Frst & addition logs for networking problem

Collapse
X
Collapse
 
  • Page of 3
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • maxim123
    PCHF Member
    • Aug 2017
    • 466
    #16
    Originally posted by Malnutrition
    How are you trying to log into the router?
    Are you pasting 192.168.1.1 into your browser and hitting enter?
    Or 192.168.1.6 and hitting enter?
    Have you tried all of your browsers to log into the router?
    Can you please post a new Minitoolbox log; so that I can see what is going on now that some things have been taken care of please.
    Hi, I was out for the day and just returned.
    I have tried both of the above router login link and even looked into 192.168.0.1 (or something like that) but none of them loads. I have tried all three browser (IE, GC, FF) but it is the same in all of them.
    Here is the minitoolbox log:

    Code:
    MiniToolBox by Farbar Version: 17-06-2016
Ran by Max (administrator) on 04-08-2017 at 21:33:44
Running from “C:\Users\USER\Desktop”
Microsoft Windows 10 Pro (X64)
Model: 20369 Manufacturer: LENOVO
Boot Mode: Normal
[HR][/HR]
========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

“Reset IE Proxy Settings”: IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

“Reset FF Proxy Settings”: Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet 2 (Connected)
Anchorfree HSS VPN Adapter = Ethernet 4 (Media disconnected)
Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Media disconnected)
[HEADING=1]----------------------------------[/HEADING]
[HEADING=1]IPv4 Configuration[/HEADING]
[HEADING=1]----------------------------------[/HEADING]
pushd interface ipv4

reset

popd
[HEADING=1]End of IPv4 configuration[/HEADING]
Windows IP Configuration

Host Name . . . . . . . . . . . . : ADMIN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 76-29-AF-2C-90-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 68-F7-28-50-6E-46
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 3, 2017 6:03:51 PM
Lease Expires . . . . . . . . . . : Monday, August 7, 2017 9:27:03 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
Physical Address. . . . . . . . . : 00-FF-C9-62-3B-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 74-29-AF-2C-90-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2404:6800:4003:c02::66
74.125.200.101
74.125.200.138
74.125.200.113
74.125.200.100
74.125.200.139
74.125.200.102

Pinging google.com [74.125.200.100] with 32 bytes of data:
Reply from 74.125.200.100: bytes=32 time=144ms TTL=45
Reply from 74.125.200.100: bytes=32 time=144ms TTL=45

Ping statistics for 74.125.200.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 144ms, Maximum = 144ms, Average = 144ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:58:c02::a9
2001:4998:44:204::a7
98.139.180.149
98.138.253.109
206.190.36.45

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=375ms TTL=48
Reply from 98.138.253.109: bytes=32 time=376ms TTL=48

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 375ms, Maximum = 376ms, Average = 375ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
[HEADING=1]Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms[/HEADING]
[HEADING=1]Interface List
18…76 29 af 2c 90 55 …Microsoft Wi-Fi Direct Virtual Adapter
7…68 f7 28 50 6e 46 …Realtek PCIe GBE Family Controller
14…00 ff c9 62 3b 62 …Anchorfree HSS VPN Adapter
5…74 29 af 2c 90 55 …Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
1…Software Loopback Interface 1[/HEADING]
[HEADING=1]IPv4 Route Table[/HEADING]
[HEADING=1]Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 35
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.5 291
192.168.1.5 255.255.255.255 On-link 192.168.1.5 291
192.168.1.255 255.255.255.255 On-link 192.168.1.5 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.5 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.5 291[/HEADING]
Persistent Routes:
None
[HEADING=1]IPv6 Route Table[/HEADING]
[HEADING=1]Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
1 331 ff00::/8 On-link[/HEADING]
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

========================= Event log errors: ===============================
[HEADING=1]Application errors:[/HEADING]
Error: (08/04/2017 08:25:03 PM) (Source: ESENT) (User: )
Description: qmgr.dll (3456) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090).

Internal Timing Sequence:
[1] 0.000007 +J(0)
[2] 0.000028 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000003 +J(0)
[4] 0.000005 +J(0)
[5] 0.0 +J(0)
[6] 0.000073 +J(0) +M(C:0K, Fs:2, WS:-72K # 0K, PF:-80K # 0K, P:-80K)
[7] -
[8] 0.000007 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[9] 0.005162 +J(0) +M(C:0K, Fs:4, WS:-32K # 0K, PF:-40K # 0K, P:-40K)
[10] -
[11] 0.000303 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[12] -
[13] 0.000054 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.000795 +J(0) +M(C:0K, Fs:0, WS:-12K # 0K, PF:-12K # 0K, P:-12K)
[15] 0.000031 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K)
[16] 0.000006 +J(0).

Error: (08/04/2017 08:25:03 PM) (Source: ESENT) (User: )
Description: qmgr.dll (3456) QmgrDatabaseInstance: Unable to rollback operation #-75 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected.

Error: (08/04/2017 08:25:03 PM) (Source: ESENT) (User: )
Description: qmgr.dll (3456) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

Error: (08/04/2017 08:25:03 PM) (Source: ESENT) (User: )
Description: qmgr.dll (3456) QmgrDatabaseInstance: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (08/04/2017 08:25:03 PM) (Source: ESENT) (User: )
Description: qmgr.dll (3456) QmgrDatabaseInstance: An attempt to create the file “C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log” failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea).
[HEADING=1]System errors:[/HEADING]
Error: (08/04/2017 09:27:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/04/2017 11:08:27 AM) (Source: Service Control Manager) (User: )
Description: The Delivery Optimization service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/04/2017 10:53:50 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/03/2017 09:09:24 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/03/2017 06:23:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/03/2017 06:07:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (08/03/2017 06:04:27 PM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1f000000047757. The name of the file is “\Windows\System32\linkinfo.dll”.

Error: (08/03/2017 06:03:53 PM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error:
%%126 = The specified module could not be found.

Error: (08/03/2017 06:03:53 PM) (Source: Service Control Manager) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
%%126 = The specified module could not be found.

Error: (08/03/2017 06:03:53 PM) (Source: Service Control Manager) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error:
%%126 = The specified module could not be found.
[HEADING=1]Microsoft Office Sessions:[/HEADING]
Error: (08/04/2017 08:25:03 PM) (Source: ESENT)(User: )
Description: qmgr.dll3456QmgrDatabaseInstance: 0-1090
[1] 0.000007 +J(0)
[2] 0.000028 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000003 +J(0)
[4] 0.000005 +J(0)
[5] 0.0 +J(0)
[6] 0.000073 +J(0) +M(C:0K, Fs:2, WS:-72K # 0K, PF:-80K # 0K, P:-80K)
[7] -
[8] 0.000007 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[9] 0.005162 +J(0) +M(C:0K, Fs:4, WS:-32K # 0K, PF:-40K # 0K, P:-40K)
[10] -
[11] 0.000303 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[12] -
[13] 0.000054 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.000795 +J(0) +M(C:0K, Fs:0, WS:-12K # 0K, PF:-12K # 0K, P:-12K)
[15] 0.000031 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K)
[16] 0.000006 +J(0).

Error: (08/04/2017 08:25:03 PM) (Source: ESENT)(User: )
Description: qmgr.dll3456QmgrDatabaseInstance: -75C:\ProgramData\Microsoft\Network\Downloader\qmgr.db-510

Error: (08/04/2017 08:25:03 PM) (Source: ESENT)(User: )
Description: qmgr.dll3456QmgrDatabaseInstance: C:\ProgramData\Microsoft\Network\Downloader\

Error: (08/04/2017 08:25:03 PM) (Source: ESENT)(User: )
Description: qmgr.dll3456QmgrDatabaseInstance: -1032

Error: (08/04/2017 08:25:03 PM) (Source: ESENT)(User: )
Description: qmgr.dll3456QmgrDatabaseInstance: C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log-1814 (0xfffff8ea)80 (0x00000050)The file exists.
[HEADING=1]CodeIntegrity Errors:[/HEADING]
Date: 2017-08-04 16:57:44.383
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-04 16:57:43.803
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

=========================== Installed Programs ============================

7-Zip 9.20 (HKLM-x32...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AMD Software (HKLM...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32...\Anki) (Version: - )
Audacity 2.1.3 (HKLM-x32...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AutoHotkey 1.1.26.01 (HKLM...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Bulk Rename Utility 2.7.1.3 (HKLM...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
calibre (HKLM-x32...{A253C2A7-FD66-43AA-9EA7-D30E5041F391}) (Version: 3.5.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM...{15EEB07A-3FB9-FA4C-8EFF-697728CB1E5C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM...{D6823E97-B396-927D-D651-AFB82BE03523}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM...{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM...{A63E3031-0522-18C6-F18F-7EE80973315F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM...{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM...{A2966D0F-43BB-116D-C9C7-49612FBFD0AE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM...{4C608ED2-535B-2119-3661-9E6F7DDB600F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM...{BF26ACAF-6D09-023B-5FB7-8A848874A724}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM...{9005C809-497A-FD45-CB96-76A3338E35B9}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM...{9DB37D05-F855-5D7D-08C2-25E00E2CCDBC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM...{87250370-0A99-4ED9-DCE4-970DAC325FA5}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM...{D84300A6-72F1-5771-B3B1-8FC71184AB38}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM...{1F815C78-D31E-53FD-C8BF-3215E4F022A3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM...{56D13277-FA9F-2842-682D-DD7298973585}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM...{79F58747-D616-4CDB-7D8B-4BC580D99153}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM...{8D0C7788-D519-7B65-36F6-D0D21296F173}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM...{02E80355-64BF-6C1E-B0B7-76857D62A86D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM...{930FD2C7-D026-197D-94E4-CB5917CE7420}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM...{086D11E3-9CA4-DBEF-2B48-5A2EFFD53145}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM...{77158555-E271-A561-ECDA-611639388B5C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM...{97673BD1-8CA0-53EF-C4E7-282CD8748F1C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM...{D0C1EAB6-92F1-EE91-04C2-5947EE150593}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM...{57EAA61A-CD02-DF34-0839-2549F57A334C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM...{F1AD64B3-4114-8EF7-407C-F9F9122EDA68}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM...{AA477FD2-347B-1732-5D8C-AF35AF1B9703}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM...{ED28D75F-557C-39C9-5004-F8F17C8BC279}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM...{41268A73-D680-48C5-DE5E-CF67C05CBBBB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM...{BBFC5953-2CB9-5932-1D47-52E4AA99737B}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM...{01E7D692-D785-743F-5A55-F00162D26A1C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM...{9655DE76-0987-9159-5A7E-FCE18409D004}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM...{5D8BA452-1264-7D13-E4EC-8236EC5B83FE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM...{CD73EC8B-9F04-5EA1-8FD4-AEE4DAC51267}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM...{397C2EE5-B514-0CC5-53C3-2FBE46CE6EDF}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM...{F49BA906-83DA-3F5A-5B24-03C8DE2A3936}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM...{45FA39D2-8AEB-AFF8-2FA6-96891732CB80}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM...{5A466CAA-F071-D9EF-A799-EF63552DBE70}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM...{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM...{D7DC4DDB-3E0D-6F79-4258-4A461654B689}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM...{ACDFF800-6015-BEEC-8A27-7B1A80915273}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM...{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM...{A28B1FC5-3947-9D39-7FE5-A3CB18E16358}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM...{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.32 - Piriform)
Conexant HD Audio (HKLM...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
DCX Trader 1.8.15 (HKLM-x32...\DCX_Deploy_0) (Version: - )
Dolby Digital Plus Home Theater (HKLM...{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Foxit Reader (HKLM-x32...\Foxit Reader_is1) (Version: 8.3.1.21155 - Foxit Software Inc.)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
InstaTrader (HKLM-x32...\InstaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Intel(R) Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Internet Download Manager (HKLM-x32...\Internet Download Manager) (Version: - Tonec Inc.)
IP Camera Adapter (HKLM-x32...{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
Java 8 Update 144 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeyScrambler (HKLM-x32...\KeyScrambler) (Version: 3.8.1.0 - QFX Software Corporation)
K-Lite Codec Pack 11.4.0 Basic (HKLM-x32...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Lenovo EasyCamera (HKLM-x32...{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo System Interface Foundation Driver (HKLM...{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MetaTrader - EXNESS (HKLM-x32...\MetaTrader - EXNESS) (Version: 6.00 - MetaQuotes Software Corp.)
Microsoft Excel 2010 (HKLM-x32...\Office14.EXCEL) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32...{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32...{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32...{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32...{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32...{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Firefox 47.0.1 (x86 en-US) (HKCU...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MusicBee 3.0 (HKLM-x32...\MusicBee) (Version: 3.0 - Steven Mayall)
Network Recording Player (HKLM-x32...{79417ECE-DA9D-49B3-B1C9-83AA3EAE6AE0}) (Version: 31.9.3.13 - Cisco WebEx LLC)
OEM Application Profile (HKLM-x32...{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenAL (HKLM-x32...\OpenAL) (Version: - )
PrimoPDF – brought to you by Nitro PDF Software (HKLM-x32...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PX Profile Update (HKLM-x32...{954CFDDE-AF07-2AF9-9600-706E798D42BA}) (Version: 1.00.1. - AMD) Hidden
Raptr (HKLM-x32...\Raptr) (Version: 5.2.1-r113066-release - Raptr, Inc)
Rosetta Stone Language Training (HKLM-x32...{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32...{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Sandboxie 5.20 (64-bit) (HKLM...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32...{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32...{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: - )
Subtitle Edit 3.4.6 (HKLM-x32...\SubtitleEdit_is1) (Version: 3.4.6.544 - Nikse)
Subtitle Edit 3.5.3 (HKLM...\SubtitleEdit_is1) (Version: 3.5.3.0 - Nikse)
USB Vibration Joystick (HKLM-x32...{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Virtual DJ Home - Atomix Productions (HKLM-x32...\Virtual DJ Home - Atomix Productions) (Version: - )
VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM...{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinRAR 4.01 (32-bit) (HKLM-x32...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.40 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Data Recovery 3.82 (HKLM-x32...\Wise Data Recovery_is1) (Version: 3.82 - WiseCleaner.com, Inc.)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 3992.36 MB
Available physical RAM: 1687.54 MB
Total Virtual: 4888.36 MB
Available Virtual: 2039.4 MB

