                                  HKLM\SOFTWARE\Wow6432Node\Razer =>.Razer
                                  HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
                                  HKLM\SOFTWARE\Wow6432Node\Samsung Magician =>.Samsung Electronics
                                  HKLM\SOFTWARE\Wow6432Node\Screaming Bee =>.Screaming Bee
                                  HKLM\SOFTWARE\Wow6432Node\Skype =>.Skype
                                  HKLM\SOFTWARE\Wow6432Node\SRS Labs =>.SRS Labs
                                  HKLM\SOFTWARE\Wow6432Node\Symantec =>.Symantec
                                  HKLM\SOFTWARE\Wow6432Node\TeamViewer =>.TeamViewer
                                  HKLM\SOFTWARE\Wow6432Node\THQ =>.THQ
                                  HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
                                  HKLM\SOFTWARE\Wow6432Node\VideoLAN =>.VideoLAN
                                  HKLM\SOFTWARE\Wow6432Node\VST =>.Virtual Studio Technology
                                  HKLM\SOFTWARE\Wow6432Node\WafCX =>.WafCX
                                  HKLM\SOFTWARE\Wow6432Node\WinPcap =>.Riverbed Technology
                                  HKLM\SOFTWARE\Wow6432Node\Wondershare =>.Wondershare
                                  HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
                                  HKLM\SOFTWARE\Wow6432Node\Even Balance =>.Even Balance Inc
                                  HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
                                  HKCU\SOFTWARE\Acoustica =>.Acoustica
                                  HKCU\SOFTWARE\Apowersoft =>.Apowersoft
                                  HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
                                  HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
                                  HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
                                  HKCU\SOFTWARE\Applied Acoustics Systems =>.Applied Acoustics Systems
                                  HKCU\SOFTWARE\ASUS =>.ASUS
                                  HKCU\SOFTWARE\Audacity =>.Audacity
                                  HKCU\SOFTWARE\Beats
                                  HKCU\SOFTWARE\Blizzard Entertainment =>.Blizzard Entertainment
                                  HKCU\SOFTWARE\Boilsoft =>.Boilsoft
                                  HKCU\SOFTWARE\Borland =>.Borland
                                  HKCU\SOFTWARE\BugSplat =>.Bugsplat Game
                                  HKCU\SOFTWARE\Bytescout =>.ByteScout
                                  HKCU\SOFTWARE\Chromium =>.Chromium
                                  HKCU\SOFTWARE\Colasoft =>.Colasoft Ltd
                                  HKCU\SOFTWARE\CPUID.COM =>.CPUID Inc
                                  HKCU\SOFTWARE\DefaultCompany =>.Unity
                                  HKCU\SOFTWARE\DownloadToolz =>.DownloadToolz Inc
                                  HKCU\SOFTWARE\Electronic Arts =>.Electronic Arts
                                  HKCU\SOFTWARE\Enterbrain =>.Enterbrain
                                  HKCU\SOFTWARE\Epic Games =>.Epic Games
                                  HKCU\SOFTWARE\ESEA
                                  HKCU\SOFTWARE\Fraps3 =>.Beepa
                                  HKCU\SOFTWARE\Freecorder
                                  HKCU\SOFTWARE\GetFLV =>.GetFLV
                                  HKCU\SOFTWARE\Google =>.Google
                                  HKCU\SOFTWARE\GSLLC =>.GiliSoft International LLC.
                                  HKCU\SOFTWARE\Hyperdesktop
                                  HKCU\SOFTWARE\IM Providers =>.IM Providers
                                  HKCU\SOFTWARE\JavaSoft =>.JavaSoft
                                  HKCU\SOFTWARE\Licenses =>.Microsoft Corporation
                                  HKCU\SOFTWARE\Local AppWizard-Generated Applications =>.ZWCAD
                                  HKCU\SOFTWARE\LogiShrd =>.LogiShrd
                                  HKCU\SOFTWARE\Logitech =>.Logitech
                                  HKCU\SOFTWARE\Macromedia =>.Macromedia
                                  HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
                                  HKCU\SOFTWARE\Mozilla =>.Mozilla
                                  HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
                                  HKCU\SOFTWARE\Mumble =>.Mumble
                                  HKCU\SOFTWARE\Music Recognition
                                  HKCU\SOFTWARE\NCH Software =>.NCH Software
                                  HKCU\SOFTWARE\NCH Swift Sound =>.NCH Swift Sound
                                  HKCU\SOFTWARE\Netscape =>.Netscape
                                  HKCU\SOFTWARE\Norton =>.Symantec Corporation
                                  HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
                                  HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
                                  HKCU\SOFTWARE\OldSchool RuneScape
                                  HKCU\SOFTWARE\Piriform =>.Piriform
                                  HKCU\SOFTWARE\PS3 Media Server =>.PS3 Media Server
                                  HKCU\SOFTWARE\QtProject =>.QtProject
                                  HKCU\SOFTWARE\Razer =>.Razer
                                  HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
                                  HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
                                  HKCU\SOFTWARE\rejetto
                                  HKCU\SOFTWARE\Skype =>.Skype
                                  HKCU\SOFTWARE\Spotify =>.Spotify
                                  HKCU\SOFTWARE\TeamSpeak 3 Client =>.TeamSpeak
                                  HKCU\SOFTWARE\TeamViewer =>.TeamViewer
                                  HKCU\SOFTWARE\Trolltech =>.Trolltech
                                  HKCU\SOFTWARE\Unwinder =>.Unwinder
                                  HKCU\SOFTWARE\Valve =>.Valve
                                  HKCU\SOFTWARE\Ventrilo
                                  HKCU\SOFTWARE\VirtualDub.org =>.VirtualDub.org
                                  HKCU\SOFTWARE\WinRAR =>.WinRAR
                                  HKCU\SOFTWARE\WinRAR SFX =>.RarLab
                                  HKCU\SOFTWARE\Wondershare =>.Wondershare
                                  HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
                                  HKCU\SOFTWARE\Zemana =>.Zemana
                                  HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
                                  HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
                                  HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft
                                  HKCU\SOFTWARE\AppDataLow\Software\Norton =>.Symantec Corporation