========================= Partitions: =====================================

1 Drive c: (SYSTEM) (Fixed) (Total:116.37 GB) (Free:54.32 GB) NTFS
2 Drive d: () (Fixed) (Total:348.57 GB) (Free:2.07 GB) NTFS

========================= Users: ========================================

User accounts for \ADMIN

Administrator DefaultAccount Guest
Max

**** End of log ****
    I haven’t run checkdisk yet, since you told me to first inform you before doing that. Also, while running checkdisk, can I use the browser or should I close all the programs to let it run?

      Comment

      • Malnutrition
        PCHF Moderator
        • Jul 2016
        • 7045
        #17
        Windows Repair.

        Install (use the direct download) the Tweaking.com - Windows all in one repair tool. Then boot Windows into Safe Mode, (Make Certain To Run This Program As Administrator) then run through the Prescan on step 2 tab. Then skip to step 5 and create a system restore point. Then go to the repair tab…

        Notice create a registry backup is ticked by default, so no need to do so in step 5… https://pchelpforum.net/attachments/...7-26-png.1290/

        Now run the program, with the boxes ticked in the picture below.

        Click Image Below For Better Resolution.

        Forums - PC Help Forum
        https://pchelpforum.net/attachments/upload_2017-1-5_18-40-40-png.1292/
        PCHF Forums


        May want to save picture or write down what boxes need ticked, since you will run this in Safe Mode.

        Important: Make certain to reboot twice after running this tool!!

          Comment

          • maxim123
            PCHF Member
            • Aug 2017
            • 466
            #18
            Hi, here are the logs:
            while repairing I got this error many time:
            fsutil.exe - system error
            the code execution cannot proceed becausethe ktmw32.dll was not found.

              Comment

              • Malnutrition
                PCHF Moderator
                • Jul 2016
                • 7045
                #19
                Please read these instructions. Create FRST and Addition.txt logs, and post them in a new malware thread. We will come back to this thread once your machine is cleared for malware.
                [Prework] Please Read Before Posting

                Create a new thread here.

                  Comment

                  • maxim123
                    PCHF Member
                    • Aug 2017
                    • 466
                    #20
                    Hi, mod @Malnutrition suggested me to check for the malware problems before solving the other issue: https://pchelpforum.net/t/cant-conne...in-panel.18895

                    Frst.txt

                    Code:
                    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2017
Ran by Max (administrator) on ADMIN (08-08-2017 09:24:23)
Running from C:\Users\USER\Desktop
Loaded Profiles: Max (Available Profiles: Max)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) D:\Program Files\Sandboxie\SbieSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\Service\Lenovo.Modern.ImController.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Tonec Inc.) D:\Program Files (x86)\Internet Download Manager\IDMan.exe
(QFX Software Corporation) D:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) D:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Tonec Inc.) D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() D:\Program Files (x86)\Calibre2\ebook-viewer.exe
(AppWork GmbH) D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\JDownloader2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (MicrosoftCorporation)
HKLM...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (ConexantSystems,Inc.)
HKLM...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (ConexantSystems,Inc.)
HKLM...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (AdobeSystemsIncorporated)
HKLM-x32...\Run: [KeyScrambler] => d:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-08-14] (QFXSoftwareCorporation)
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\Run: [SandboxieControl] => d:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-06-06] (SandboxieHoldings,LLC)
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\Run: [IDMan] => D:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2017-06-24] (TonecInc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{01068155-a52c-4740-b306-07578124303c}: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{29e036c1-4265-4952-8012-f43a55ab4933}: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{3ee4e1e4-47d5-4352-aec3-6f70569b12df}: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{F6C362E6-31CF-4394-9851-E5D33DF654FC}: [DhcpNameServer] 192.168.30.1
[HEADING=1]Internet Explorer:[/HEADING]
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU.DEFAULT → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-900945925-988278395-3478122750-1001 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) → {0055C089-8582-441B-A0BF-17B458C2A3A8} → D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-06-23] (InternetDownloadManager,TonecInc.)
BHO: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (MicrosoftCorporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) → {0055C089-8582-441B-A0BF-17B458C2A3A8} → d:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-06-23] (InternetDownloadManager,TonecInc.)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-03] (OracleCorporation)
BHO-x32: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (MicrosoftCorporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-03] (OracleCorporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
[HEADING=1]FireFox:[/HEADING]
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default [2017-08-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\z94n8t79.default → Coolrom Search Engine
FF Homepage: Mozilla\Firefox\Profiles\z94n8t79.default → about:home
FF Extension: (Activate Reader View) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions@activatereaderview.xpi [2017-06-24]
FF Extension: (ADB Helper) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions\adbhelper@mozilla.org [2017-08-03]
FF Extension: (Perapera Chinese) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions\chineseperakun@gmail.com [2017-03-10]
FF Extension: (IDM integration) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions\mozilla_cc2@internetdownloadmanager.com [2017-05-18]
FF Extension: (Coolrom Search Engine) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions{0fc22c4c-93ed-48ea-ad12-dc8039cf3795}.xpi [2016-09-11]
FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF SearchPlugin: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\searchplugins\youtube-video-search.xml [2016-09-17]
FF HKU\S-1-5-21-900945925-988278395-3478122750-1001...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-06-23]
FF HKU\S-1-5-21-900945925-988278395-3478122750-1001...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5 [2017-06-26] [not signed]
FF HKU\S-1-5-21-900945925-988278395-3478122750-1001...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @adobe.com/FlashPlayer → C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 → C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 → C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer → C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp → D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf → D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 → C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 → C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 → C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 → D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 → d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 → d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @webex.com/npatgpc → D:\ProgramData\WebEx\npatgpc.dll [2016-12-21] (Cisco WebEx LLC)
StartMenuInternet: FIREFOX.EXE - d:\Program Files (x86)\Mozilla Firefox\firefox.exe
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2017-08-07]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (ChromeVox) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgejglhpjiefppelpmljglcjbhoiplfn [2017-05-03]
CHR Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2017-07-27]
CHR Extension: (Timer Loop) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdkfiefeoimmobmhdimachkfcpkgahlc [2017-05-09]
CHR Extension: (TTSReader - Unlimited Text-To-Speech) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\melfcogdhodeocnkdiplgdpkllopbhan [2017-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-02]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-03]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-04]
CHR HKLM...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]
CHR HKLM...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]
CHR HKLM-x32...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DsRoleSvc; C:\WINDOWS\system32\dsrolesrv.dll [288768 2017-06-05] (MicrosoftCorporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-24] (ELANMicroelectronicsCorp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373688 2017-06-12] (IntelCorporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (LenovoGroupLimited)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R)Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R)Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (IntelCorporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 SbieSvc; d:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-06-06] (SandboxieHoldings,LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (MicrosoftCorporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (AdobeSystemsIncorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (MicrosoftCorporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (MicrosoftCorporation)
S3 Browser; %SystemRoot%\System32\browser.dll

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmdag.sys [36558232 2017-05-04] (AdvancedMicroDevices,Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmpag.sys [528792 2017-05-04] (AdvancedMicroDevices,Inc.)
R2 AnviFPFltd; C:\WINDOWS\System32\DRIVERS\AnviFPFltd.sys [28568 2015-02-09] (AnviSoft.com)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (SamsungElectronicsCo.,Ltd.)
R3 ETD; C:\WINDOWS\system32\DRIVERS\ETD.sys [467032 2015-08-24] (ELANMicroelectronicsCorp.)
S3 fcdabus; C:\WINDOWS\System32\drivers\fcdabus.sys [24592 2008-10-29] (FarStoneInc.)
U5 FVXSCSI; C:\Windows\System32\Drivers\FVXSCSI.sys [118360 2009-12-23] (FarStoneInc.)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [224208 2015-06-03] (QFXSoftwareCorporation)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-01] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (IntelCorporation)
R1 MpKsld2a8e214; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{83FBC68C-5D13-4B04-8376-05C6EADE185E}\MpKsld2a8e214.sys [44928 2017-08-07] (MicrosoftCorporation)
S3 pbfilter; D:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-08-09] (Realtek)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [615728 2015-06-04] (RealtekSemiconductorCorporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-08-10] (RealsilSemiconductorCorporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-08-10] (RealtekSemiconductorCorp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-19] (RealtekSemiconductorCorporation)
R3 SbieDrv; d:\Program Files\Sandboxie\SbieDrv.sys [207496 2017-06-06] (SandboxieHoldings,LLC)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (SamsungElectronicsCo.,Ltd.)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-02-09] (AnchorfreeInc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (OracleCorporation)
S0 vsmraid; C:\WINDOWS\System32\drivers\vsmraid.sys [166816 2017-03-19] (VIATechnologiesInc.,Ltd)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (MicrosoftCorporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (MicrosoftCorporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (MicrosoftCorporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-17] (CyberLinkCorp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-08 09:24 - 2017-08-08 09:25 - 000019219 _____ C:\Users\USER\Desktop\FRST.txt
2017-08-08 09:24 - 2017-08-08 09:24 - 000000000 ____D C:\FRST
2017-08-08 09:23 - 2017-08-08 09:23 - 002381312 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2017-08-07 12:41 - 2017-08-07 12:41 - 000024338 _____ C:\Users\USER\Desktop\Tweaking.com - Windows Repair 2018 - Pre-Scan.txt
2017-08-07 12:22 - 2017-08-07 12:22 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-07 12:21 - 2017-08-07 12:29 - 000168798 _____ C:\WINDOWS\ntbtlog.txt
2017-08-07 12:17 - 2017-08-07 12:22 - 000002238 _____ C:\Users\USER\Desktop\Tweaking.com - Windows Repair.lnk
2017-08-07 12:15 - 2017-08-07 12:15 - 000003758 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-08-07 12:15 - 2017-08-07 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-08-07 12:14 - 2017-08-07 12:17 - 000194312 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-08-07 12:14 - 2017-08-07 12:14 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-08-04 21:33 - 2017-08-04 21:34 - 000033827 _____ C:\Users\USER\Desktop\MTB.txt
2017-08-03 17:23 - 2017-08-03 17:23 - 000000000 ____D C:\Users\USER\Desktop\backups
2017-08-03 17:00 - 2017-08-03 17:00 - 000000780 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2017-08-03 16:52 - 2017-08-03 16:52 - 000000000 ____D C:\Program Files\WinRAR
2017-08-03 16:51 - 2017-08-03 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit
2017-08-03 16:51 - 2017-08-03 16:51 - 000000000 ____D C:\Program Files\Subtitle Edit
2017-08-03 16:48 - 2017-08-03 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2017-08-03 16:48 - 2017-08-03 16:48 - 000000000 ____D C:\Program Files\AutoHotkey
2017-08-03 16:42 - 2017-08-03 16:42 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-03 16:42 - 2017-08-03 16:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-03 16:42 - 2017-08-03 16:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-03 15:38 - 2017-08-03 15:38 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-08-03 15:38 - 2017-08-03 15:38 - 000000000 ____D C:\Users\USER\AppData\Roaming\Sun
2017-08-03 15:38 - 2017-08-03 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-03 15:37 - 2017-08-03 15:37 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-03 15:29 - 2017-08-03 15:29 - 000000000 ____D C:\ProgramData\Sun
2017-08-03 15:27 - 2017-08-03 17:00 - 000000000 ____D C:\PatchMyPCUpdates
2017-08-03 15:24 - 2017-08-03 15:24 - 000000648 _____ C:\RstHosts.txt
2017-08-03 15:23 - 2017-08-03 15:23 - 000353632 _____ C:\Users\USER\Desktop\rsthosts_2.0.exe
2017-08-03 15:11 - 2017-08-03 15:11 - 000000000 ____D C:\Users\USER\AppData\Roaming\MAGIX
2017-08-03 15:11 - 2017-08-03 15:11 - 000000000 ____D C:\ProgramData\MAGIX
2017-08-03 15:03 - 2017-08-03 15:14 - 000000000 ____D C:\Users\USER\AppData\Roaming\Geek Uninstaller
2017-08-03 12:04 - 2017-08-03 12:04 - 000000000 ____D C:\Users\USER\Desktop\SupRestric
2017-08-03 12:03 - 2017-08-03 12:03 - 000633386 _____ C:\Users\USER\Desktop\SupRestric.zip
2017-07-30 08:31 - 2017-07-30 08:31 - 000554556 _____ C:\WINDOWS\Minidump\073017-23703-01.dmp
2017-07-29 19:57 - 2017-07-29 19:57 - 000000000 ____D C:\Users\USER\AppData\Roaming\Foxit AgentInformation
2017-07-29 19:57 - 2017-07-29 19:57 - 000000000 ____D C:\Users\Public\Foxit Software
2017-07-29 16:51 - 2017-07-29 16:51 - 000001141 _____ C:\Users\USER\Desktop\JDownloader 2.lnk
2017-07-29 16:51 - 2017-07-29 16:51 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2017-07-29 16:34 - 2017-07-29 16:34 - 000248946 _____ C:\Users\USER\Desktop\Install JDownloader.rar
2017-07-25 10:25 - 2017-07-25 10:25 - 000000000 ____D C:\Users\USER\Documents\Audacity
2017-07-18 10:23 - 2017-03-17 22:00 - 002963968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0804.dll
2017-07-18 10:23 - 2017-03-17 22:00 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0804.dll
2017-07-18 10:23 - 2017-03-17 21:54 - 000708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70804.dll
2017-07-18 10:23 - 2017-03-17 21:52 - 003423744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0804.dll
2017-07-18 10:23 - 2017-03-17 21:39 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70804.dll
2017-07-18 10:23 - 2017-03-17 21:38 - 003356672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0804.dll
2017-07-18 10:23 - 2017-02-10 11:22 - 000001696 _____ C:\WINDOWS\system32\NOISE.CHS
2017-07-18 10:17 - 2017-07-18 10:17 - 000000000 ____D C:\Users\USER\AppData\LocalLow\MSLiveStickerWhiteList
2017-07-18 10:17 - 2017-07-18 10:17 - 000000000 ____D C:\Users\USER\AppData\LocalLow\MSLiveSticker
2017-07-12 17:51 - 2017-07-07 13:09 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 17:51 - 2017-07-07 13:05 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 17:51 - 2017-07-07 12:58 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 17:51 - 2017-07-07 12:58 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 17:51 - 2017-07-07 12:56 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 17:51 - 2017-07-07 12:55 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 17:51 - 2017-07-07 12:55 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 17:51 - 2017-07-07 12:42 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 17:51 - 2017-07-07 12:42 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 17:51 - 2017-07-07 12:24 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 17:51 - 2017-07-07 12:24 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 17:51 - 2017-07-07 12:22 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 17:51 - 2017-07-07 12:22 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 17:51 - 2017-07-07 12:16 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 17:51 - 2017-07-07 12:16 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 17:51 - 2017-07-07 12:16 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 17:51 - 2017-07-07 12:15 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 17:51 - 2017-07-07 12:15 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 17:51 - 2017-07-07 12:15 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 17:51 - 2017-07-07 12:14 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 17:51 - 2017-07-07 12:14 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 17:51 - 2017-07-07 12:12 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 17:51 - 2017-07-07 12:11 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 17:51 - 2017-07-07 12:11 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 17:51 - 2017-07-07 12:11 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 17:51 - 2017-07-07 12:11 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 17:51 - 2017-07-07 12:10 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 17:51 - 2017-07-07 12:09 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-12 17:51 - 2017-07-07 12:08 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 17:51 - 2017-07-07 12:04 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 17:51 - 2017-07-07 12:03 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 17:51 - 2017-07-07 11:59 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 17:51 - 2017-07-07 11:59 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 17:51 - 2017-07-07 11:59 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 17:51 - 2017-07-07 11:59 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 17:51 - 2017-07-07 11:58 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 17:51 - 2017-07-07 11:57 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 17:51 - 2017-07-07 11:55 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 17:51 - 2017-07-07 11:55 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 17:51 - 2017-07-07 11:54 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 17:51 - 2017-07-07 11:54 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 17:51 - 2017-07-07 11:52 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 17:51 - 2017-07-07 11:52 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 17:51 - 2017-07-07 11:51 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 17:51 - 2017-07-07 11:50 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 17:51 - 2017-07-07 11:50 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 17:51 - 2017-07-07 11:50 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 17:51 - 2017-07-07 11:50 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 17:51 - 2017-07-07 11:49 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 17:51 - 2017-07-07 11:49 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 17:51 - 2017-07-07 11:49 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 17:51 - 2017-07-07 11:49 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 17:51 - 2017-07-07 11:49 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 17:51 - 2017-07-07 11:48 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 17:51 - 2017-07-07 11:48 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 17:51 - 2017-07-07 11:48 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 17:51 - 2017-07-07 11:47 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 17:51 - 2017-07-07 11:46 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 17:51 - 2017-07-07 11:44 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 17:51 - 2017-07-07 11:44 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 17:51 - 2017-07-07 11:44 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 17:51 - 2017-07-07 11:44 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 17:51 - 2017-07-07 11:44 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 17:51 - 2017-07-07 11:43 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 17:51 - 2017-07-07 11:43 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 17:51 - 2017-07-07 11:43 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 17:51 - 2017-07-07 11:43 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 17:51 - 2017-07-07 11:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 17:51 - 2017-07-07 11:40 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 17:51 - 2017-07-07 11:38 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 17:51 - 2017-07-07 11:38 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 17:51 - 2017-06-20 11:51 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 17:51 - 2017-06-20 11:48 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 17:51 - 2017-06-20 11:47 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 17:51 - 2017-06-20 11:44 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 17:51 - 2017-06-20 11:42 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 17:51 - 2017-06-20 11:19 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 17:51 - 2017-06-20 11:00 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 17:51 - 2017-06-20 10:58 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 17:51 - 2017-06-20 10:58 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 17:51 - 2017-06-20 10:57 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 17:51 - 2017-06-20 10:57 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 17:51 - 2017-06-20 10:55 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 17:51 - 2017-06-20 10:54 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 17:51 - 2017-06-20 10:54 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 17:51 - 2017-06-20 10:53 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 17:51 - 2017-06-20 10:53 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 17:51 - 2017-06-20 10:53 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 17:51 - 2017-06-20 10:52 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 17:51 - 2017-06-20 10:52 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 17:51 - 2017-06-20 10:52 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 17:51 - 2017-06-20 10:52 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 17:51 - 2017-06-20 10:52 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 17:51 - 2017-06-20 10:51 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 17:51 - 2017-06-20 10:51 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 17:51 - 2017-06-20 10:51 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 17:51 - 2017-06-20 10:50 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 17:51 - 2017-06-20 10:50 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 17:51 - 2017-06-20 10:50 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 17:51 - 2017-06-20 10:50 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 17:51 - 2017-06-20 10:49 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 17:51 - 2017-06-20 10:49 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 17:51 - 2017-06-20 10:49 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 17:51 - 2017-06-20 10:49 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 17:51 - 2017-06-20 10:49 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 17:51 - 2017-06-20 10:49 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 17:51 - 2017-06-20 10:48 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 17:51 - 2017-06-20 10:48 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 17:51 - 2017-06-20 10:48 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 17:51 - 2017-06-20 10:47 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 17:51 - 2017-06-20 10:47 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 17:51 - 2017-06-20 10:47 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 17:51 - 2017-06-20 10:46 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 17:51 - 2017-06-20 10:45 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 17:51 - 2017-06-20 10:41 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 17:51 - 2017-06-20 10:34 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 17:51 - 2017-06-20 10:34 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 17:51 - 2017-06-20 10:31 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 17:51 - 2017-06-20 10:30 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 17:51 - 2017-06-20 10:27 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 17:51 - 2017-06-20 10:27 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 17:51 - 2017-06-20 10:27 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 17:51 - 2017-06-20 10:27 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 17:51 - 2017-06-20 10:27 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 17:51 - 2017-06-20 10:26 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 17:51 - 2017-06-20 10:26 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 17:51 - 2017-06-20 10:26 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 17:51 - 2017-06-20 10:26 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 17:51 - 2017-06-20 10:26 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 17:51 - 2017-06-20 10:25 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 17:51 - 2017-06-20 10:25 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 17:51 - 2017-06-20 10:25 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 17:51 - 2017-06-20 10:25 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 17:51 - 2017-06-20 10:25 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 17:51 - 2017-06-20 10:25 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 17:51 - 2017-06-20 10:24 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 17:51 - 2017-06-20 10:24 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 17:51 - 2017-06-20 10:24 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 17:51 - 2017-06-20 10:24 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 17:51 - 2017-06-20 10:24 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 17:51 - 2017-06-20 10:24 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 17:51 - 2017-06-20 10:23 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 17:51 - 2017-06-20 10:23 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 17:51 - 2017-06-20 10:23 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 17:51 - 2017-06-20 10:23 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 17:51 - 2017-06-20 10:23 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 17:51 - 2017-06-20 10:23 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 17:51 - 2017-06-20 10:21 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 17:51 - 2017-06-20 10:20 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 17:51 - 2017-06-20 10:20 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 17:51 - 2017-06-20 10:20 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 17:51 - 2017-06-20 10:19 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 17:51 - 2017-06-20 10:19 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 17:51 - 2017-06-20 10:19 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 17:51 - 2017-06-20 10:19 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 17:51 - 2017-06-20 10:19 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 17:51 - 2017-06-20 10:16 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 17:51 - 2017-06-20 10:15 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 17:51 - 2017-06-20 10:15 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 17:51 - 2017-06-20 10:15 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 17:51 - 2017-06-20 10:13 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 17:50 - 2017-07-07 19:45 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 17:50 - 2017-07-07 13:12 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 17:50 - 2017-07-07 13:12 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 17:50 - 2017-07-07 13:12 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 17:50 - 2017-07-07 13:11 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 17:50 - 2017-07-07 13:10 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 17:50 - 2017-07-07 13:08 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 17:50 - 2017-07-07 13:07 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 17:50 - 2017-07-07 13:07 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 17:50 - 2017-07-07 13:06 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 17:50 - 2017-07-07 13:06 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 17:50 - 2017-07-07 13:05 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 17:50 - 2017-07-07 13:05 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 17:50 - 2017-07-07 13:05 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 17:50 - 2017-07-07 13:00 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 17:50 - 2017-07-07 12:59 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 17:50 - 2017-07-07 12:59 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 17:50 - 2017-07-07 12:59 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 17:50 - 2017-07-07 12:58 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 17:50 - 2017-07-07 12:57 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 17:50 - 2017-07-07 12:57 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 17:50 - 2017-07-07 12:56 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 17:50 - 2017-07-07 12:55 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 17:50 - 2017-07-07 12:55 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 17:50 - 2017-07-07 12:55 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 17:50 - 2017-07-07 12:54 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 001458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 000848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-12 17:50 - 2017-07-07 12:52 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 17:50 - 2017-07-07 12:52 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 17:50 - 2017-07-07 12:25 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 17:50 - 2017-07-07 12:22 