                                  —\ Contents of the Common Files folders (392) - 8s
                                  O43 - CFD: 30/12/2016 - AD – C:\Program Files\Bonjour =>.Apple Inc.
                                  O43 - CFD: 06/04/2017 - AD – C:\Program Files\CCleaner =>.Piriform Ltd
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files\Common Files =>.Microsoft Corporation
                                  O43 - CFD: 14/06/2017 - D – C:\Program Files\CPUID =>.CPUID Inc
                                  O43 - CFD: 05/05/2017 - D – C:\Program Files\DIFX =>.Microsoft Corporation
                                  O43 - CFD: 30/07/2015 - D – C:\Program Files\DVD Maker =>.Aone Software
                                  O43 - CFD: 17/12/2013 - D – C:\Program Files\ESEA =>.Turtle Entertainment Online, Inc.®
                                  O43 - CFD: 25/09/2015 - D – C:\Program Files\GoldWave =>.GoldWave Inc.
                                  O43 - CFD: 29/05/2017 - D – C:\Program Files\Haste
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
                                  O43 - CFD: 15/06/2017 - D – C:\Program Files\iPod =>.Apple Inc.®
                                  O43 - CFD: 15/06/2017 - AD – C:\Program Files\iTunes =>.Apple Inc.
                                  O43 - CFD: 16/06/2017 - D – C:\Program Files\Malwarebytes =>.Malwarebytes
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files\Microsoft Games =>.Microsoft Corporation
                                  O43 - CFD: 06/10/2016 - D – C:\Program Files\Microsoft Office =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
                                  O43 - CFD: 27/03/2017 - D – C:\Program Files\NortonInstaller =>.Symantec
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
                                  O43 - CFD: 14/04/2017 - D – C:\Program Files\OBS =>.OBS
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files\Realtek =>.Realtek
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
                                  O43 - CFD: 15/06/2017 - AD – C:\Program Files\RogueKiller =>.Adlice
                                  O43 - CFD: 14/06/2017 - AD – C:\Program Files\Speccy =>.Piriform
                                  O43 - CFD: 21/11/2016 - D – C:\Program Files\SteelSeries =>.SteelSeries
                                  O43 - CFD: 21/05/2017 - AD – C:\Program Files\TeamSpeak 3 Client =>.TeamSpeak
                                  O43 - CFD: 10/07/2015 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
                                  O43 - CFD: 03/05/2017 - AD – C:\Program Files\UNP =>.Microsoft Corporation
                                  O43 - CFD: 12/09/2016 - D – C:\Program Files\VB =>.Vincent Burel®
                                  O43 - CFD: 12/12/2014 - D – C:\Program Files\Virtual Audio Cable =>.NTONYX Ltd.®
                                  O43 - CFD: 05/06/2017 - RD – C:\Program Files\Windows Defender =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows Defender Advanced Threat Protection =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows Security =>.Unknown
                                  O43 - CFD: 05/06/2017 - SHD – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
                                  O43 - CFD: 16/06/2017 - HD – C:\Program Files\WindowsApps =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
                                  O43 - CFD: 15/06/2017 - AD – C:\Program Files\WinRAR =>.win.rar GmbH®
                                  O43 - CFD: 12/04/2015 - D – C:\Program Files (x86)\Adobe =>.Adobe Systems Incorporated®
                                  O43 - CFD: 15/06/2017 - AD – C:\Program Files (x86)\Apple Software Update =>.Apple Inc.
                                  O43 - CFD: 28/02/2014 - D – C:\Program Files (x86)\Applian Technologies =>.Applian Technologies
                                  O43 - CFD: 12/05/2017 - D – C:\Program Files (x86)\ASUS =>.ASUS
                                  O43 - CFD: 14/08/2015 - D – C:\Program Files (x86)\Avidemux 2.6 - 32 bits
                                  O43 - CFD: 15/06/2017 - AD – C:\Program Files (x86)\Battle.net =>.Games Software
                                  O43 - CFD: 05/05/2017 - AD – C:\Program Files (x86)\Beats by Dr. Dre =>.Apple Inc.®
                                  O43 - CFD: 30/12/2016 - AD – C:\Program Files (x86)\Bonjour =>.Apple Inc.
                                  O43 - CFD: 27/05/2015 - D – C:\Program Files (x86)\CEVO =>.ALTPUG LLC®
                                  O43 - CFD: 10/03/2016 - D – C:\Program Files (x86)\Colasoft Capsa 8 Free Edition
                                  O43 - CFD: 15/06/2017 - D – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
                                  O43 - CFD: 20/12/2013 - D – C:\Program Files (x86)\Electronic Arts =>.Electronic Arts
                                  O43 - CFD: 14/08/2015 - AD – C:\Program Files (x86)\FLV Cutter
                                  O43 - CFD: 06/03/2016 - D – C:\Program Files (x86)\GetFLV =>.GetFLV Corporation
                                  O43 - CFD: 19/07/2015 - D – C:\Program Files (x86)\Google =>.Google Inc®
                                  O43 - CFD: 12/05/2017 - HD – C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
                                  O43 - CFD: 15/06/2017 - D – C:\Program Files (x86)\Java =>.Oracle
                                  O43 - CFD: 21/11/2016 - D – C:\Program Files (x86)\Logitech =>.Logitech
                                  O43 - CFD: 06/06/2017 - D – C:\Program Files (x86)\Microsoft ASP.NET =>.Microsoft Corporation
                                  O43 - CFD: 06/10/2016 - AD – C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
                                  O43 - CFD: 06/10/2016 - D – C:\Program Files (x86)\Microsoft SQL Server Compact Edition =>.Microsoft Corporation
                                  O43 - CFD: 06/10/2016 - D – C:\Program Files (x86)\Microsoft Synchronization Services =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
                                  O43 - CFD: 23/04/2017 - D – C:\Program Files (x86)\MSI =>.MSI
                                  O43 - CFD: 22/04/2017 - D – C:\Program Files (x86)\MSI Afterburner =>.Micro-Star International Co
                                  O43 - CFD: 21/11/2016 - AD – C:\Program Files (x86)\Mumble =>.Mumble
                                  O43 - CFD: 02/10/2015 - D – C:\Program Files (x86)\NCH Software =>.NCH Software
                                  O43 - CFD: 23/03/2017 - AD – C:\Program Files (x86)\Norton Security Suite =>.Symantec Corporation
                                  O43 - CFD: 15/03/2017 - D – C:\Program Files (x86)\NortonInstaller =>.Symantec
                                  O43 - CFD: 13/06/2017 - D – C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
                                  O43 - CFD: 14/04/2017 - D – C:\Program Files (x86)\OBS =>.OBS
                                  O43 - CFD: 14/04/2017 - D – C:\Program Files (x86)\obs-studio =>.OBS-Studio
                                  O43 - CFD: 09/06/2016 - D – C:\Program Files (x86)\Origin Games =>.Electronic Arts, Inc.
                                  O43 - CFD: 15/06/2017 - AD – C:\Program Files (x86)\Overwatch =>.Blizzard Entertainment
                                  O43 - CFD: 02/10/2015 - D – C:\Program Files (x86)\PRTG Network Monitor
                                  O43 - CFD: 03/11/2016 - D – C:\Program Files (x86)\PS3 Media Server =>.PS3 Media Server
                                  O43 - CFD: 23/01/2014 - D – C:\Program Files (x86)\Razer =>.Razer
                                  O43 - CFD: 16/12/2013 - D – C:\Program Files (x86)\Realtek =>.Realtek
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
                                  O43 - CFD: 13/06/2017 - AD – C:\Program Files (x86)\Samsung Magician =>.Samsung Electronics
                                  O43 - CFD: 15/06/2017 - RD – C:\Program Files (x86)\Skype =>.Skype
                                  O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Steam =>.Steam Games
                                  O43 - CFD: 15/06/2017 - AD – C:\Program Files (x86)\TeamViewer =>.TeamViewer GmbH®
                                  O43 - CFD: 05/06/2017 - [0] HD – C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
                                  O43 - CFD: 12/09/2016 - D – C:\Program Files (x86)\VB =>.Vincent Burel®
                                  O43 - CFD: 16/12/2013 - D – C:\Program Files (x86)\VideoLAN =>.VideoLan Team
                                  O43 - CFD: 13/06/2017 - D – C:\Program Files (x86)\VulkanRT =>.LunarG, Inc
                                  O43 - CFD: 26/10/2016 - AD – C:\Program Files (x86)\Warcraft Logs Uploader =>.Games Software
                                  O43 - CFD: 31/12/2015 - AD – C:\Program Files (x86)\WhoreCraft
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - SHD – C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
                                  O43 - CFD: 23/12/2014 - D – C:\Program Files (x86)\WinPcap =>.Riverbed Technology
                                  O43 - CFD: 04/06/2016 - D – C:\Program Files (x86)\WonderFox Soft =>.E-Mig Technology, Inc.®
                                  O43 - CFD: 16/06/2017 - AD – C:\Program Files (x86)\World of Warcraft =>.Blizzard Entertainment
                                  O43 - CFD: 16/06/2017 - D – C:\Program Files (x86)\Zemana AntiMalware =>.Zemana
                                  O43 - CFD: 18/03/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
                                  O43 - CFD: 13/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
                                  O43 - CFD: 10/05/2017 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings =>.Samsung Electronics
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS =>.ASUS
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net =>.Games Software
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beats by Dr. Dre
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
                                  O43 - CFD: 14/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID =>.CPUID Inc
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA =>.Electronic Arts, Inc.
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESEA
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Cutter
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps =>.Fraps Games
                                  O43 - CFD: 05/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoldWave =>.GoldWave Inc.
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive =>.Google Inc.
                                  O43 - CFD: 15/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes =>.Apple Inc.
                                  O43 - CFD: 15/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
                                  O43 - CFD: 18/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
                                  O43 - CFD: 16/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes =>.Malwarebytes
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble =>.Mumble
                                  O43 - CFD: 06/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite =>.Symantec Corporation
                                  O43 - CFD: 13/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation =>.nVidia Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio =>.OBS Studio
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch =>.Blizzard Entertainment
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server =>.PS3 Media Server
                                  O43 - CFD: 15/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller =>.Adlice
                                  O43 - CFD: 13/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician =>.Samsung Electronics
                                  O43 - CFD: 15/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
                                  O43 - CFD: 14/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy =>.Piriform
                                  O43 - CFD: 05/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries =>.SteelSeries
                                  O43 - CFD: 18/03/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
                                  O43 - CFD: 30/10/2015 - [0] RHD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client =>.TeamSpeak
                                  O43 - CFD: 13/09/2016 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLan Team
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoreCraft
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap =>.Riverbed Technology
                                  O43 - CFD: 15/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft =>.Blizzard Entertainment
                                  O43 - CFD: 16/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware =>.Zemana
                                  O43 - CFD: 22/12/2015 - D – C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 =>.GEAR Software, Inc.
                                  O43 - CFD: 13/09/2014 - D – C:\ProgramData\Acoustica =>.Acoustica
                                  O43 - CFD: 12/04/2015 - D – C:\ProgramData\Adobe =>.Adobe
                                  O43 - CFD: 25/04/2014 - D – C:\ProgramData\altPUG
                                  O43 - CFD: 11/06/2017 - D – C:\ProgramData\Apowersoft =>.Apowersoft
                                  O43 - CFD: 29/01/2014 - D – C:\ProgramData\Apple =>.Apple Inc.
                                  O43 - CFD: 29/01/2014 - D – C:\ProgramData\Apple Computer =>.Apple Inc.
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
                                  O43 - CFD: 14/05/2017 - D – C:\ProgramData\APRP =>.APRP
                                  O43 - CFD: 31/12/2015 - D – C:\ProgramData\Battle.net =>.Games Software
                                  O43 - CFD: 30/09/2015 - D – C:\ProgramData\BitRaider =>.BitRaider
                                  O43 - CFD: 15/11/2016 - D – C:\ProgramData\Blizzard Entertainment =>.Blizzard Entertainment
                                  O43 - CFD: 13/10/2015 - D – C:\ProgramData\boost_interprocess =>.boost.org
                                  O43 - CFD: 22/08/2014 - D – C:\ProgramData\Celavimus
                                  O43 - CFD: 13/09/2014 - D – C:\ProgramData\Celemony Software GmbH =>.Celemony Software GmbH
                                  O43 - CFD: 10/03/2016 - [0] D – C:\ProgramData\Colasoft Capsa 8 Free
                                  O43 - CFD: 16/07/2016 - [0] D – C:\ProgramData\Comms =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
                                  O43 - CFD: 17/12/2013 - D – C:\ProgramData\Downloaded Installations =>.Microsoft Corporation
                                  O43 - CFD: 24/09/2015 - D – C:\ProgramData\EA Core =>.Electronic Arts, Inc.
                                  O43 - CFD: 24/09/2015 - D – C:\ProgramData\EA Logs =>.Electronic Arts, Inc.
                                  O43 - CFD: 24/09/2015 - D – C:\ProgramData\Electronic Arts =>.Electronic Arts
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\ProgramData\Favorites =>.Microsoft Corporation
                                  O43 - CFD: 14/04/2017 - D – C:\ProgramData\Intel =>.Intel Corporation
                                  O43 - CFD: 14/04/2017 - D – C:\ProgramData\Intel Telemetry =>.Intel Corporation
                                  O43 - CFD: 02/10/2015 - D – C:\ProgramData\Licenses =>.Microsoft Corporation
                                  O43 - CFD: 11/02/2016 - D – C:\ProgramData\LogiShrd =>.Logitech Inc.
                                  O43 - CFD: 02/10/2015 - D – C:\ProgramData\Logs =>.ABBYY Software
                                  O43 - CFD: 16/06/2017 - D – C:\ProgramData\Malwarebytes =>.Malwarebytes
                                  O43 - CFD: 11/10/2015 - D – C:\ProgramData\McAfee =>.McAfee
                                  O43 - CFD: 05/06/2017 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 13/06/2017 - D – C:\ProgramData\Microsoft Help =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
                                  O43 - CFD: 02/10/2015 - D – C:\ProgramData\NCH Software =>.NCH Software
                                  O43 - CFD: 17/03/2017 - D – C:\ProgramData\Norton =>.Symantec Corporation
                                  O43 - CFD: 16/12/2013 - D – C:\ProgramData\NortonInstaller =>.Symantec
                                  O43 - CFD: 16/06/2017 - D – C:\ProgramData\NVIDIA =>.nVidia Corporation
                                  O43 - CFD: 13/06/2017 - D – C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
                                  O43 - CFD: 03/12/2014 - D – C:\ProgramData\Oracle =>.Oracle
                                  O43 - CFD: 10/04/2017 - D – C:\ProgramData\Origin =>.Electronic Arts, Inc.
                                  O43 - CFD: 14/04/2017 - D – C:\ProgramData\Package Cache =>.Microsoft Corporation
                                  O43 - CFD: 02/10/2015 - D – C:\ProgramData\Paessler =>.Paessler
                                  O43 - CFD: 25/04/2017 - D – C:\ProgramData\PMS =>.PMS
                                  O43 - CFD: 03/03/2016 - D – C:\ProgramData\Razer =>.Razer
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
                                  O43 - CFD: 15/06/2017 - D – C:\ProgramData\RogueKiller =>.Adlice
                                  O43 - CFD: 13/06/2017 - D – C:\ProgramData\Samsung =>.Samsung Electronics
                                  O43 - CFD: 18/08/2014 - D – C:\ProgramData\Screaming Bee =>.Screaming Bee
                                  O43 - CFD: 15/06/2017 - D – C:\ProgramData\Skype =>.Skype
                                  O43 - CFD: 18/03/2017 - [0] D – C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
                                  O43 - CFD: 23/09/2015 - D – C:\ProgramData\SteelSeries =>.SteelSeries
                                  O43 - CFD: 28/02/2014 - D – C:\ProgramData\Sun =>.Oracle
                                  O43 - CFD: 02/10/2015 - [0] AD – C:\ProgramData\TEMP =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\USOPrivate =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\ProgramData\USOShared =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\ProgramData\WindowsHolographicDevices
                                  O43 - CFD: 14/08/2015 - D – C:\ProgramData\Wondershare =>.Wondershare
                                  O43 - CFD: 15/06/2017 - AD – C:\Program Files (x86)\Common Files\Adobe AIR =>.Adobe Inc.
                                  O43 - CFD: 22/12/2015 - D – C:\Program Files (x86)\Common Files\Apple =>.Apple Inc.
                                  O43 - CFD: 13/06/2017 - D – C:\Program Files (x86)\Common Files\BattlEye =>.BattlEye
                                  O43 - CFD: 30/09/2015 - D – C:\Program Files (x86)\Common Files\BioWare =>.BioWare
                                  O43 - CFD: 18/03/2015 - D – C:\Program Files (x86)\Common Files\Blizzard Entertainment =>.Blizzard Entertainment
                                  O43 - CFD: 02/10/2015 - [0] D – C:\Program Files (x86)\Common Files\Colasoft Shared
                                  O43 - CFD: 06/06/2017 - AD – C:\Program Files (x86)\Common Files\DESIGNER =>.Designer
                                  O43 - CFD: 30/11/2015 - [0] HD – C:\Program Files (x86)\Common Files\EAInstaller =>.Electronic Arts, Inc.
                                  O43 - CFD: 12/05/2017 - D – C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
                                  O43 - CFD: 14/04/2017 - D – C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation
                                  O43 - CFD: 15/06/2017 - D – C:\Program Files (x86)\Common Files\Java =>.Oracle
                                  O43 - CFD: 21/11/2016 - AD – C:\Program Files (x86)\Common Files\logishrd =>.Logitech Inc.
                                  O43 - CFD: 06/06/2017 - AD – C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
                                  O43 - CFD: 18/08/2014 - D – C:\Program Files (x86)\Common Files\Screaming Bee =>.Screaming Bee
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
                                  O43 - CFD: 15/06/2017 - AD – C:\Program Files (x86)\Common Files\Skype =>.Skype
                                  O43 - CFD: 05/06/2017 - D – C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
                                  O43 - CFD: 12/06/2017 - D – C:\Program Files (x86)\Common Files\Steam =>.Steam Games
                                  O43 - CFD: 15/03/2017 - D – C:\Program Files (x86)\Common Files\Symantec Shared =>.Symantec Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
                                  O43 - CFD: 14/08/2015 - D – C:\Program Files (x86)\Common Files\Wondershare =>.Wondershare
                                  O43 - CFD: 13/09/2014 - D – C:\Users\Motion\AppData\Roaming\Acoustica =>.Acoustica
                                  O43 - CFD: 12/04/2015 - D – C:\Users\Motion\AppData\Roaming\Adobe =>.Adobe
                                  O43 - CFD: 11/06/2017 - D – C:\Users\Motion\AppData\Roaming\Apowersoft =>.Apowersoft
                                  O43 - CFD: 21/09/2014 - D – C:\Users\Motion\AppData\Roaming\Apple Computer =>.Apple Inc.
                                  O43 - CFD: 25/09/2015 - D – C:\Users\Motion\AppData\Roaming\Audacity =>.Audacity
                                  O43 - CFD: 14/08/2015 - D – C:\Users\Motion\AppData\Roaming\avidemux =>.Mean
                                  O43 - CFD: 25/01/2014 - D – C:\Users\Motion\AppData\Roaming\Avnex
                                  O43 - CFD: 17/05/2017 - D – C:\Users\Motion\AppData\Roaming\Battle.net =>.Games Software
                                  O43 - CFD: 14/08/2015 - D – C:\Users\Motion\AppData\Roaming\Boilsoft =>.Boilsoft
                                  O43 - CFD: 02/10/2015 - D – C:\Users\Motion\AppData\Roaming\Colasoft MAC Scanner
                                  O43 - CFD: 02/10/2015 - D – C:\Users\Motion\AppData\Roaming\Colasoft Packet Player
                                  O43 - CFD: 02/10/2015 - D – C:\Users\Motion\AppData\Roaming\Colasoft Ping Tool
                                  O43 - CFD: 12/04/2015 - D – C:\Users\Motion\AppData\Roaming\com.warcraft.logs =>.Games Software
                                  O43 - CFD: 12/06/2017 - D – C:\Users\Motion\AppData\Roaming\discord =>.GitHub
                                  O43 - CFD: 23/12/2014 - D – C:\Users\Motion\AppData\Roaming\DonationCoder =>.Mouser
                                  O43 - CFD: 05/03/2016 - D – C:\Users\Motion\AppData\Roaming\dvdcss =>.VideoLan Team
                                  O43 - CFD: 14/08/2015 - D – C:\Users\Motion\AppData\Roaming\EasiestSoft =>.EasiestSoft International LLC
                                  O43 - CFD: 28/02/2014 - D – C:\Users\Motion\AppData\Roaming\freecorder
                                  O43 - CFD: 25/09/2015 - D – C:\Users\Motion\AppData\Roaming\GoldWave =>.GoldWave Inc.
                                  O43 - CFD: 18/10/2014 - D – C:\Users\Motion\AppData\Roaming\Hyperdesktop
                                  O43 - CFD: 16/12/2013 - D – C:\Users\Motion\AppData\Roaming\Identities =>.Microsoft Corporation
                                  O43 - CFD: 11/02/2016 - D – C:\Users\Motion\AppData\Roaming\Leadertech =>.Leadertech Systems
                                  O43 - CFD: 28/11/2014 - D – C:\Users\Motion\AppData\Roaming\Macromedia =>.Macromedia
                                  O43 - CFD: 14/07/2009 - [0] D – C:\Users\Motion\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - SD – C:\Users\Motion\AppData\Roaming\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 02/06/2015 - D – C:\Users\Motion\AppData\Roaming\Mozilla =>.Mozilla Corporation
                                  O43 - CFD: 02/06/2017 - D – C:\Users\Motion\AppData\Roaming\Mumble =>.Mumble
                                  O43 - CFD: 13/09/2014 - D – C:\Users\Motion\AppData\Roaming\Music Recognition
                                  O43 - CFD: 24/12/2013 - D – C:\Users\Motion\AppData\Roaming\NCH Software =>.NCH Software
                                  O43 - CFD: 20/05/2017 - D – C:\Users\Motion\AppData\Roaming\NVIDIA =>.nVidia Corporation
                                  O43 - CFD: 14/04/2017 - D – C:\Users\Motion\AppData\Roaming\OBS =>.OBS
                                  O43 - CFD: 07/06/2017 - D – C:\Users\Motion\AppData\Roaming\obs-studio =>.OBS-Studio
                                  O43 - CFD: 16/11/2014 - D – C:\Users\Motion\AppData\Roaming\Oracle =>.Oracle
                                  O43 - CFD: 09/06/2016 - D – C:\Users\Motion\AppData\Roaming\Origin =>.Electronic Arts, Inc.
                                  O43 - CFD: 23/01/2015 - D – C:\Users\Motion\AppData\Roaming\Screaming Bee =>.Screaming Bee
                                  O43 - CFD: 15/06/2017 - D – C:\Users\Motion\AppData\Roaming\Skype =>.Skype
                                  O43 - CFD: 16/06/2017 - D – C:\Users\Motion\AppData\Roaming\Spotify =>.Spotify
                                  O43 - CFD: 25/12/2013 - D – C:\Users\Motion\AppData\Roaming\SteelSeries =>.SteelSeries
                                  O43 - CFD: 15/06/2017 - D – C:\Users\Motion\AppData\Roaming\steelseries-engine-3-client =>.Legitimate
                                  O43 - CFD: 15/06/2017 - D – C:\Users\Motion\AppData\Roaming\Sun =>.Oracle
                                  O43 - CFD: 13/09/2014 - [0] D – C:\Users\Motion\AppData\Roaming\SynthMaker
                                  O43 - CFD: 09/06/2017 - D – C:\Users\Motion\AppData\Roaming\TeamViewer =>.TeamViewer
                                  O43 - CFD: 13/10/2015 - D – C:\Users\Motion\AppData\Roaming\Tera_Awesomium
                                  O43 - CFD: 09/06/2017 - D – C:\Users\Motion\AppData\Roaming\TS3Client =>.TeamSpeak
                                  O43 - CFD: 03/03/2016 - D – C:\Users\Motion\AppData\Roaming\Ventrilo
                                  O43 - CFD: 11/06/2017 - D – C:\Users\Motion\AppData\Roaming\vlc =>.VideoLan Team
                                  O43 - CFD: 18/12/2013 - D – C:\Users\Motion\AppData\Roaming\WinRAR =>.WinRAR
                                  O43 - CFD: 16/06/2017 - D – C:\Users\Motion\AppData\Roaming\ZHP =>.Nicolas Coolman
                                  O43 - CFD: 05/03/2016 - [0] D – C:\Users\Motion\AppData\Local\ActiveSync =>.Microsoft Corporation
                                  O43 - CFD: 11/10/2015 - D – C:\Users\Motion\AppData\Local\Adobe =>.Adobe
                                  O43 - CFD: 25/04/2014 - D – C:\Users\Motion\AppData\Local\altPUG_LLC
                                  O43 - CFD: 12/05/2017 - D – C:\Users\Motion\AppData\Local\AMD =>.AMD
                                  O43 - CFD: 29/01/2014 - D – C:\Users\Motion\AppData\Local\Apple =>.Apple Inc.
                                  O43 - CFD: 29/01/2014 - D – C:\Users\Motion\AppData\Local\Apple Computer =>.Apple Inc.
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\Users\Motion\AppData\Local\Application Data =>.Microsoft Corporation
                                  O43 - CFD: 16/12/2013 - D – C:\Users\Motion\AppData\Local\Apps =>.Microsoft Corporation
                                  O43 - CFD: 16/06/2017 - D – C:\Users\Motion\AppData\Local\Battle.net =>.Games Software
                                  O43 - CFD: 05/05/2017 - D – C:\Users\Motion\AppData\Local\Beats
                                  O43 - CFD: 03/04/2016 - D – C:\Users\Motion\AppData\Local\BetterDS3
                                  O43 - CFD: 12/03/2014 - D – C:\Users\Motion\AppData\Local\Blizzard =>.Blizzard
                                  O43 - CFD: 16/12/2013 - D – C:\Users\Motion\AppData\Local\Blizzard Entertainment =>.Blizzard Entertainment
                                  O43 - CFD: 04/07/2015 - D – C:\Users\Motion\AppData\Local\CEF =>.CEF
                                  O43 - CFD: 28/12/2016 - D – C:\Users\Motion\AppData\Local\Chromium =>.Chromium
                                  O43 - CFD: 30/07/2015 - D – C:\Users\Motion\AppData\Local\Comms =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\Users\Motion\AppData\Local\ConnectedDevicesPlat form =>.Microsoft Corporation
                                  O43 - CFD: 13/06/2017 - D – C:\Users\Motion\AppData\Local\CrashDumps =>.Microsoft Corporation
                                  O43 - CFD: 29/02/2016 - D – C:\Users\Motion\AppData\Local\CrashReportClient
                                  O43 - CFD: 18/03/2017 - D – C:\Users\Motion\AppData\Local\Daybreak Game Company =>.Daybreak Game Company
                                  O43 - CFD: 08/06/2017 - [0] D – C:\Users\Motion\AppData\Local\DBG =>.DBG
                                  O43 - CFD: 30/05/2017 - [0] D – C:\Users\Motion\AppData\Local\Diagnostics =>.Microsoft Corporation
                                  O43 - CFD: 11/01/2017 - D – C:\Users\Motion\AppData\Local\Discord =>.GitHub
                                  O43 - CFD: 29/05/2017 - D – C:\Users\Motion\AppData\Local\Downloaded Installations =>.Microsoft Corporation
                                  O43 - CFD: 26/12/2016 - [0] D – C:\Users\Motion\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
                                  O43 - CFD: 15/07/2015 - [0] SHD – C:\Users\Motion\AppData\Local\EmieBrowserModeList =>.Enterprise mode Site List Mgr
                                  O43 - CFD: 15/07/2015 - [0] SHD – C:\Users\Motion\AppData\Local\EmieSiteList =>.Enterprise mode Site List Mgr
                                  O43 - CFD: 15/07/2015 - [0] SHD – C:\Users\Motion\AppData\Local\EmieUserList =>.Enterprise mode Site List Mgr
                                  O43 - CFD: 29/09/2014 - D – C:\Users\Motion\AppData\Local\GamersFirst =>.GamersFirst
                                  O43 - CFD: 28/10/2016 - D – C:\Users\Motion\AppData\Local\Google =>.Google
                                  O43 - CFD: 31/05/2015 - D – C:\Users\Motion\AppData\Local\GWX =>.GWX
                                  O43 - CFD: 29/05/2017 - D – C:\Users\Motion\AppData\Local\Haste
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\Users\Motion\AppData\Local\History =>.Microsoft Corporation
                                  O43 - CFD: 12/05/2017 - D – C:\Users\Motion\AppData\Local\iTunes =>.Apple Inc.
                                  O43 - CFD: 28/02/2014 - D – C:\Users\Motion\AppData\Local\Jaksta_Technologies_ Pty_L
                                  O43 - CFD: 11/02/2016 - D – C:\Users\Motion\AppData\Local\Logitech® Webcam Software =>.Logitech Inc.
                                  O43 - CFD: 11/10/2015 - D – C:\Users\Motion\AppData\Local\Macromedia =>.Macromedia
                                  O43 - CFD: 11/06/2017 - D – C:\Users\Motion\AppData\Local\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 06/10/2016 - [0] D – C:\Users\Motion\AppData\Local\Microsoft Help =>.Microsoft Corporation
                                  O43 - CFD: 12/12/2015 - D – C:\Users\Motion\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
                                  O43 - CFD: 26/12/2014 - D – C:\Users\Motion\AppData\Local\Mozilla =>.Mozilla Corporation
                                  O43 - CFD: 14/06/2017 - D – C:\Users\Motion\AppData\Local\NPE =>.NPE
                                  O43 - CFD: 12/05/2017 - D – C:\Users\Motion\AppData\Local\NVIDIA =>.nVidia Corporation
                                  O43 - CFD: 22/05/2017 - D – C:\Users\Motion\AppData\Local\NVIDIA Corporation =>.nVidia Corporation
                                  O43 - CFD: 29/02/2016 - D – C:\Users\Motion\AppData\Local\OST_Game
                                  O43 - CFD: 05/06/2017 - D – C:\Users\Motion\AppData\Local\Packages =>.Microsoft Corporation
                                  O43 - CFD: 02/08/2015 - [0] D – C:\Users\Motion\AppData\Local\PeerDistRepub =>.Microsoft Corporation
                                  O43 - CFD: 16/12/2013 - D – C:\Users\Motion\AppData\Local\Programs =>.Microsoft Corporation
                                  O43 - CFD: 30/07/2015 - D – C:\Users\Motion\AppData\Local\Publishers =>.Microsoft Corporation
                                  O43 - CFD: 24/09/2015 - D – C:\Users\Motion\AppData\Local\PunkBuster =>.PunkBuster Games
                                  O43 - CFD: 24/01/2014 - D – C:\Users\Motion\AppData\Local\Razer =>.Razer
                                  O43 - CFD: 18/03/2017 - D – C:\Users\Motion\AppData\Local\SCE =>.SCE
                                  O43 - CFD: 24/04/2016 - [0] D – C:\Users\Motion\AppData\Local\Skype =>.Skype
                                  O43 - CFD: 21/04/2017 - D – C:\Users\Motion\AppData\Local\Spotify =>.Spotify
                                  O43 - CFD: 05/06/2016 - D – C:\Users\Motion\AppData\Local\SquirrelTemp =>.Squirrels
                                  O43 - CFD: 31/10/2015 - D – C:\Users\Motion\AppData\Local\StarParse
                                  O43 - CFD: 28/12/2016 - D – C:\Users\Motion\AppData\Local\Steam =>.Steam Games
                                  O43 - CFD: 25/12/2013 - D – C:\Users\Motion\AppData\Local\SteelSeries_ApS
                                  O43 - CFD: 30/09/2015 - D – C:\Users\Motion\AppData\Local\SWTOR =>.Electronic Arts, Inc.
                                  O43 - CFD: 20/12/2013 - D – C:\Users\Motion\AppData\Local\SWTORPerf =>.Electronic Arts, Inc.
                                  O43 - CFD: 12/01/2017 - D – C:\Users\Motion\AppData\Local\TeamSpeak 3 =>.TeamSpeak
                                  O43 - CFD: 16/06/2017 - D – C:\Users\Motion\AppData\Local\Temp =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\Users\Motion\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                  O43 - CFD: 22/05/2015 - D – C:\Users\Motion\AppData\Local\TERA =>.Gameforge Productions GmbH
                                  O43 - CFD: 29/05/2017 - D – C:\Users\Motion\AppData\Local\Thalonet,_Inc._dba_H aste
                                  O43 - CFD: 30/07/2015 - D – C:\Users\Motion\AppData\Local\TileDataLayer =>.Microsoft Corporation
                                  O43 - CFD: 23/03/2017 - D – C:\Users\Motion\AppData\Local\TslGame
                                  O43 - CFD: 03/05/2017 - D – C:\Users\Motion\AppData\Local\UNP =>.Microsoft Corporation
                                  O43 - CFD: 10/03/2017 - D – C:\Users\Motion\AppData\Local\UnrealEngine =>.Unreal Software
                                  O43 - CFD: 24/02/2017 - D – C:\Users\Motion\AppData\Local\VirtualStore =>.Microsoft Corporation
                                  O43 - CFD: 06/11/2014 - D – C:\Users\Motion\AppData\Local\WC43
                                  O43 - CFD: 14/08/2015 - D – C:\Users\Motion\AppData\Local\Wondershare =>.Wondershare
                                  O43 - CFD: 16/06/2017 - D – C:\Users\Motion\AppData\Local\Zemana =>.Zemana
                                  O43 - CFD: 16/06/2017 - D – C:\Users\Motion\AppData\Local\ZHP =>.Nicolas Coolman
                                  O43 - CFD: 16/12/2013 - [0] D – C:\Users\Motion\AppData\Local\Programs\Common =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - RD – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Accessibility =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - RD – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Accessories =>.Microsoft Corporation
                                  O43 - CFD: 13/06/2017 - RD – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Administrative Tools =>.Administrative Tools
                                  O43 - CFD: 12/05/2017 - [0] D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\ASUS =>.ASUS
                                  O43 - CFD: 05/06/2017 - D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\ESEA
                                  O43 - CFD: 04/08/2015 - [0] D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\GamersFirst =>.GamersFirst
                                  O43 - CFD: 05/06/2017 - D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Hammer & Chisel, Inc =>.Hammer & Chisel, Inc
                                  O43 - CFD: 05/06/2017 - D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Ixale =>.Ixale
                                  O43 - CFD: 18/03/2017 - D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Maintenance =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\OldSchool RuneScape
                                  O43 - CFD: 05/06/2017 - D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Parsec
                                  O43 - CFD: 13/06/2017 - RD – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup =>.Microsoft Corporation
                                  O43 - CFD: 11/06/2017 - D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Steam =>.Steam Games
                                  O43 - CFD: 05/06/2017 - D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\SteelSeries =>.SteelSeries
                                  O43 - CFD: 18/03/2017 - RD – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\System Tools =>.Microsoft Corporation
                                  O43 - CFD: 13/09/2016 - [0] D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\VB Audio
                                  O43 - CFD: 05/06/2017 - D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\WhoreCraft
                                  O43 - CFD: 18/03/2017 - RD – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
                                  O43 - CFD: 15/06/2017 - D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\WinRAR =>.WinRAR
                                  O43 - CFD: 05/06/2017 - D – C:\Users\Motion\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\WonderFox Soft
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
                                  O43 - CFD: 03/08/2016 - D – C:\Users\Default\AppData\Local\Google =>.Google
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 06/06/2017 - [0] D – C:\Users\Default\AppData\Local\Microsoft Help =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
                                  O43 - CFD: 03/08/2016 - D – C:\Users\Default User\AppData\Local\Google =>.Google
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 06/06/2017 - [0] D – C:\Users\Default User\AppData\Local\Microsoft Help =>.Microsoft Corporation
                                  O43 - CFD: 18/03/2017 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                  O43 - CFD: 05/06/2017 - D – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 16/06/2017 - – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Zemana =>.Zemana