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 17:50 - 2017-07-07 12:12 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 17:50 - 2017-07-07 12:12 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 17:50 - 2017-07-07 12:12 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 17:50 - 2017-07-07 12:12 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 17:50 - 2017-07-07 12:11 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 17:50 - 2017-07-07 12:10 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 17:50 - 2017-07-07 12:08 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 17:50 - 2017-07-07 12:08 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 17:50 - 2017-07-07 12:07 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 17:50 - 2017-07-07 12:07 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 17:50 - 2017-07-07 12:06 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 17:50 - 2017-07-07 12:05 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 17:50 - 2017-07-07 12:05 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 17:50 - 2017-07-07 12:05 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 17:50 - 2017-07-07 12:04 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 17:50 - 2017-07-07 12:04 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 17:50 - 2017-07-07 12:04 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 17:50 - 2017-07-07 12:03 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 17:50 - 2017-07-07 12:03 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 17:50 - 2017-07-07 12:03 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 17:50 - 2017-07-07 12:02 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 17:50 - 2017-07-07 12:02 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 17:50 - 2017-07-07 12:02 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 17:50 - 2017-07-07 12:02 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 17:50 - 2017-07-07 12:02 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 17:50 - 2017-07-07 12:01 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 17:50 - 2017-07-07 12:01 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 17:50 - 2017-07-07 12:01 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 17:50 - 2017-07-07 12:00 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 17:50 - 2017-07-07 12:00 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 17:50 - 2017-07-07 11:59 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 17:50 - 2017-07-07 11:59 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 17:50 - 2017-07-07 11:59 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 17:50 - 2017-07-07 11:58 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 17:50 - 2017-07-07 11:58 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 17:50 - 2017-07-07 11:57 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 17:50 - 2017-07-07 11:56 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 17:50 - 2017-07-07 11:56 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 17:50 - 2017-07-07 11:56 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 17:50 - 2017-07-07 11:56 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 17:50 - 2017-07-07 11:55 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 17:50 - 2017-07-07 11:55 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 17:50 - 2017-07-07 11:55 - 004052480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsai.dll
2017-07-12 17:50 - 2017-07-07 11:55 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 17:50 - 2017-07-07 11:51 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 17:50 - 2017-07-07 11:51 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 17:50 - 2017-07-07 11:50 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 17:50 - 2017-07-07 11:50 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 17:50 - 2017-07-07 11:49 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 17:50 - 2017-07-07 11:47 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 17:50 - 2017-07-07 11:46 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 17:50 - 2017-07-02 04:37 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 17:50 - 2017-06-20 12:02 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 17:50 - 2017-06-20 12:01 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 17:50 - 2017-06-20 12:00 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 17:50 - 2017-06-20 11:56 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 17:50 - 2017-06-20 11:56 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 17:50 - 2017-06-20 11:55 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 17:50 - 2017-06-20 11:55 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 17:50 - 2017-06-20 11:53 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 17:50 - 2017-06-20 11:50 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 17:50 - 2017-06-20 11:49 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 17:50 - 2017-06-20 11:48 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 17:50 - 2017-06-20 11:47 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 17:50 - 2017-06-20 11:45 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 17:50 - 2017-06-20 11:45 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 17:50 - 2017-06-20 11:44 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 17:50 - 2017-06-20 11:44 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 17:50 - 2017-06-20 11:43 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 17:50 - 2017-06-20 11:42 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 17:50 - 2017-06-20 11:00 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 17:50 - 2017-06-20 10:59 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 17:50 - 2017-06-20 10:57 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 17:50 - 2017-06-20 10:56 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 17:50 - 2017-06-20 10:56 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 17:50 - 2017-06-20 10:55 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 17:50 - 2017-06-20 10:55 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 17:50 - 2017-06-20 10:55 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 17:50 - 2017-06-20 10:54 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 17:50 - 2017-06-20 10:54 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 17:50 - 2017-06-20 10:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 17:50 - 2017-06-20 10:54 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 17:50 - 2017-06-20 10:54 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 17:50 - 2017-06-20 10:53 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 17:50 - 2017-06-20 10:53 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 17:50 - 2017-06-20 10:53 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 17:50 - 2017-06-20 10:53 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 17:50 - 2017-06-20 10:52 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-07-12 17:50 - 2017-06-20 10:52 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 17:50 - 2017-06-20 10:52 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 17:50 - 2017-06-20 10:51 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 17:50 - 2017-06-20 10:51 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 17:50 - 2017-06-20 10:51 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 17:50 - 2017-06-20 10:51 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 17:50 - 2017-06-20 10:50 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 17:50 - 2017-06-20 10:50 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 17:50 - 2017-06-20 10:50 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 17:50 - 2017-06-20 10:50 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 17:50 - 2017-06-20 10:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 17:50 - 2017-06-20 10:49 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 17:50 - 2017-06-20 10:49 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 17:50 - 2017-06-20 10:49 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 17:50 - 2017-06-20 10:49 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 17:50 - 2017-06-20 10:49 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 17:50 - 2017-06-20 10:48 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 17:50 - 2017-06-20 10:47 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 17:50 - 2017-06-20 10:47 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 17:50 - 2017-06-20 10:46 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 17:50 - 2017-06-20 10:46 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 17:50 - 2017-06-20 10:46 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 17:50 - 2017-06-20 10:46 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 17:50 - 2017-06-20 10:46 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 17:50 - 2017-06-20 10:45 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 17:50 - 2017-06-20 10:44 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 17:50 - 2017-06-20 10:44 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 17:50 - 2017-06-20 10:44 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 17:50 - 2017-06-20 10:39 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-12 17:50 - 2017-06-20 10:30 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-12 17:50 - 2017-06-20 10:27 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 17:50 - 2017-06-20 10:22 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 17:49 - 2017-07-07 13:12 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 17:49 - 2017-07-07 13:12 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 17:49 - 2017-07-07 13:07 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 17:49 - 2017-07-07 13:02 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 17:49 - 2017-07-07 12:59 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 17:49 - 2017-07-07 12:58 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 17:49 - 2017-07-07 12:57 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 17:49 - 2017-07-07 12:55 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 001100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 000992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 000846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-12 17:49 - 2017-07-07 12:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 000672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 000506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 000399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-12 17:49 - 2017-07-07 12:12 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 17:49 - 2017-07-07 12:12 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 17:49 - 2017-07-07 12:12 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 17:49 - 2017-07-07 12:12 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 17:49 - 2017-07-07 12:09 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 17:49 - 2017-07-07 12:08 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 17:49 - 2017-07-07 12:08 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 17:49 - 2017-07-07 12:06 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 17:49 - 2017-07-07 12:04 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 17:49 - 2017-07-07 12:03 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 17:49 - 2017-07-07 12:02 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 17:49 - 2017-07-07 12:02 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 17:49 - 2017-07-07 11:59 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 17:49 - 2017-07-07 11:57 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 17:49 - 2017-07-07 11:57 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 17:49 - 2017-07-07 11:56 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 17:49 - 2017-07-07 11:56 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 17:49 - 2017-07-07 11:56 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 17:49 - 2017-07-07 11:56 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 17:49 - 2017-07-07 11:52 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 17:49 - 2017-07-07 11:52 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 17:49 - 2017-07-07 11:50 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 17:49 - 2017-07-07 11:49 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 17:49 - 2017-07-07 11:49 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 17:49 - 2017-06-20 12:03 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 17:49 - 2017-06-20 12:03 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 17:49 - 2017-06-20 12:02 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 17:49 - 2017-06-20 12:02 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 17:49 - 2017-06-20 12:02 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 17:49 - 2017-06-20 12:02 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 17:49 - 2017-06-20 12:01 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 17:49 - 2017-06-20 11:49 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 17:49 - 2017-06-20 11:48 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 17:49 - 2017-06-20 11:47 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 17:49 - 2017-06-20 11:45 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 17:49 - 2017-06-20 11:44 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 17:49 - 2017-06-20 11:44 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 17:49 - 2017-06-20 11:43 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 17:49 - 2017-06-20 11:43 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 17:49 - 2017-06-20 11:01 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 17:49 - 2017-06-20 11:01 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 17:49 - 2017-06-20 10:59 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 17:49 - 2017-06-20 10:58 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 17:49 - 2017-06-20 10:58 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 17:49 - 2017-06-20 10:58 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 17:49 - 2017-06-20 10:57 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 17:49 - 2017-06-20 10:57 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 17:49 - 2017-06-20 10:55 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 17:49 - 2017-06-20 10:55 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 17:49 - 2017-06-20 10:53 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 17:49 - 2017-06-20 10:53 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 17:49 - 2017-06-20 10:52 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 17:49 - 2017-06-20 10:52 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 17:49 - 2017-06-20 10:52 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 17:49 - 2017-06-20 10:52 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 17:49 - 2017-06-20 10:51 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 17:49 - 2017-06-20 10:51 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 17:49 - 2017-06-20 10:51 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 17:49 - 2017-06-20 10:51 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 17:49 - 2017-06-20 10:50 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 17:49 - 2017-06-20 10:50 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 17:49 - 2017-06-20 10:50 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 17:49 - 2017-06-20 10:50 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 17:49 - 2017-06-20 10:49 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 17:49 - 2017-06-20 10:48 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 17:49 - 2017-06-20 10:47 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 17:49 - 2017-06-20 10:47 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 17:49 - 2017-06-20 10:47 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 17:49 - 2017-06-20 10:46 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 17:49 - 2017-06-20 10:46 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 17:49 - 2017-06-20 10:46 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 17:49 - 2017-06-20 10:45 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 17:49 - 2017-06-20 10:43 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 17:49 - 2017-06-20 10:42 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 17:49 - 2017-06-20 10:42 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-12 17:49 - 2017-06-20 10:41 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 17:49 - 2017-06-20 10:41 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-08 09:25 - 2017-03-19 02:48 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-08 09:23 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-08 09:17 - 2017-03-08 02:10 - 000000000 ____D C:\Users\USER\AppData\Roaming\vlc
2017-08-07 23:59 - 2017-06-04 15:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-07 15:39 - 2015-06-07 08:27 - 000000399 _____ C:\Users\USER\Desktop\mod 2 (.txt
2017-08-07 14:04 - 2017-06-26 14:23 - 000000000 ____D C:\Users\USER\AppData\Roaming\DMCache
2017-08-07 14:02 - 2016-11-24 15:20 - 000102000 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-08-07 14:01 - 2017-06-04 15:14 - 000433486 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-07 13:57 - 2017-06-04 15:10 - 000000180 _____ C:\WINDOWS\system32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-07 13:56 - 2017-06-04 15:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-07 13:56 - 2017-03-18 17:25 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-07 13:29 - 2017-06-04 15:07 - 005042424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-07 13:23 - 2017-03-19 02:48 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-08-07 13:23 - 2017-03-19 02:48 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-08-07 13:03 - 2017-06-04 15:14 - 001418990 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-08-03 18:01 - 2017-02-18 16:31 - 000000000 ____D C:\AdwCleaner
2017-08-03 18:01 - 2016-07-16 17:32 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-08-03 17:23 - 2017-06-04 15:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2017-08-03 17:00 - 2015-04-18 23:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2017-08-03 16:52 - 2015-03-25 06:48 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-03 16:52 - 2015-03-25 06:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-03 16:51 - 2015-05-05 18:21 - 000001923 _____ C:\Users\USER\Desktop\Subtitle Edit.lnk
2017-08-03 16:51 - 2015-05-05 18:21 - 000000000 ____D C:\Users\USER\AppData\Roaming\Subtitle Edit
2017-08-03 16:50 - 2017-06-26 13:54 - 000000869 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-03 16:48 - 2016-04-27 12:06 - 000000000 ____D C:\WINDOWS\ShellNew
2017-08-03 16:47 - 2017-03-08 02:08 - 000000818 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-08-03 16:36 - 2015-04-09 09:14 - 000000000 ____D C:\Users\USER\AppData\Roaming\PrimoPDF
2017-08-03 16:28 - 2015-10-03 12:48 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-03 15:24 - 2015-03-26 08:15 - 000000089 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_512
2017-08-03 15:22 - 2015-05-27 07:14 - 000000000 ____D C:\WINDOWS\USB Vibration
2017-08-03 15:22 - 2015-05-27 07:14 - 000000000 ____D C:\Program Files (x86)\USB Vibration
2017-08-03 15:22 - 2014-08-17 21:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-03 15:17 - 2016-03-04 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2017-08-03 15:16 - 2017-06-04 15:13 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-03 15:13 - 2016-10-24 21:21 - 000000000 ____D C:\Users\USER\Documents\samsung
2017-08-03 15:12 - 2016-10-24 21:20 - 000000000 ____D C:\Users\USER\AppData\Roaming\Samsung
2017-08-03 15:12 - 2016-03-27 23:19 - 000000000 ____D C:\Program Files (x86)\simplitec
2017-08-03 15:05 - 2015-08-09 19:58 - 000000000 ____D C:\Program Files\lenovo
2017-08-03 15:04 - 2014-12-07 14:36 - 000000000 ____D C:\Program Files (x86)\Lenovo
2017-08-03 12:13 - 2017-06-26 14:23 - 000000000 ____D C:\Users\USER\AppData\Roaming\IDM
2017-08-03 12:04 - 2015-03-23 18:33 - 000007601 _____ C:\Users\USER\AppData\Local\resmon.resmoncfg
2017-08-02 21:34 - 2017-06-04 15:41 - 000004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4D12BD10-5D48-44A7-8697-AC286599C1AE}
2017-07-30 23:08 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-30 08:31 - 2017-06-30 08:31 - 608181504 _____ C:\WINDOWS\MEMORY.DMP
2017-07-30 08:31 - 2017-06-30 08:31 - 000000000 ____D C:\WINDOWS\Minidump
2017-07-29 19:57 - 2015-04-15 22:32 - 000000000 ____D C:\Users\USER\AppData\Roaming\Foxit Software
2017-07-28 21:55 - 2017-05-12 12:33 - 000000000 ____D C:\Users\USER\AppData\Roaming\MusicBee
2017-07-28 20:23 - 2015-10-30 19:01 - 000000000 ____D C:\Users\USER\Downloads\Compressed
2017-07-28 09:22 - 2016-07-16 10:23 - 000000000 ___RD C:\Users\USER\OneDrive
2017-07-27 10:56 - 2017-04-28 16:48 - 000000000 ____D C:\Users\USER\AppData\Roaming\audacity
2017-07-23 19:54 - 2017-02-12 12:46 - 000002160 _____ C:\WINDOWS\Sandboxie.ini
2017-07-18 10:57 - 2017-03-19 08:15 - 000000000 ____D C:\WINDOWS\OCR
2017-07-18 10:57 - 2017-03-19 02:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-07-17 13:32 - 2016-01-15 00:38 - 000003164 _____ C:\Users\USER\Desktop\manga lists.txt
2017-07-15 17:11 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\rescache
2017-07-12 20:27 - 2017-03-19 02:46 - 000000000 ____D C:\WINDOWS\INF
2017-07-12 19:45 - 2016-11-21 00:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-12 17:56 - 2015-02-15 19:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 17:52 - 2015-02-15 19:22 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-12 11:05 - 2017-02-26 13:42 - 000000000 ____D C:\ProgramData\Foxit Software
2017-07-11 18:45 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 18:44 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed

==================== Files in the root of some directories =======

2015-10-10 00:28 - 2015-10-10 00:28 - 000000132 _____ () C:\Users\USER\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-11-25 22:45 - 2016-11-29 09:54 - 000000724 _____ () C:\Users\USER\AppData\Local\BlackToText907.tif
2015-02-02 14:12 - 2015-08-08 10:01 - 3941910743 _____ () C:\Users\USER\AppData\Local\BTServer.log
2016-11-25 22:53 - 2016-11-29 09:54 - 000000026 _____ () C:\Users\USER\AppData\Local\gt-props
2015-03-23 18:33 - 2017-08-03 12:04 - 000007601 _____ () C:\Users\USER\AppData\Local\resmon.resmoncfg
2016-06-18 10:14 - 2016-06-18 10:14 - 000000000 _____ () C:\Users\USER\AppData\Local{0F5721C5-C3C8-48A3-8C8E-0FF32FF6C759}
2017-06-04 15:10 - 2017-06-04 15:10 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
[HEADING=1]Some files in TEMP:[/HEADING]
2017-07-29 16:35 - 2017-07-29 16:36 - 000079736 _____ (AppWork GmbH) C:\Users\USER\AppData\Local\Temp\131457990538232782.exe
2017-07-29 16:36 - 2017-07-29 16:36 - 001411636 _____ (Tulofeh ) C:\Users\USER\AppData\Local\Temp\13145799062384430900.exe
2017-07-12 11:05 - 2014-11-26 18:03 - 004856544 _____ (Foxit Corporation) C:\Users\USER\AppData\Local\Temp\FoxitUpdater.exe
2017-08-03 15:03 - 2017-08-03 15:03 - 004043712 _____ (Geek Unіnstaller) C:\Users\USER\AppData\Local\Temp\geek64.exe
2017-08-05 19:49 - 2017-08-05 19:49 - 000040448 _____ () C:\Users\USER\AppData\Local\Temp\proxy_vole4575658297680175100.dll
2017-08-05 19:49 - 2017-08-05 19:49 - 000040448 _____ () C:\Users\USER\AppData\Local\Temp\proxy_vole6487281428690232988.dll
2017-08-05 19:49 - 2017-08-05 19:49 - 000040448 _____ () C:\Users\USER\AppData\Local\Temp\proxy_vole6869256519616214492.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-07 16:23