                                  —\ ShellIconOverlayIdentifiers (SIOI) (9) - 0s
                                  O106 - SIOI: OverlayExcluded Class [ OverlayExcluded] - {4433A54A-1AC8-432F-90FC-85F045CF383C}. (.Symantec Corporation - Backup Shell.) – C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\BuShell.dll =>.Symantec Corporation®
                                  O106 - SIOI: OverlayPending Class [ OverlayPending] - {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}. (.Symantec Corporation - Backup Shell.) – C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\BuShell.dll =>.Symantec Corporation®
                                  O106 - SIOI: OverlayProtected Class [ OverlayProtected] - {476D0EA3-80F9-48B5-B70B-05E677C9C148}. (.Symantec Corporation - Backup Shell.) – C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\BuShell.dll =>.Symantec Corporation®
                                  O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Motion\AppData\Local\Microsoft\OneDrive\1 7.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
                                  O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Motion\AppData\Local\Microsoft\OneDrive\1 7.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
                                  O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Motion\AppData\Local\Microsoft\OneDrive\1 7.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
                                  O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Motion\AppData\Local\Microsoft\OneDrive\1 7.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
                                  O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Motion\AppData\Local\Microsoft\OneDrive\1 7.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
                                  O106 - SIOI: ReadOnlyOverlayHandler Class [ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Motion\AppData\Local\Microsoft\OneDrive\1 7.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®