==================== End of FRST.txt ============================
                    Addition.txt
                    [HEADING=1]
                    Code:
                    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2017
Ran by Max (08-08-2017 09:27:05)
Running from C:\Users\USER\Desktop
Windows 10 Pro Version 1703 (X64) (2017-06-04 10:08:36)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-900945925-988278395-3478122750-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-900945925-988278395-3478122750-503 - Limited - Disabled)
Guest (S-1-5-21-900945925-988278395-3478122750-501 - Limited - Disabled)
Max (S-1-5-21-900945925-988278395-3478122750-1001 - Administrator - Enabled) => C:\Users\USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AMD Software (HKLM...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32...\Anki) (Version: - )
Audacity 2.1.3 (HKLM-x32...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AutoHotkey 1.1.26.01 (HKLM...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Bulk Rename Utility 2.7.1.3 (HKLM...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
calibre (HKLM-x32...{A253C2A7-FD66-43AA-9EA7-D30E5041F391}) (Version: 3.5.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM...{15EEB07A-3FB9-FA4C-8EFF-697728CB1E5C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM...{D6823E97-B396-927D-D651-AFB82BE03523}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM...{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM...{A63E3031-0522-18C6-F18F-7EE80973315F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM...{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM...{A2966D0F-43BB-116D-C9C7-49612FBFD0AE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM...{4C608ED2-535B-2119-3661-9E6F7DDB600F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM...{BF26ACAF-6D09-023B-5FB7-8A848874A724}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM...{9005C809-497A-FD45-CB96-76A3338E35B9}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM...{9DB37D05-F855-5D7D-08C2-25E00E2CCDBC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM...{87250370-0A99-4ED9-DCE4-970DAC325FA5}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM...{D84300A6-72F1-5771-B3B1-8FC71184AB38}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM...{1F815C78-D31E-53FD-C8BF-3215E4F022A3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM...{56D13277-FA9F-2842-682D-DD7298973585}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM...{79F58747-D616-4CDB-7D8B-4BC580D99153}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM...{8D0C7788-D519-7B65-36F6-D0D21296F173}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM...{02E80355-64BF-6C1E-B0B7-76857D62A86D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM...{930FD2C7-D026-197D-94E4-CB5917CE7420}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM...{086D11E3-9CA4-DBEF-2B48-5A2EFFD53145}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM...{77158555-E271-A561-ECDA-611639388B5C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM...{97673BD1-8CA0-53EF-C4E7-282CD8748F1C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM...{D0C1EAB6-92F1-EE91-04C2-5947EE150593}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM...{57EAA61A-CD02-DF34-0839-2549F57A334C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM...{F1AD64B3-4114-8EF7-407C-F9F9122EDA68}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM...{AA477FD2-347B-1732-5D8C-AF35AF1B9703}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM...{ED28D75F-557C-39C9-5004-F8F17C8BC279}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM...{41268A73-D680-48C5-DE5E-CF67C05CBBBB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM...{BBFC5953-2CB9-5932-1D47-52E4AA99737B}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM...{01E7D692-D785-743F-5A55-F00162D26A1C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM...{9655DE76-0987-9159-5A7E-FCE18409D004}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM...{5D8BA452-1264-7D13-E4EC-8236EC5B83FE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM...{CD73EC8B-9F04-5EA1-8FD4-AEE4DAC51267}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM...{397C2EE5-B514-0CC5-53C3-2FBE46CE6EDF}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM...{F49BA906-83DA-3F5A-5B24-03C8DE2A3936}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM...{45FA39D2-8AEB-AFF8-2FA6-96891732CB80}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM...{5A466CAA-F071-D9EF-A799-EF63552DBE70}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM...{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM...{D7DC4DDB-3E0D-6F79-4258-4A461654B689}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM...{ACDFF800-6015-BEEC-8A27-7B1A80915273}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM...{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM...{A28B1FC5-3947-9D39-7FE5-A3CB18E16358}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM...{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.32 - Piriform)
Conexant HD Audio (HKLM...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
DCX Trader 1.8.15 (HKLM-x32...\DCX_Deploy_0) (Version: - )
Dolby Digital Plus Home Theater (HKLM...{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Foxit Reader (HKLM-x32...\Foxit Reader_is1) (Version: 8.3.1.21155 - Foxit Software Inc.)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
IDM Crack 6.28 build 9 (HKLM-x32...\IDM Crack 6.28 build 9) (Version: build 14 - Crackingpatching.com Team)
InstaTrader (HKLM-x32...\InstaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Intel(R) Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Internet Download Manager (HKLM-x32...\Internet Download Manager) (Version: - Tonec Inc.)
IP Camera Adapter (HKLM-x32...{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
Java 8 Update 144 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeyScrambler (HKLM-x32...\KeyScrambler) (Version: 3.8.1.0 - QFX Software Corporation)
K-Lite Codec Pack 11.4.0 Basic (HKLM-x32...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Lenovo EasyCamera (HKLM-x32...{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo System Interface Foundation Driver (HKLM...{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MetaTrader - EXNESS (HKLM-x32...\MetaTrader - EXNESS) (Version: 6.00 - MetaQuotes Software Corp.)
Microsoft Excel 2010 (HKLM-x32...\Office14.EXCEL) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32...{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32...{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32...{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32...{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32...{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Firefox 47.0.1 (x86 en-US) (HKU\S-1-5-21-900945925-988278395-3478122750-1001...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MusicBee 3.0 (HKLM-x32...\MusicBee) (Version: 3.0 - Steven Mayall)
Network Recording Player (HKLM-x32...{79417ECE-DA9D-49B3-B1C9-83AA3EAE6AE0}) (Version: 31.9.3.13 - Cisco WebEx LLC)
OEM Application Profile (HKLM-x32...{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenAL (HKLM-x32...\OpenAL) (Version: - )
PeerBlock 1.2 (r693) (HKLM...{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PrimoPDF – brought to you by Nitro PDF Software (HKLM-x32...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PX Profile Update (HKLM-x32...{954CFDDE-AF07-2AF9-9600-706E798D42BA}) (Version: 1.00.1. - AMD) Hidden
Raptr (HKLM-x32...\Raptr) (Version: 5.2.1-r113066-release - Raptr, Inc)
Rosetta Stone Language Training (HKLM-x32...{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32...{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Sandboxie 5.20 (64-bit) (HKLM...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32...{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32...{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: - )
Subtitle Edit 3.4.6 (HKLM-x32...\SubtitleEdit_is1) (Version: 3.4.6.544 - Nikse)
Subtitle Edit 3.5.3 (HKLM...\SubtitleEdit_is1) (Version: 3.5.3.0 - Nikse)
Tweaking.com - Windows Repair (HKLM-x32...\Tweaking.com - Windows Repair) (Version: 4.0.1 - Tweaking.com)
USB Vibration Joystick (HKLM-x32...{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Virtual DJ Home - Atomix Productions (HKLM-x32...\Virtual DJ Home - Atomix Productions) (Version: - )
VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM...{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinRAR 4.01 (32-bit) (HKLM-x32...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.40 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Data Recovery 3.82 (HKLM-x32...\Wise Data Recovery_is1) (Version: 3.82 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID{0112bcab-ec40-8cbd-e8e0-18acfa7731940}\InprocServer32 → 0x6C41493845567338387553786F394142486741734146567A5A584A4F5957316C5055347651534E4462323177595735355055347651534E46545746706244314F4C30456A5648687553575139546939425150694B4563797A4D355763592F7044516932 (the data entry has 114 more characters). => No File
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 → C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 → C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 → C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID{ef79fc18-df28-de4f-628c-b2e02c0815a76}\InprocServer32 → 0x9B8193826C8AD201D0E395826C8AD201010000000300000000000000 => No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] → {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (TonecInc.)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] → {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll [2017-03-19] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [Offline Files] → {4E77131D-3629-431c-9818-C5679DC83E81} => C:\WINDOWS\System32\cscui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers1-x32: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => d:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (IgorPavlov)
ContextMenuHandlers1-x32: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => → No File
ContextMenuHandlers1-x32: [Atheros] → {B8952421-0E55-400B-94A6-FA858FC0A39F} => → No File
ContextMenuHandlers1-x32: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\ShellExt.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] → {A94757A0-0226-426F-B4F1-4DF381C630D3} => d:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (FoxitSoftwareInc.)
ContextMenuHandlers1-x32: [ModernSharing] → {e2bf9676-5f8f-435c-97eb-11607a5bedf7} => C:\WINDOWS\system32\ntshrui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers1-x32: [Open With] → {09799AFB-AD67-11d1-ABCD-00C04FC30936} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation)
ContextMenuHandlers1-x32: [Sharing] → {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers1-x32: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (AlexanderRoshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (AlexanderRoshal)
ContextMenuHandlers2: [EnhancedStorageShell] → {2854F705-3548-414C-A113-93E27C808C85} => C:\Windows\System32\EhStorShell.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers2: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\ShellExt.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers2: [Sharing] → {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers3: [CopyAsPathMenu] → {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation)
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers3: [SendTo] → {7BA4C740-9E81-11CF-99D3-00AA004AE837} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation)
ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => → No File
ContextMenuHandlers4-x32: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => d:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (IgorPavlov)
ContextMenuHandlers4-x32: [AIMP] → {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => → No File
ContextMenuHandlers4-x32: [EncryptionMenu] → {A470F8CF-A1E8-4f65-8335-227475AA5C46} => → No File
ContextMenuHandlers4-x32: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\ShellExt.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers4-x32: [Offline Files] → {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\WINDOWS\System32\cscui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers4-x32: [Sharing] → {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers4-x32: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (AlexanderRoshal)
ContextMenuHandlers4-x32-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (AlexanderRoshal)
ContextMenuHandlers4-x32-x32: [WorkFolders] → {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => → No File
ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => → No File
ContextMenuHandlers5: [ACE] → {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (AdvancedMicroDevices,Inc.)
ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => → No File
ContextMenuHandlers5: [igfxDTCM] → {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-12] (IntelCorporation)
ContextMenuHandlers5: [New] → {D969A300-E7FF-11d0-A93B-00A0C90F2719} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation)
ContextMenuHandlers5: [Sharing] → {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers5: [WorkFolders] → {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => → No File
ContextMenuHandlers6: [BriefcaseMenu] → {85BBD920-42A0-1069-A2E4-08002B30309D} => → No File
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] → {A94757A0-0226-426F-B4F1-4DF381C630D3} => d:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (FoxitSoftwareInc.)
ContextMenuHandlers6: [Library Location] → {3dad6c5d-2167-4cae-9914-f99e41c12cfa} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] → {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\WINDOWS\System32\cscui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers6: [PintoStartScreen] → {470C0EBD-5D73-4d58-9CED-E91E22E23282} => C:\Windows\System32\appresolver.dll [2017-06-05] (MicrosoftCorporation)
ContextMenuHandlers6: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (AlexanderRoshal)
ContextMenuHandlers6-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (AlexanderRoshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {045A1054-B37B-4B09-95A5-79A4F321C4F2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {056673BB-5009-40C5-BC4A-CDD03751C791} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-03] (Tweaking.com)
Task: {05C35C43-30B0-478C-A045-7452BCE45E4E} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\WINDOWS\system32\defrag.exe [2017-03-19] (MicrosoftCorp.)
Task: {0BC7BB05-2369-444D-9C20-D133441EEE89} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-06-20] (MicrosoftCorporation)
Task: {0C518199-F01B-42CF-9CB7-16710B002812} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\WINDOWS\system32\MDMAgent.exe [2017-03-19] (MicrosoftCorporation)
Task: {0CC2C164-C391-4AE1-AC44-61014D23FC1F} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization => C:\WINDOWS\system32\defrag.exe [2017-03-19] (MicrosoftCorp.)
Task: {0CFFAC74-2B0F-48F1-BAB2-7BD1A9E75C5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess → No File <==== ATTENTION
Task: {12382A3B-9F27-4B4D-B7C0-6551032014C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (GoogleInc.)
Task: {123F2F42-CE4F-4735-9E20-428497D2B200} - System32\Tasks\shutdown => C:\Windows\System32\shutdown.exe [2017-03-19] (MicrosoftCorporation)
Task: {13296847-B286-4D53-AFA5-E14740397DD5} - System32\Tasks\Microsoft\Windows\MUI\Mcbuilder => C:\WINDOWS\System32\mcbuilder.exe [2017-03-19] (MicrosoftCorporation)
Task: {175EEFC8-16F5-4072-9093-46A1E622F59D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B → No File <==== ATTENTION
Task: {1CF6BD0B-D26F-4F52-8811-AD1FD7DAA01A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\110323a4-c849-4dae-9628-a720238a215e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (LenovoGroupLimited)
Task: {240478A4-B7D2-43B1-AF21-626C77E72C1F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\WINDOWS\system32\disksnapshot.exe [2017-03-19] (MicrosoftCorporation)
Task: {24B30C6A-FB82-4D3F-A478-CF9768E23ACD} - System32\Tasks\Microsoft\Windows\UNP\RunCampaignManager => C:\WINDOWS\System32\UNP\UNPCampaignManager.exe [2017-04-02] (MicrosoftCorporation)
Task: {2532DB2F-A598-4946-BA1F-6EBE9D19C34C} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\WINDOWS\System32\WindowsActionDialog.exe [2017-03-19] (MicrosoftCorporation)
Task: {2DBB3874-C30C-44A9-A6F5-9C48F02F16D3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\06484341-7f04-42cc-ab7a-e55cbeb6bc9f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (LenovoGroupLimited)
Task: {33C04DDB-DE68-4033-8570-ADDDBFF99E1B} - System32\Tasks\Microsoft\Windows\NlaSvc\WiFiTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {3A164F3D-787C-4685-BECB-4B7B366C9FDF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-07-12] (MicrosoftCorporation)
Task: {3AEEF4D4-C4A8-42A1-8A1E-80CA054C2E9C} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\WINDOWS\system32\srtasks.exe [2017-03-19] (MicrosoftCorporation)
Task: {3EA82649-A360-4898-A6FB-C273024D1364} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\WINDOWS\System32\wpcmon.exe [2017-03-19] (MicrosoftCorporation)
Task: {4051EB0B-2917-432F-B9F9-431C7E3C9181} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\WINDOWS\system32\RAServer.exe [2017-03-19] (MicrosoftCorporation)
Task: {405C84BB-90E5-4359-B749-5C967D252C3A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {42175A28-1226-4E67-9DE0-726365EF9F40} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\08483c54-0d53-407b-96a4-579aa11dfc78 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (LenovoGroupLimited)
Task: {4641179A-BBA6-4BA3-9BF2-A13AB04B2C27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d → No File <==== ATTENTION
Task: {4A5D4628-E32A-4422-9B01-D37DD4C1CE75} - System32\Tasks\Microsoft\Windows\WwanSvc\NotificationTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\WINDOWS\System32\sihclient.exe [2017-07-07] (MicrosoftCorporation)
Task: {52C4776E-11B1-402C-A230-0A0306A146C4} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\WINDOWS\System32\wsqmcons.exe [2017-03-19] (MicrosoftCorporation)
Task: {5BC5A21F-4785-41A6-B4B1-62FB9B08FABD} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\WINDOWS\System32\dsregcmd.exe [2017-03-19] (MicrosoftCorporation)
Task: {5C326114-085E-444C-9B7A-D3E2E59C549E} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\WINDOWS\system32\devicecensus.exe [2017-06-20] (MicrosoftCorporation)
Task: {5CF2C2DC-DDD5-41C6-A035-1B4B3F2BEC2D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe [2017-06-20] (MicrosoftCorporation)
Task: {6772AC65-7600-4DF2-9BD5-F17292FAAE4B} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\WINDOWS\system32\speech_onecore\common\SpeechModelDownload.exe [2017-03-19] (MicrosoftCorporation)
Task: {68F37285-0BE2-4C12-8402-B06A59075A81} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\WINDOWS\system32\MusNotification.exe [2017-06-20] (MicrosoftCorporation)
Task: {6A0F36AE-7DF3-413C-BA95-E51BD7EE99AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d → No File <==== ATTENTION
Task: {6A2D76AE-96C2-4F24-BA7E-ACFFA2592368} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2017-03-19] (MicrosoftCorporation)
Task: {6C2CFD78-9D8A-4390-BCD1-21B3185E1668} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {6CFFC74A-9478-4A80-A16C-61BCC681BAB1} - \WPD\SqmUpload_S-1-5-21-900945925-988278395-3478122750-1001 → No File <==== ATTENTION
Task: {70E0A093-79B7-461E-A9C7-B67CD7B1511E} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload => C:\WINDOWS\system32\dmclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {799AC654-A37D-49AA-B0F3-433D7D5EBBD9} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {7FB60B2C-DCD1-4862-8880-1AA740E48D8E} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\WINDOWS\System32\XblGameSaveTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {829C695F-E874-432A-9A9F-7862D04236B9} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\WINDOWS\system32\dstokenclean.exe [2017-03-19] (MicrosoftCorporation)
Task: {87488988-70F6-44C5-A1BD-E328BE17C205} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\WINDOWS\system32\appidpolicyconverter.exe [2017-03-19] (MicrosoftCorporation)
Task: {87827D32-73E0-4DEC-A285-A495BF227BAF} - System32\Tasks\User_Feed_Synchronization-{4D12BD10-5D48-44A7-8697-AC286599C1AE} => C:\Windows\system32\msfeedssync.exe [2017-03-19] (MicrosoftCorporation)
Task: {88209412-5377-4AA1-B01E-F5D5A6F39E21} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\WINDOWS\system32\SpaceAgent.exe [2017-03-19] (MicrosoftCorporation)
Task: {88E18EB0-E633-47C9-8FE5-84CEAB8F5EF7} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\WINDOWS\system32\AppHostRegistrationVerifier.exe [2017-03-19] (MicrosoftCorporation)
Task: {896ED842-4861-49E9-A2C1-0AE31689F876} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\WINDOWS\system32\ClipUp.exe [2017-03-19] (MicrosoftCorporation)
Task: {8EE52AD7-9F81-40D3-AE0C-9F5DB09BC56F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2017-03-19] (MicrosoftCorporation)
Task: {936FF605-A684-4476-8E62-E051A903B3D3} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2017-03-19] (MicrosoftCorporation)
Task: {938954E2-DAFB-4BCD-8740-6AC11EBFE13C} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\WINDOWS\system32\appidcertstorecheck.exe [2017-03-19] (MicrosoftCorporation)
Task: {9CF304F4-4D08-4DBB-A568-102240A2160B} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {9DC43337-F240-499B-A7BB-353C15DEBCC4} - System32\Tasks{1E6113B1-6320-42D6-98F3-9B2BBA5E0C28} => “d:\program files (x86)\mozilla firefox\firefox.exe” hxxp://ui.skype.com/ui/0/7.4.0.102/en/go/help.faq.installer?LastError=1638
Task: {A0CCB3EE-6C70-4B21-8E5B-F6AD89850B71} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A2DA212A-A09D-4FF1-AE31-A79C2A2B4C6B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-06-20] (MicrosoftCorporation)
Task: {A2F71EA0-2D51-4117-9233-DF4CA5CD6A9D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd → No File <==== ATTENTION
Task: {AC44582C-9524-47F0-8CCA-764158C07408} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2017-03-19] (MicrosoftCorporation)
Task: {AC60DB78-1A08-45A4-8990-357D65C3727F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5115b37c-ad53-4808-937c-4d8f4eedbddb => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (LenovoGroupLimited)
Task: {ADE1B79E-902D-48F4-B104-0EAE57D965F2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d → No File <==== ATTENTION
Task: {B0B01AAA-FF6C-4441-B75E-44A24B0B37CD} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\WINDOWS\System32\dusmtask.exe [2017-03-19] (MicrosoftCorporation)
Task: {B2C7FF3D-1D7C-44E2-8ED5-4736AFB73DD7} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2017-03-18] (MicrosoftCorporation)
Task: {B5EA650A-8EE9-4BA5-BAA0-2A8ACE00500D} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\WINDOWS\system32\spaceman.exe [2017-03-19] (MicrosoftCorporation)
Task: {B6E6ABD5-79ED-4B43-AAEB-7ECE3DAC097C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (GoogleInc.)
Task: {BCC432F2-7A57-4195-881F-9013CF46F613} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\WINDOWS\system32\lpremove.exe [2017-03-19] (MicrosoftCorporation)
Task: {BD69C6ED-AD55-467C-B787-533200C3B376} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\WINDOWS\System32\XblGameSaveTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {BF728E4A-B1B4-406C-A6B2-1A4888A56396} - \OfficeSoftwareProtectionPlatform\SvcRestartTask → No File <==== ATTENTION
Task: {C05E2FFD-7D0D-4F6B-952B-A3318F829D19} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Cellular => C:\WINDOWS\system32\ProvTool.exe [2017-03-19] (MicrosoftCorporation)
Task: {C07B4EB8-2EF6-4E54-832F-41346E84FE16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent → No File <==== ATTENTION
Task: {C162FF56-952F-4ABA-AE13-AA8CB0F4C087} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\WINDOWS\System32\drvinst.exe [2017-03-19] (MicrosoftCorporation)
Task: {C3366BA4-5CE0-4910-AB6B-A7BAF87DB671} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent → No File <==== ATTENTION
Task: {C42799B6-75B2-42CF-8197-3BE332E05553} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {C640FB47-29FB-4AC6-AFA5-C82226025C5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d → No File <==== ATTENTION
Task: {C97B639A-C1BF-4E0C-ACFD-CF5B27B65B3C} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\WINDOWS\system32\wermgr.exe [2017-03-19] (MicrosoftCorporation)
Task: {CAD736D1-5AF2-43F9-8B72-E840730A9777} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-06-20] (MicrosoftCorporation)
Task: {CBD48141-91AD-4F24-B406-70C0D7F41BD4} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\WINDOWS\system32\DFDWiz.exe [2017-03-19] (MicrosoftCorporation)
Task: {CBEE037D-274B-4B95-8D87-EE23F25F2016} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-06-20] (MicrosoftCorporation)
Task: {CDC553D2-B5AD-4AF3-BB6D-5AA47466C1F9} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\WINDOWS\system32\ProvTool.exe [2017-03-19] (MicrosoftCorporation)
Task: {CFE9501D-B60F-45DB-B48F-19C572F7F30E} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\WINDOWS\system32\AppHostRegistrationVerifier.exe [2017-03-19] (MicrosoftCorporation)
Task: {D1D516C0-190A-447A-B181-6D3ADBE8AA1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig → No File <==== ATTENTION
Task: {D2C50CE0-7E9B-4F0D-A2A4-95AC59829444} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\WINDOWS\SYSTEM32\BthUdTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {DE280E27-41E3-43DD-8D0C-7D14FBD3A6ED} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {E11183CC-FCAC-479E-B422-6A72654C14EA} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\WINDOWS\System32\LocationNotificationWindows.exe [2017-03-19] (MicrosoftCorporation)
Task: {E4372E00-DE8E-459E-94B5-37E15ADDBE5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (PiriformLtd)
Task: {EFF969EA-3F95-4DD6-A895-C891417E5D1A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe [2017-06-20] (MicrosoftCorporation)
Task: {F7ECD4CC-F7F6-409A-890E-5F836A87DBEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d → No File <==== ATTENTION
Task: {F88E01C2-99E3-4AF6-BFAA-7ACC8EF521D4} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\WINDOWS\system32\dmclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {F9015704-44A7-4962-B811-A4C0206CF851} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\WINDOWS\System32\sihclient.exe [2017-07-07] (MicrosoftCorporation)
Task: {F9D90672-740E-4C0D-9F37-54E90CEFF1A8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\WINDOWS\system32\MusNotification.exe [2017-06-20] (MicrosoftCorporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-04-09 09:10 - 2011-03-01 04:22 - 000095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2017-03-19 02:43 - 2017-03-19 02:43 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-19 02:44 - 2017-03-19 08:15 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-22 08:34 - 2017-07-22 08:37 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-22 08:34 - 2017-07-22 08:37 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-22 08:34 - 2017-07-22 08:37 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-22 08:34 - 2017-07-22 08:37 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-07-28 09:55 - 2017-07-28 09:55 - 000080384 ____R () D:\Program Files (x86)\Calibre2\ebook-viewer.exe
2017-08-07 16:07 - 2017-08-07 16:07 - 000566439 _____ () D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2017-08-07 16:07 - 2017-08-07 16:07 - 004078962 _____ () D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2017-06-04 18:02 - 2017-06-04 18:03 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-25 09:56 - 2017-07-26 20:00 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-25 09:56 - 2017-07-26 20:00 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-07-15 16:09 - 2017-07-15 16:16 - 027590144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 020649984 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 002305536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 002856448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-04 18:02 - 2017-06-04 18:03 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-17 10:04 - 2017-06-17 11:55 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-07-16 17:35 - 2016-07-16 17:38 - 000680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 001127936 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-06-03 22:49 - 2017-06-03 23:45 - 001062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-07-28 09:55 - 2017-07-28 09:55 - 000038400 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\calibre-launcher.dll
2016-08-29 13:02 - 2016-08-29 13:02 - 001036288 ____R () D:\Program Files (x86)\Calibre2\app\DLLs_hashlib.pyd
2016-08-29 13:02 - 2016-08-29 13:02 - 000020480 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\win32event.pyd
2016-08-29 13:02 - 2016-08-29 13:02 - 000116224 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pywintypes27.dll
2016-08-29 13:03 - 2016-08-29 13:03 - 000104960 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\win32api.pyd
2017-07-28 09:55 - 2017-07-28 09:55 - 000014336 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\winutil.pyd
2016-08-29 13:00 - 2016-08-29 13:00 - 000095744 ____R () D:\Program Files (x86)\Calibre2\app\DLLs_ctypes.pyd
2017-07-28 09:55 - 2017-07-28 09:55 - 000009728 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\monotonic.pyd
2017-07-28 09:55 - 2017-07-28 09:55 - 000051200 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\speedup.pyd
2016-08-29 13:02 - 2016-08-29 13:02 - 000123392 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\win32file.pyd
2017-07-28 09:55 - 2017-07-28 09:55 - 000028160 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\icu.pyd
2016-08-29 13:00 - 2016-08-29 13:00 - 000046592 ____R () D:\Program Files (x86)\Calibre2\app\DLLs_socket.pyd
2016-08-29 13:02 - 2016-08-29 13:02 - 001441280 ____R () D:\Program Files (x86)\Calibre2\app\DLLs_ssl.pyd
2017-06-10 13:13 - 2017-06-10 13:13 - 003363328 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtWidgets.pyd
2017-06-04 12:59 - 2017-06-04 12:59 - 000074240 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\zlib1.dll
2017-02-16 19:45 - 2017-02-16 19:45 - 000083968 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\sip.pyd
2017-06-10 13:12 - 2017-06-10 13:12 - 001540096 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtCore.pyd
2017-06-10 13:12 - 2017-06-10 13:12 - 001668096 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtGui.pyd
2017-06-10 13:14 - 2017-06-10 13:14 - 000010240 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.Qt.pyd
2017-06-10 13:12 - 2017-06-10 13:12 - 000425984 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtNetwork.pyd
2017-06-10 13:13 - 2017-06-10 13:13 - 000154624 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtSensors.pyd
2017-06-10 13:13 - 2017-06-10 13:13 - 000096768 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtWebKit.pyd
2016-08-29 13:14 - 2016-08-29 13:14 - 001076736 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\libxml2.dll
2016-08-29 13:14 - 2016-08-29 13:14 - 000179712 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\libxslt.dll
2017-06-10 13:12 - 2017-06-10 13:12 - 000172032 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtPrintSupport.pyd
2017-06-10 13:13 - 2017-06-10 13:13 - 000079872 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtSvg.pyd
2017-06-10 13:13 - 2017-06-10 13:13 - 000185344 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtWebKitWidgets.pyd
2017-06-10 13:14 - 2017-06-10 13:14 - 000077312 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtWinExtras.pyd
2016-08-29 13:00 - 2016-08-29 13:00 - 000013824 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\select.pyd
2017-06-03 23:59 - 2017-06-03 23:59 - 001384448 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\lxml.etree.pyd
2016-08-29 13:14 - 2016-08-29 13:14 - 000065536 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\libexslt.dll
2017-07-28 09:55 - 2017-07-28 09:55 - 000061440 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\progress_indicator.pyd
2016-08-29 13:00 - 2016-08-29 13:00 - 000032768 ____R () D:\Program Files (x86)\Calibre2\app\DLLs_multiprocessing.pyd
2016-08-29 13:02 - 2016-08-29 13:02 - 000040960 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\win32process.pyd
2017-07-28 09:55 - 2017-07-28 09:55 - 000061440 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\imageops.pyd
2016-08-29 13:03 - 2016-08-29 13:03 - 000398336 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pythoncom27.dll
2016-08-29 13:05 - 2016-08-29 13:05 - 000387584 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\win32com.shell.shell.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5ED747B8 [274]
AlternateDataStreams: C:\ProgramData\Temp:9857FAE3 [248]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-900945925-988278395-3478122750-1001...\kmpmedia.net → hxxp://player.kmpmedia.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-26 08:15 - 2017-08-07 13:09 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-900945925-988278395-3478122750-1001\Control Panel\Desktop\Wallpaper → C:\Users\USER\Desktop\maxresdefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: FoxitReaderService => 2
MSCONFIG\Services: RosettaStoneDaemon => 2
HKLM...\StartupApproved\StartupFolder: => “Virtual Router Manager.lnk”
HKLM...\StartupApproved\StartupFolder: => “MagicLinker.lnk”
HKLM...\StartupApproved\Run: => “WindowsDefender”
HKLM...\StartupApproved\Run: => “HotKeysCmds”
HKLM...\StartupApproved\Run: => “Persistence”
HKLM...\StartupApproved\Run: => “AdobeAAMUpdater-1.0”
HKLM...\StartupApproved\Run: => “BtServer”
HKLM...\StartupApproved\Run: => “SmartAudio”
HKLM...\StartupApproved\Run: => “StartCN”
HKLM...\StartupApproved\Run32: => “Acrobat Assistant 8.0”
HKLM...\StartupApproved\Run32: => “Adobe Acrobat Speed Launcher”
HKLM...\StartupApproved\Run32: => “Adobe ARM”
HKLM...\StartupApproved\Run32: => “PowerDVD13Agent”
HKLM...\StartupApproved\Run32: => “USB Security”
HKLM...\StartupApproved\Run32: => “DelaypluginInstall”
HKLM...\StartupApproved\Run32: => “iSkysoft Helper Compact.exe”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\StartupFolder: => “OneNote 2010 Screen Clipper and Launcher.lnk”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “Adobe”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “Viber”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “Messenger (Yahoo!)”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “SandboxieControl”
HKU\S-1-5-21-900945925-988278395-3478122750-1001...\StartupApproved\Run: => “BlueStacks Agent”