                                  —\ Image File Execution Options (18) - 1s
                                  O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                  O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\3] =>.Microsoft Windows®
                                  O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                  O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\256] =>.Microsoft Corporation
                                  O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\256] =>.Microsoft Corporation
                                  O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                  O50 - IFEO:C:\WINDOWS\System32\MRT.exe - (.Microsoft Corporation - Microsoft Windows Malicious Software Remova.) [CFGOptions\1] =>.Microsoft Corporation
                                  O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\256] =>.Microsoft Corporation
                                  O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\256] =>.Microsoft Corporation
                                  O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\1118481] =>.Microsoft Corporation
                                  O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\2097152] =>.Microsoft Corporation
                                  O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                  O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\4294967296] =>.Microsoft Corporation
                                  O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                  O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                  O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\2097152] =>.Microsoft Corporation
                                  O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\32768] =>.Microsoft Windows Publisher®
                                  O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation

                                  —\ System Drivers List (85) - 7s
                                  O58 - SDL:2017/03/18 16:56:25 A . (.LSI - LSI 3ware SCSI Storport Driver.) – C:\WINDOWS\System32\drivers\3ware.sys [107424] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) – C:\WINDOWS\System32\drivers\adp80xx.sys [1135512] =>.Microsoft Windows®
                                  O58 - SDL:2016/08/18 08:41:28 A . (.Advanced Micro Devices, Inc. - AMD Audio Bus Lower Filter.) – C:\WINDOWS\System32\drivers\amdkmafd.sys [49448] =>.Advanced Micro Devices, Inc.®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) – C:\WINDOWS\System32\drivers\amdsata.sys [83352] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\WINDOWS\System32\drivers\amdsbs.sys [259488] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\WINDOWS\System32\drivers\amdxata.sys [27040] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) – C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
                                  O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) – C:\WINDOWS\System32\drivers\bxvbda.sys [533920] =>.Microsoft Windows®
                                  O58 - SDL:2014/08/15 13:05:08 A . (.Colasoft Co., Ltd. - Colasoft NDIS 5.0 Protocol Driver (x64).) – C:\WINDOWS\System32\drivers\Capsax64Drv0.sys [35976] {546238AAF85123614B318B058F770856} =>.Colasoft Co., Ltd.
                                  O58 - SDL:2014/08/15 13:05:08 A . (.Colasoft Co., Ltd. - Colasoft NDIS 5.0 Protocol Driver (x64).) – C:\WINDOWS\System32\drivers\Capsax64Drv1.sys [35976] {546238AAF85123614B318B058F770856} =>.Colasoft Co., Ltd.
                                  O58 - SDL:2014/08/15 13:05:08 A . (.Colasoft Co., Ltd. - Colasoft NDIS 5.0 Protocol Driver (x64).) – C:\WINDOWS\System32\drivers\Capsax64Drv2.sys [35976] {546238AAF85123614B318B058F770856} =>.Colasoft Co., Ltd.
                                  O58 - SDL:2014/08/15 13:05:08 A . (.Colasoft Co., Ltd. - Colasoft NDIS 5.0 Protocol Driver (x64).) – C:\WINDOWS\System32\drivers\Capsax64Drv3.sys [35976] {546238AAF85123614B318B058F770856} =>.Colasoft Co., Ltd.
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) – C:\WINDOWS\System32\drivers\cht4dx64.sys [102816] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) – C:\WINDOWS\System32\drivers\cht4sx64.sys [347032] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) – C:\WINDOWS\System32\drivers\cht4vx64.sys [2104224] =>.Microsoft Windows®
                                  O58 - SDL:2012/10/24 14:49:46 A . (.Colasoft Co., Ltd. - Colasoft NDIS 5.0 Protocol Driver (x64).) – C:\WINDOWS\System32\drivers\CSN5PDTS82x64.sys [34840] {6FF4F921A6FC0B39F2B5B38CA60C1453} =>.Colasoft Co., Ltd.
                                  O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic 10 GigE VBD.) – C:\WINDOWS\System32\drivers\evbda.sys [3419040] =>.Microsoft Windows®
                                  O58 - SDL:2017/06/16 13:31:30 A . (.Malwarebytes - Malwarebytes Anti-Ransomware Protection.) – C:\WINDOWS\System32\drivers\farflt.sys [113592] =>.Malwarebytes Corporation®
                                  O58 - SDL:2012/08/21 14:01:20 A . (.GEAR Software Inc. - CD DVD Filter.) – C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [33240] =>.GEAR Software Inc.®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\WINDOWS\System32\drivers\HpSAMD.sys [64416] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
                                  O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) – C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
                                  O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656] =>.Intel Corporation
                                  O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.s ys [85504] =>.Intel Corporation
                                  O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376] =>.Intel Corporation
                                  O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448] =>.Intel Corporation
                                  O58 - SDL:2017/03/18 16:56:23 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
                                  O58 - SDL:2017/03/18 16:56:19 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
                                  O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) – C:\WINDOWS\System32\drivers\iaStorAV.sys [673184] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - InfiniBand Fabric Bus Driver.) – C:\WINDOWS\System32\drivers\ibbus.sys [526240] =>.Microsoft Windows®
                                  O58 - SDL:2015/05/18 10:45:24 N . (.ASUSTeK Computer Inc. - ASUS Kernel Mode Driver for NT.) – C:\WINDOWS\System32\drivers\IOMap64.sys [24824] =>.ASUSTeK Computer Inc.®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas.sys [108960] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas2i.sys [123808] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas3i.sys [103328] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
                                  O58 - SDL:2016/02/11 18:01:54 A . (.Logitech Inc. - Logitech Kernel Audio Improvement Filter Dr.) – C:\WINDOWS\System32\drivers\lvrs64.sys [351520] =>.Logitech, Inc.®
                                  O58 - SDL:2012/10/22 22:13:10 A . (.Logitech Inc. - Logitech USB Video Class Driver.) – C:\WINDOWS\System32\drivers\lvuvc64.sys [4758176] =>.Logitech, Inc.®
                                  O58 - SDL:2017/05/25 11:58:02 A . (.Authors - .) – C:\WINDOWS\System32\drivers\mbae64.sys [77376] =>.Malwarebytes Corporation®
                                  O58 - SDL:2017/06/16 13:31:25 A . (.Malwarebytes - Malwarebytes Real-Time Protection.) – C:\WINDOWS\System32\drivers\mbam.sys [44960] =>.Malwarebytes Corporation®
                                  O58 - SDL:2017/06/16 13:31:38 A . (.Malwarebytes - Malwarebytes Chameleon.) – C:\WINDOWS\System32\drivers\MBAMChameleon.sys [188312] =>.Malwarebytes Corporation®
                                  O58 - SDL:2017/06/16 13:31:17 A . (.Malwarebytes - Malwarebytes SwissArmy.) – C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832] =>.Malwarebytes Corporation®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\megasas.sys [59808] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\MegaSas2i.sys [64416] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\WINDOWS\System32\drivers\megasr.sys [575904] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - MLX4 Bus Driver.) – C:\WINDOWS\System32\drivers\mlx4_bus.sys [842656] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) – C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
                                  O58 - SDL:2017/06/16 13:34:46 A . (.Malwarebytes - Malwarebytes Web Protection.) – C:\WINDOWS\System32\drivers\mwac.sys [93600] =>.Malwarebytes Corporation®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - NetworkDirect Support Filter Driver.) – C:\WINDOWS\System32\drivers\ndfltr.sys [108960] =>.Microsoft Windows®
                                  O58 - SDL:2013/02/28 21:49:12 A . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) – C:\WINDOWS\System32\drivers\npf.sys [36600] =>.Riverbed Technology, Inc.®
                                  O58 - SDL:2017/06/07 21:45:45 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) – C:\WINDOWS\System32\drivers\nvhda64v.sys [218712] =>.NVIDIA Corporation®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\WINDOWS\System32\drivers\nvraid.sys [150432] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
                                  O58 - SDL:2017/05/03 16:21:29 A . (.NVIDIA Corporation - NVIDIA Virtual Audio Driver.) – C:\WINDOWS\System32\drivers\nvvad64v.sys [48248] =>.NVIDIA Corporation®
                                  O58 - SDL:2017/05/18 03:35:05 A . (.NVIDIA Corporation - Virtual USB Host Controller driver.) – C:\WINDOWS\System32\drivers\nvvhci.sys [57792] =>.NVIDIA Corporation®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas2i.sys [58784] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:26 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.40 64-bit Dri.) – C:\WINDOWS\System32\drivers\rt640x64.sys [604160] =>.Realtek
                                  O58 - SDL:2015/06/24 22:57:00 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) – C:\WINDOWS\System32\drivers\RTKVHD64.sys [4504320] =>.Realtek Semiconductor Corp®
                                  O58 - SDL:2013/12/10 20:14:26 A . (.Razer, Inc. - Razer Ovrlay Support.) – C:\WINDOWS\System32\drivers\RzDxgk.sys [129472] =>.Razer Inc.®
                                  O58 - SDL:2013/12/10 20:14:26 A . (.Razer, Inc. - Kernel-mode user input redirection driver.) – C:\WINDOWS\System32\drivers\RzFilter.sys [74432] =>.Razer Inc.®
                                  O58 - SDL:2013/05/31 10:19:10 A . (.SteelSeries Corporation - SteelSeries HID Driver.) – C:\WINDOWS\System32\drivers\SAlpham64.sys [38016] =>.SteelSeries Corporation
                                  O58 - SDL:2014/02/07 13:17:24 A . (.Screaming Bee LLC - Screaming Bee Audio Driver.) – C:\WINDOWS\System32\drivers\ScreamingBAudio64.sys [38992] =>.Screaming Bee LLC®
                                  O58 - SDL:2017/03/18 16:56:26 A . (.Authors - .) – C:\WINDOWS\System32\drivers\SDFRd.sys [31128] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid2.sys [44960] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid4.sys [81824] =>.Microsoft Windows®
                                  O58 - SDL:2017/04/06 12:03:24 A . (.SteelSeries ApS - SteelSeries Device Factory Driver.) – C:\WINDOWS\System32\drivers\ssdevfactory.sys [46440] =>.SteelSeries ApS®
                                  O58 - SDL:2017/05/12 14:48:06 A . (.SteelSeries ApS - SteelSeries HID Driver.) – C:\WINDOWS\System32\drivers\sshid.sys [45896] =>.SteelSeries ApS®
                                  O58 - SDL:2013/10/30 12:15:32 A . (.SteelSeries Corporation - SteelSeries Bus Enumerator.) – C:\WINDOWS\System32\drivers\SteelBus64.sys [140800] =>.SteelSeries Corporation
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) – C:\WINDOWS\System32\drivers\stexstor.sys [31136] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/15 17:18:51 A . (.Symantec Corporation - Symantec Event Library.) – C:\WINDOWS\System32\drivers\SYMEVENT64x86.SYS [102608] =>.Symantec Corporation®
                                  O58 - SDL:2016/04/21 05:10:04 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) – C:\WINDOWS\System32\drivers\tap0901.sys [27136] =>.The OpenVPN Project
                                  O58 - SDL:2017/06/15 12:22:25 A . (.Authors - .) – C:\WINDOWS\System32\drivers\TrueSight.sys [28272] =>.Adlice®
                                  O58 - SDL:2015/06/17 18:04:24 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) – C:\WINDOWS\System32\drivers\usbaapl64.sys [54784] =>.Apple, Inc.
                                  O58 - SDL:2016/09/12 23:57:29 A . (.Windows (R) Win 7 DDK provider - VB Virtual Audio Device.) – C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win7. sys [41192] =>.Vincent Burel®
                                  O58 - SDL:2008/12/26 13:56:04 A . (.Avnex - Avnex Ltd. Virtual Audio Device (WDM).) – C:\WINDOWS\System32\drivers\vcsvad.sys [21504]
                                  O58 - SDL:2010/02/15 23:07:14 A . (.Eugene V. Muzychenko - Kernel-mode WDM driver.) – C:\WINDOWS\System32\drivers\vrtaucbl.sys [66728] =>.NTONYX Ltd.®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\WINDOWS\System32\drivers\vsmraid.sys [166816] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) – C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305568] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinMad.) – C:\WINDOWS\System32\drivers\winmad.sys [32160] =>.Microsoft Windows®
                                  O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinVerbs.) – C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®
                                  O58 - SDL:2015/10/02 21:53:24 A . (.Authors - .) – C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [35344] =>.CACE Technologies, Inc.®
                                  O58 - SDL:2017/06/16 13:39:26 A . (.Zemana Ltd. - ZAM.) – C:\WINDOWS\System32\drivers\zam64.sys [203680] =>.Zemana Ltd.®
                                  O58 - SDL:2017/06/16 13:39:26 A . (.Zemana Ltd. - ZAM.) – C:\WINDOWS\System32\drivers\zamguard64.sys [203680] =>.Zemana Ltd.®