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{4BD32AB6-F32F-4C2D-80E5-849A3530ED4C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{00003329-0888-4DD1-BFB7-7C8CF8634328}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check “winmgmt” service or repair WMI.

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (08/08/2017 09:23:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/08/2017 09:23:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/08/2017 09:23:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/08/2017 09:23:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/08/2017 09:21:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/08/2017 09:21:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/07/2017 05:38:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/07/2017 05:38:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/07/2017 05:38:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/07/2017 05:38:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “D:\Program Files (x86)\Audacity\audacity.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
[HEADING=1]System errors:[/HEADING]
Error: (08/08/2017 09:16:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/07/2017 02:22:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/07/2017 02:00:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (08/07/2017 01:57:47 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1f000000047757. The name of the file is “\Windows\System32\linkinfo.dll”.

Error: (08/07/2017 01:57:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error:
An attempt was made to reference a token that does not exist.

Error: (08/07/2017 01:57:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MSMQ service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/07/2017 01:57:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MSMQ service to connect.

Error: (08/07/2017 01:57:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error:
A device attached to the system is not functioning.

Error: (08/07/2017 01:57:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
The specified module could not be found.

Error: (08/07/2017 01:57:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the WAS service which failed to start because of the following error:
The specified module could not be found.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2017-08-07 16:23:14.732
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-07 16:23:14.035
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-04 16:57:44.383
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-04 16:57:43.803
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 3992.36 MB
Available physical RAM: 1979.94 MB
Total Virtual: 4760.36 MB
Available Virtual: 2286.51 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:116.37 GB) (Free:54.59 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:348.57 GB) (Free:0.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 13FCABC6)
Partition 1: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=836 MB) - (Type=27)
Partition 3: (Not Active) - (Size=348.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================
                    Thank You [/HEADING]

                      Comment

                      • Malnutrition
                        PCHF Moderator
                        • Jul 2016
                        • 7045
                        #21
                        Rogue Killer Scan.

                        Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

                        Link 1
                        Link 2

                        [ul]
                        [li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/...5-54-png.1658/ [/li]
                        [li]After All items are checked then press Remove Selected.[/li]
                        [li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
                        [li]Copy the content of the report and paste it here in your next reply.[/li][/ul]

                        JRT Scan.

                        Please download Junkware Removal Tool and save it on your desktop.

                        [ul]
                        [li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]

                        Adware Cleaner Scan.

                        Please download AdwCleaner by Xplode onto your desktop.

                        [ul]
                        [li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

                        ZHP Diag Scan

                        Download ZHP Diag to your desktop.
                        1. Right Click Run as Admin.
                        2. Click the Options button.

                        Click on Check All
                        Then Click Validate
                        Then click close.

                        Forums - PC Help Forum
                        https://pchelpforum.net/attachments/upload_2017-4-26_17-16-39-png.2074/
                        PCHF Forums



                        2. Click the Scanner button.

                        Forums - PC Help Forum
                        https://pchelpforum.net/attachments/upload_2017-2-23_3-32-26-png.1647/
                        PCHF Forums


                        When complete please push the report button.
                        A notepad will open… copy and paste the report in your next reply.

                          Comment

                          • maxim123
                            PCHF Member
                            • Aug 2017
                            • 466
                            #22
                            rogue killer log:

                            Code:
                            RogueKiller V12.11.9.0 (x64) [Aug 3 2017] (Free) by Adlice Software
mail : Support Form | Contact • Adlice Software
Feedback : https://forum.adlice.com
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Max [Administrator]
Started from : C:\Users\USER\Desktop\RogueKiller_portable64.exe
Mode : Delete – Date : 08/08/2017 16:18:22 (Duration : 01:00:01)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Simplitec → Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-900945925-988278395-3478122750-1001\Software\OCS → Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-900945925-988278395-3478122750-1001\Software\OCS → Deleted
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-900945925-988278395-3478122750-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve → Replaced (Internet Explorer 6 Search Companion is no longer supported.)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-900945925-988278395-3478122750-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve → Replaced (Internet Explorer 6 Search Companion is no longer supported.)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 9 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\SecTaskMan → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_AdaptiveSleepService4B841E02.file → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_cmw_srv32FCDCA0 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_cmw_srv32FCDCA0.memory → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_CxAudMsg6416D826DB.file → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_CyberGhostvice.exe31B21831.file → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_hydra2AD91A7F.memory → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_jhi_service771495DA.memory → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_SwitchBoard4CDCE3EF.file → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_USBGuard38719CF2.file → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_uTorrent3A4E74DE → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_uTorrent3A4E74DE.memory → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_000041091A0000000000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_000041091A0000000000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_000041091A0090400000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_000041091A0090400000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109511090400000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109511090400000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109610000000000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109610000000000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109610090400000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109610090400000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109611090400100000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109611090400100000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109A20000000100000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109A20000000100000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109A20090400100000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109A20090400100000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109B10000000000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109B10000000000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109B10090400000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109B10090400000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109C20090400000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109C20090400000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109E60090400000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109E60090400000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109F10090400000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109F10090400000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109F100A0C00000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109F100A0C00000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109F100C0400000000000F01FEC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00004109F100C0400000000000F01FEC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0001A13E9A9C4C0B426EEA7611F572C7 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0001A13E9A9C4C0B426EEA7611F572C7.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_008FFDCA5106CEEBA872B7A108192537 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_008FFDCA5106CEEBA872B7A108192537.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0AA7CFB2C445A3E47869763FEB56B59E → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0AA7CFB2C445A3E47869763FEB56B59E.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0AB19942EE0FDA44C98CE55CA0CE6F7B → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0AB19942EE0FDA44C98CE55CA0CE6F7B.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0B47DCE45212CFD422DAEF7A386E1D91 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0B47DCE45212CFD422DAEF7A386E1D91.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0F41CAD81467FD729E26997B9B45E7F0 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0F41CAD81467FD729E26997B9B45E7F0.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1007C6B46D7C017319E3B52CF3EC196E → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1007C6B46D7C017319E3B52CF3EC196E.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_121E2D80A6F7BE3479DF26B944094330 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_121E2D80A6F7BE3479DF26B944094330.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_12342rg → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_12346db → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_12350vi4 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1303E36A22506C811FF8E78E903713F5 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1303E36A22506C811FF8E78E903713F5.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1926E8D15D0BCE53481466615F760A7F → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1926E8D15D0BCE53481466615F760A7F.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1af2a8da7e60d0b429d7e6453b3d0182 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1af2a8da7e60d0b429d7e6453b3d0182.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1AF8D3E72906A96459B586CFA4C276AC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1AF8D3E72906A96459B586CFA4C276AC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1D5E3C0FEDA1E123187686FED06E995A → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1D5E3C0FEDA1E123187686FED06E995A.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1F764691F11C67F458B88521DA8CB349 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1F764691F11C67F458B88521DA8CB349.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_21EE4A31AE32173319EEFE3BD6FDFFE3 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_21EE4A31AE32173319EEFE3BD6FDFFE3.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_22BEFC8F7E2A1793E9ADB411DEFE1C58 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_22BEFC8F7E2A1793E9ADB411DEFE1C58.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_24C995FA5E2A15247BEE94522B869B7B → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_24C995FA5E2A15247BEE94522B869B7B.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_24C995FA5E2A15247BEE94522B869EEB → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_24C995FA5E2A15247BEE94522B869EEB.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_254AB8D5462131D74ECE2863CEB538EF → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_254AB8D5462131D74ECE2863CEB538EF.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_296D7E10587DF347A5550F10262DA6C1 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_296D7E10587DF347A5550F10262DA6C1.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_2B7A37F2E05E6A93A9CBFE984E6CE263 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_2B7A37F2E05E6A93A9CBFE984E6CE263.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_2DB859CBCAD52683BBA11CEB700934D8 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_2DB859CBCAD52683BBA11CEB700934D8.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_2DE806C4B53591126316E9F6D7BD06F0 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_2DE806C4B53591126316E9F6D7BD06F0.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_2DF774AAB7432371D5C8FA53FAB17930 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_2DF774AAB7432371D5C8FA53FAB17930.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_30847AC12BC530C4DBEB60E1CD18CCF7 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_30847AC12BC530C4DBEB60E1CD18CCF7.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_31036807400771152751500050713758 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_31036807400771152751500050713758.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_326483007394D7D4DB9D3215D3C105BA → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_326483007394D7D4DB9D3215D3C105BA.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_3595CFBB9BC22395D174254EAA9937B7 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_3595CFBB9BC22395D174254EAA9937B7.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_37074588665C59840950BE9EE83A7F7C → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_37074588665C59840950BE9EE83A7F7C.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_387D1E04FDD3002122E8573109A51532 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_387D1E04FDD3002122E8573109A51532.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_39103BDF0ADFAAD3CAAC7AE5FE5E6370 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_39103BDF0ADFAAD3CAAC7AE5FE5E6370.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_392827CF2645CC3DA5E77C9210ACEA1B → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_392827CF2645CC3DA5E77C9210ACEA1B.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_3E11D6804AC9FEBDB284A5E2FF5D1354 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_3E11D6804AC9FEBDB284A5E2FF5D1354.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_3e43b73803c7c394f8a6b2f0402e19c2 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_3e43b73803c7c394f8a6b2f0402e19c2.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4079A0F0303F187F3F2FA67F46531B39 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4079A0F0303F187F3F2FA67F46531B39.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4426EAF8040EBE3500FEA8488EE5AE67 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4426EAF8040EBE3500FEA8488EE5AE67.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4A93B2C607E517A567F8069ADACF6A9F → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4A93B2C607E517A567F8069ADACF6A9F.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4DFB82C37C09831378FE14D81CE65989 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4DFB82C37C09831378FE14D81CE65989.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF2381208540F → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF2381208540F.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4F8DD925BE7B982ECEE8FEAF81B6CCE1 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_4F8DD925BE7B982ECEE8FEAF81B6CCE1.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_51E9E3D0A7EDB003691F4BFA219B4688 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_51E9E3D0A7EDB003691F4BFA219B4688.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_5372DAECD74FC9E4882B1DBDCA7FFBFF → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_5372DAECD74FC9E4882B1DBDCA7FFBFF.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_55E3652ACEB38283D8765E8E9B8E6B57 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_55E3652ACEB38283D8765E8E9B8E6B57.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_5CF1B82A749393D9F75E3ABC811E3685 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_5CF1B82A749393D9F75E3ABC811E3685.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_609AB94FAD38A5F3B542308CEDA29363 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_609AB94FAD38A5F3B542308CEDA29363.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_61A79338FD41374A83995903AEFD5221 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_61A79338FD41374A83995903AEFD5221.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_62DBF9290209B993A9A757D1160F9B24 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_62DBF9290209B993A9A757D1160F9B24.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_67D6ECF5CD5FBA732B8B22BAC8DE1B4D → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_67D6ECF5CD5FBA732B8B22BAC8DE1B4D.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6993899A5E1FB47D479DEB8AB8A7BF7B → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6993899A5E1FB47D479DEB8AB8A7BF7B.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6A00348D1F2717753B1BF87C1148BA83 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6A00348D1F2717753B1BF87C1148BA83.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6A4E5613ED5D0B6458795DE5B228B648 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6A4E5613ED5D0B6458795DE5B228B648.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6BAE1C0D1F2919EE402C9574EE515039 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6BAE1C0D1F2919