                                  —\ Last modified or created user files (1) - 3s
                                  O61 - LFC: 2017/06/11 20:28:31 A . (..) – C:\Users\Motion\AppData\Roaming\Apowersoft\Apowers oftVideoHelper.dll [7744415]

                                  —\ File Associations Shell Spawning (10) - 1s
                                  O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
                                  O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
                                  O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
                                  O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
                                  O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
                                  O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
                                  O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
                                  O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
                                  O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S

                                  —\ Start Menu Internet (8) - 0s
                                  O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                  O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                                  O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
                                  O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                                  O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
                                  O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                                  O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

                                  —\ Search Browser Infection (4) - 4s
                                  O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
                                  O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
                                  O69 - SBI: SearchScopes [HKUS.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
                                  O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com

                                  —\ Search Svchost Services (48) - 0s
                                  O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\WINDOWS\system32\srvsvc.dll [303616] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\WINDOWS\System32\gpsvc.dll [1269248] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\WINDOWS\System32\ikeext.dll [934912] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\WINDOWS\System32\iphlpsvc.dll [996864] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\WINDOWS\System32\appinfo.dll [138752] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\WINDOWS\system32\iscsiexe.dll [150016] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\WINDOWS\System32\eapsvc.dll [108032] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\WINDOWS\system32\schedsvc.dll [877568] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\WINDOWS\system32\wbem\WMIsvc.dll [221696] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\WINDOWS\System32\browser.dll [133120] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\WINDOWS\system32\profsvc.dll [413696] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [385536] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\WINDOWS\System32\wercplsupport.dll [91648] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) – C:\WINDOWS\system32\Windows.SharedPC.AccountManage r.dll [192512] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) – C:\WINDOWS\System32\XblGameSave.dll [1135104] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) – C:\WINDOWS\System32\NaturalAuth.dll [723968] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) – C:\WINDOWS\system32\wlidsvc.dll [2155008] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) – C:\WINDOWS\System32\usermgr.dll [877568] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) – C:\WINDOWS\System32\XblAuthManager.dll [1013248] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) – C:\Windows\System32\Windows.Internal.Management.dl l [536064] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) – C:\WINDOWS\System32\xbgmsvc.dll [301216] =>.Microsoft Windows Publisher®
                                  O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\WINDOWS\system32\themeservice.dll [69632] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) – C:\Windows\System32\TokenBroker.dll [1054208] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) – C:\WINDOWS\System32\lfsvc.dll [43520] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) – C:\WINDOWS\System32\irmon.dll [24576] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\WINDOWS\System32\rasauto.dll [104448] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\WINDOWS\System32\rasmans.dll [871936] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [490496] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\WINDOWS\System32\sens.dll [69632] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\WINDOWS\System32\ipnathlp.dll [537600] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [306688] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\WINDOWS\system32\wuaueng.dll [2443776] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\WINDOWS\System32\qmgr.dll [1159680] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [612864] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) – C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) – C:\WINDOWS\system32\flightsettings.dll [699904] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) – C:\WINDOWS\system32\WpnService.dll [276480] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\WINDOWS\System32\bdesvc.dll [385536] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) – C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) – C:\WINDOWS\system32\usocore.dll [681984] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) – C:\WINDOWS\System32\NetSetupSvc.dll [261632] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) – C:\WINDOWS\System32\DeviceSetupManager.dll [233984] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) – C:\WINDOWS\System32\ncasvc.dll [167424] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) – C:\WINDOWS\System32\XboxGipSvc.dll [18944] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) – C:\Windows\System32\appmgmts.dll [196096] =>.Microsoft Corporation

                                  —\ Additional Scan (O88) (2) - 1s
                                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
                                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect

                                  —\ Summary of the elements found (1) - 0s
                                  Heuristic Suspect, 1 Logiciel Indésirable. - ZAM =>Heuristic.Suspect

                                  ~ Unselected Options:
                                  ~ End of the scan, 54835 items in 02mn37s (1233)(0)

                                    Comment

                                    • Malnutrition
                                      PCHF Moderator
                                      • Jul 2016
                                      • 7041
                                      #10
                                      ZHP Diag Fix.


                                      ZHP Fix                                       [MEDIA=imgur]4bd9Ugb[/MEDIA]
                                      [ul]
                                      [li]Disable your antivirus prior to this fix![/li]
                                      [li]Download ZHP-Fix from here.[/li][li]UnZip it to your desktop – Tool Here if needed… 7-Zip[/li]
                                      [li]Install it.[/li][li]Click Suivant 5 Times.[/li][li]Then Installer.[/li][li]Then Terminer.[/li][li]Then right clcick the ZHP Fix icon Run as admin.[/li][li]Copy the entire content of the code box below, the next step will grab it from your clipboard.[/li]
                                      [li]Then click on import.[/li][li]Then click GO.[/li][li]If you see any Prompts like the one below, select Oui. = Yes in French. [/li]
                                      [li]https://pchelpforum.net/attachments/...7-40-png.2248/ [/li]
                                      [li]Allow completion.[/li][li]A log file will appear on your desktop. [/li]
                                      [li]Post it here in your next reply.[/li][/ul]
                                      Code:
                                      Script ZhpFix
SysRestore
EmptyFlash
ProxyFix
EmptyCLSID
O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe (.not file.)
SS - Demand [13/06/2017] [ 272384] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SS - Auto [26/05/2017] [ 326160] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ajax.googleapis.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://clients5.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://lh3.googleusercontent.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ogs.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [idefjamndcpplnamdlbodoebjgkpdmpn] Zalmos SSL Web Proxy for Free
O42 - Logiciel: ASUS Product Register Program - (.ASUSTek Computer Inc..) [HKLM][64Bits] -- {C87D79F6-F813-4812-B7A9-CCCAAB8B1188} =>.ASUSTek Computer Inc.
O42 - Logiciel: Java 7 Update 71 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217051FF} =>.Oracle
O42 - Logiciel: NVIDIA Telemetry Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer =>.NVIDIA Corporation
HKCU\SOFTWARE\Chromium =>.Chromium
O43 - CFD: 11/10/2015 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 14/04/2017 - [] D -- C:\ProgramData\Intel Telemetry =>.Intel Corporation
O43 - CFD: 28/12/2016 - [] D -- C:\Users\Motion\AppData\Local\Chromium =>.Chromium
O43 - CFD: 31/05/2015 - [] D -- C:\Users\Motion\AppData\Local\GWX =>.GWX
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
C:\WINDOWS\system32\dmwappushsvc.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
EmptyTemp
                                      Eliminate restrictive settings with this tool.
                                      [ul]
                                      [li]Temporarily disable your antivirus — Your antivirus may flag this tool as malware, it is safe to run I assure you.[/li]
                                      [li]Download SupRestric.exe save to your desktop.[/li][li]Close all running programs.[/li][li]Double click the file to launch it.[/li][li]Windows: 7/8/10 Vista and run as administrator[/li][li]Click Yes at any prompt.[/li]
                                      [li]The analysis takes only a few moments.[/li][li]The report is on the desktop ( CTR.txt )[/li][li]Copy paste report in next reply.[/li][li]A reboot is needed to complete the repairs.[/li][/ul]

                                      HijackThis.

                                      1- Please Click HERE to download HijackThis. – Unzip to your desktop.
                                      2- Right click run as admin.
                                      3- Click on the Main Menu button if not already there.
                                      4- Select Do a system scan and save a logfile.
                                      5- Copy paste the log here.

                                        Comment

                                        • mynd12
                                          PCHF Member
                                          • Jun 2017
                                          • 14
                                          #11
                                          Report ZHPFix 2015.10.19.9 by Nicolas Coolman, the Update 19/10/2015
                                          Registry export file:
                                          Run by Motion at 6/18/2017 6:33:52 PM
                                          High Elevated Privileges : OK
                                          Windows 8 Business Edition, 64-bit Service Pack 1 (15063)

                                          Recycle Bin emptied (06mn AMs)

                                          ========== Software ==========
                                          REMOVES: ASUS Product Register Program
                                          REMOVES: Java 7 Update 71

                                          ========== Memory modules ==========
                                          REMOVES Reboot: Memory Module: C:\WINDOWS\system32\dmwappushsvc.dll

                                          ========== Registry keys ==========
                                          REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}]
                                          REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83217051FF}]
                                          REMOVES: Service: PnkBstrA
                                          REMOVES: HKCU\SOFTWARE\Chromium
                                          REMOVES: Services Svchost: dmwappushservice
                                          REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

                                          ========== Registry values ==========
                                          ProxyFix : Proxy configuration successfully removed
                                          REMOVES ProxyServer Value
                                          REMOVES ProxyEnable Value
                                          REMOVES EnableHttp1_1 Value
                                          REMOVES ProxyHttp1.1 Value
                                          REMOVES ProxyOverride Value

                                          ========== Preferences browser ==========
                                          NOW Chrome File: C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          ABSENT Chrome Site: http://ajax.googleapis.com
                                          NOW Chrome File: C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          ABSENT Chrome Site: http://apis.google.com
                                          NOW Chrome File: C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          ABSENT Chrome Site: http://clients5.google.com
                                          NOW Chrome File: C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          ABSENT Chrome Site: http://lh3.googleusercontent.com
                                          NOW Chrome File: C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          ABSENT Chrome Site: http://ogs.google.com
                                          NOW Chrome File: C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          ABSENT Chrome Site: http://ssl.gstatic.com
                                          NOW Chrome File: C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          ABSENT Chrome Site: http://www.gstatic.com
                                          REMOVES Folder Chrome: C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Extensions\idefjamndcpplnamdlbodoebjg kpdmpn

                                          ========== Folders ==========
                                          No folders empty CLSID Local user
                                          REMOVES: C:\Users\Motion\AppData\Local\Google\Chrome\User Data\Default\Extensions\idefjamndcpplnamdlbodoebjg kpdmpn
                                          REMOVES: C:\ProgramData\McAfee
                                          REMOVES: C:\ProgramData\Intel Telemetry
                                          REMOVES: C:\Users\Motion\AppData\Local\Chromium
                                          REMOVES: C:\Users\Motion\AppData\Local\GWX
                                          Deletes temporary Windows (0)

                                          ========== Files ==========
                                          REMOVES Flash Cookies (0) (0 octets)
                                          Deletes temporary Windows (0) (0 octets)

                                          ========== System restore ==========
                                          The system successfully created restore point

                                          ========== Summary ==========
                                          1 : Memory modules
                                          6 : Registry keys
                                          6 : Registry values
                                          7 : Folders
                                          2 : Files
                                          2 : Software
                                          15 : Preferences browser
                                          1 : System restore

                                          End of clean in 46mn AMs

                                          ========== Path to file report ==========
                                          C:\Users\Motion\AppData\Roaming\ZHP\ZHPFix[R1].txt - 6/18/2017 6:33:59 PM [3191]

                                          Pierre13 restrictions Inspection Report (CTR 2.5.0.0 Version) 18 \ 06 \ 2017 6:36:33 p.m.
                                          Motion PC
                                          Microsoft Windows 10 Pro (64 bits) [10.0.15063]

                                          Repair mistake made in 2203.

                                          Checking presence restrictions

                                          [TROJ_POWELIKS.B] deleted feature_browser_emulation key.
                                          [BKDR_BLACKEN.A] corrected WarnOnClose key.
                                          Sponsor Java installation license (x86) removed.
                                          Sponsor Java installation license (x64) removed.
                                          Viewing Recent Documents restriction removed.
                                          Viewing Restriction deleted documents.
                                          Background synchronization Restricting deleted information flows and Web Slices.
                                          Restricting discovery of RSS feeds and Web Slices deleted.
                                          Restriction UpperFilters Bluetooth deleted.
                                          activated keypad.
                                          User Restriction for Windows Installer removed.
                                          Windows Update restored.
                                          Windows Firewall Service enabled.
                                          Windows Firewall settings when default and enabled.

                                          240 controlled restrictions.

                                          13 restriction (s) repaired (s).
                                          Re boot the PC to take into account or repairs.

                                          The report is on the desktop (C: \ Users \ Motion \ Desktop \ CTR.txt)

                                          Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

                                          Platform: x64 Windows 10 (Pro), 10.0.15063 (ReleaseId: 1703), Service Pack: 0
                                          Time: 18.06.2017 - 18:40
                                          Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
                                          Elevated: Yes
                                          Ran by: Motion (group: Administrator) on MOTION-PC

                                          Chrome: 59.0.3071.86
                                          Edge: 11.0.15063.332
                                          Internet Explorer: 11.0.15063.0

                                          Boot mode: Normal

                                          Running processes:
                                          Number | Path
                                          1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                                          6 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                                          1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.ex e
                                          1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64. exe
                                          1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                          2 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
                                          1 C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
                                          1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
                                          2 C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
                                          1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
                                          1 C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
                                          1 C:\Program Files\Bonjour\mDNSResponder.exe
                                          1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                                          2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
                                          1 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                                          1 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
                                          1 C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
                                          1 C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
                                          1 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
                                          1 C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
                                          2 C:\Users\Motion\AppData\Roaming\Spotify\SpotifyWeb Helper.exe
                                          1 C:\Users\Motion\Desktop\MemCompression
                                          1 C:\Users\Motion\Desktop\hijackthis.exe
                                          2 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
                                          1 C:\Windows\SysWOW64\UStorSrv.exe
                                          1 C:\Windows\System32\RuntimeBroker.exe
                                          1 C:\Windows\System32\SearchFilterHost.exe
                                          1 C:\Windows\System32\SearchIndexer.exe
                                          1 C:\Windows\System32\SearchProtocolHost.exe
                                          1 C:\Windows\System32\SecurityHealthService.exe
                                          1 C:\Windows\System32\SettingSyncHost.exe
                                          1 C:\Windows\System32\WUDFHost.exe
                                          1 C:\Windows\System32\audiodg.exe
                                          1 C:\Windows\System32\conhost.exe
                                          2 C:\Windows\System32\csrss.exe
                                          1 C:\Windows\System32\dasHost.exe
                                          1 C:\Windows\System32\dllhost.exe
                                          1 C:\Windows\System32\dwm.exe
                                          2 C:\Windows\System32\fontdrvhost.exe
                                          1 C:\Windows\System32\lsass.exe
                                          1 C:\Windows\System32\mqsvc.exe
                                          1 C:\Windows\System32\services.exe
                                          1 C:\Windows\System32\sihost.exe
                                          1 C:\Windows\System32\smartscreen.exe
                                          1 C:\Windows\System32\smss.exe
                                          1 C:\Windows\System32\spoolsv.exe
                                          1 C:\Windows\System32\sppsvc.exe
                                          70 C:\Windows\System32\svchost.exe
                                          1 C:\Windows\System32\taskhostw.exe
                                          2 C:\Windows\System32\wbem\WmiPrvSE.exe
                                          1 C:\Windows\System32\wininit.exe
                                          1 C:\Windows\System32\winlogon.exe
                                          1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe
                                          1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe
                                          1 C:\Windows\explorer.exe

                                          R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURL = http://api.bing.com/qsml.aspx?query= {searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie :rowHeight}&sectionHeight={ie:sectionHeight}&FORM= IESS02&market={language}
                                          R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURLFallback = http://api.bing.com/qsml.aspx?query= {searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie :rowHeight}&sectionHeight={ie:sectionHeight}&FORM= IESS02&market={language}
                                          R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: TopResultURL = Search - Microsoft Bing {searchTerms}&src=IE-TopResult&FORM=IETR02
                                          R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: TopResultURLFallback = Search - Microsoft Bing {searchTerms}&src=IE-TopResult&FORM=IETR02
                                          R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02
                                          O2 - BHO: Norton Identity Safety - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll
                                          O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
                                          O2-32 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
                                          O2-32 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
                                          O2-32 - BHO: Norton Identity Safety - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll
                                          O2-32 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
                                          O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll
                                          O3-32 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll
                                          O4 - Global User Startup: SteelSeries Engine 3.lnk → C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath=“C:\ProgramData\SteelSeries\SteelSeries Engine 3” -dbEnv=production -auto=true
                                          O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Motion\AppData\Roaming\Spotify\SpotifyWeb Helper.exe
                                          O4 - HKCU..\Run: [Spotify] C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e -autostart -minimized
                                          O4 - HKLM..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
                                          O4 - HKLM..\Run: [ShadowPlay] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSyst emStart
                                          O4 - HKLM..\Run: [ZAM] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe /minimized
                                          O4 - HKLM..\StartupApproved\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
                                          O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
                                          O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
                                          O4-32 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices
                                          O4-32 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                                          O17 - HKLM\System\CSS\Services\Tcpip..{847c0a9b-7e1c-4968-ad35-83173d8ea7bc}: NameServer = 8.8.4.4
                                          O17 - HKLM\System\CSS\Services\Tcpip..{847c0a9b-7e1c-4968-ad35-83173d8ea7bc}: NameServer = 8.8.8.8
                                          O17 - HKLM\System\ControlSet001\Services\Tcpip..{847c0a9 b-7e1c-4968-ad35-83173d8ea7bc}: NameServer = 8.8.4.4
                                          O17 - HKLM\System\ControlSet001\Services\Tcpip..{847c0a9 b-7e1c-4968-ad35-83173d8ea7bc}: NameServer = 8.8.8.8
                                          O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                                          O22 - Task (Disabled): \Microsoft\Windows\Subscription\LicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe
                                          O22 - Task (Disabled): \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - C:\WINDOWS\system32\usoclient.exe ScanInstallWait
                                          O22 - Task (Ready): Norton WSC Integration - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\WSCStub.exe /taskschd
                                          O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\compattelrunner.exe
                                          O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\WINDOWS\system32\compattelrunner.exe -maintenance
                                          O22 - Task (Ready): \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerPolicy - C:\WINDOWS\System32\edptask.dll
                                          O22 - Task (Ready): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegi strationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file)
                                          O22 - Task (Ready): \Microsoft\Windows\DeviceDirectoryClient\RegisterD eviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll
                                          O22 - Task (Ready): \Microsoft\Windows\EDP\EDP App Launch Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},AppLaunch - C:\WINDOWS\System32\edptask.dll
                                          O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Auth Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},ReAuth - C:\WINDOWS\System32\edptask.dll
                                          O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},MissingCredentials - C:\WINDOWS\System32\edptask.dll
                                          O22 - Task (Ready): \Microsoft\Windows\EDP\StorageCardEncryption Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},SDCardEncryptionPolicy - C:\WINDOWS\System32\edptask.dll
                                          O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Cellula r - C:\WINDOWS\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
                                          O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Logon - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source LogonIdleTask
                                          O22 - Task (Ready): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Ar g4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll
                                          O22 - Task (Ready): \Microsoft\Windows\Subscription\EnableLicenseAcqui sition - C:\WINDOWS\system32\ClipRenew.exe -e
                                          O22 - Task (Ready): \Microsoft\Windows\WwanSvc\NotificationTask - C:\WINDOWS\System32\WiFiTask.exe wwan
                                          O22 - Task (Ready): \Norton 360\Norton Security Suite Autofix - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe /ui
                                          O22 - Task (Ready): \Norton 360\Norton Security Suite Error Analyzer - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe /analyze
                                          O22 - Task (Ready): \Norton 360\Norton Security Suite Error Processor - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe /submit
                                          O22 - Task (Ready): \Remediation\AntimalwareMigrationTask - C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe /upgrade /user_logon
                                          O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                                          O23 - Service R2: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe
                                          O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
                                          O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
                                          O23 - Service R2: Norton 360 - (N360) - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe
                                          O23 - Service R2: TeamViewer 12 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
                                          O23 - Service R2: UStorage Server Service - C:\Windows\SysWOW64\UStorSrv.exe
                                          O23 - Service R2: ZAM Controller Service - (ZAMSvc) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
                                          O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                          O23 - Service S2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
                                          O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
                                          O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
                                          O23 - Service S3: BitRaider Mini-Support Service Stub Loader - (BRSptStub) - C:\ProgramData\BitRaider\BRSptStub.exe
                                          O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                          O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
                                          O23 - Service S3: Remote Packet Capture Protocol v.0 (experimental) - (rpcapd) - C:\Program Files (x86)\WinPcap\rpcapd.exe
                                          O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
                                          O23 - Service S3: iPod Service - C:\Program Files\iPod\bin\iPodService.exe


                                          End of file - Time spent: 9 sec. - 25880 bytes, CRC32: FFFFFFFF. Sign: ꫳ

                                            Comment

                                            • Malnutrition
                                              PCHF Moderator
                                              • Jul 2016
                                              • 7041
                                              #12
                                              Hijack This Fix.

                                              Start HijackThis , Right Click Run as Admin.
                                              Close all other open programs prior to running this tool!!
                                              Click System Scan Only.
                                              Then check mark the items listed below.

                                              O4 - Global User Startup: SteelSeries Engine 3.lnk → C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath=“C:\ProgramData\SteelSeries\SteelSeries Engine 3” -dbEnv=production -auto=true
                                              O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Motion\AppData\Roaming\Spotify\SpotifyWeb Helper.exe
                                              O4 - HKCU..\Run: [Spotify] C:\Users\Motion\AppData\Roaming\Spotify\Spotify.ex e -autostart -minimized
                                              O4 - HKLM..\Run: [ZAM] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe /minimized
                                              O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
                                              O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
                                              O4-32 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices
                                              O4-32 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                                              O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\compattelrunner.exe
                                              O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\WINDOWS\system32\compattelrunner.exe -maintenance
                                              O22 - Task (Ready): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Ar g4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll
                                              O22 - Task (Ready): \Microsoft\Windows\Subscription\EnableLicenseAcqui sition - C:\WINDOWS\system32\ClipRenew.exe -e
                                              O22 - Task (Ready): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegi strationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file)
                                              O23 - Service R2: UStorage Server Service - C:\Windows\SysWOW64\UStorSrv.exe
                                              O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe

                                              Now click on fix checked.
                                              After the fix is complete, then reboot your machine.

                                              Clean up temp files and reduce startup load with CCleaner.


                                              Note: This tool will clean your browsing history as well.
                                              [ul]
                                              [li]Download CCleaner from here.[/li][li]After install Click Options.[/li][li]Go to monitoring.[/li][li]Uncheck All Monitoring items.[/li][li]Go to advanced – Click close program after cleaning.[/li][li]Go to settings – click run ccleaner when the computer starts.[/li][li]Now that you have ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li]Leave only your antivirus enabled.[/li][li]Then disable All items in your scheduled task as well.[/li][li]Unless they are related to windows defender.Or your antivirus.[/li][li]Reboot the machine. <=========== Attention — Very important to reboot machine.[/li][/ul]

                                              Now please let me know how the machine is running at this point.

                                                Comment

                                                • mynd12
                                                  PCHF Member
                                                  • Jun 2017
                                                  • 14
                                                  #13
                                                  Well the weird text disappearing has stopped but fps dropping is still a thing. Gonna play some more games today to see if it does it still with some others.

                                                    Comment

                                                    • Malnutrition
                                                      PCHF Moderator
                                                      • Jul 2016
                                                      • 7041
                                                      #14
                                                      Ok, clean install your Nvidia Display drivers with DDU. @gus has written a guide in this. ---- Click Here For Guide. —

                                                      Then…

                                                      Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select Tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.


                                                      https://i.imgur.com/tnkjYlk.png

                                                      You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

                                                      [MEDIA=imgur]PO7tPc7[/MEDIA]

                                                      Then post a MiniToolBox log for me.

                                                      MiniToolBox Scan


                                                      Please download MINITOOLBOX and run it.

                                                      Checkmark following boxes:

                                                      Flush DNS
                                                      Reset FF proxy Settings
                                                      Reset Ie Proxy Settings
                                                      Report IE Proxy Settings
                                                      Report FF Proxy Settings
                                                      List content of Hosts
                                                      List IP configuration
                                                      List Winsock Entries
                                                      List last 10 Event Viewer log
                                                      List Installed Programs
                                                      List Users, Partitions and Memory size
                                                      List Devices (problems only)

                                                      Click Go post the result.

                                                        Comment

                                                        • mynd12
                                                          PCHF Member
                                                          • Jun 2017
                                                          • 14
                                                          #15
                                                          Ok I will do this once I get home!

                                                            Comment

                                                            Previous 1 2 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree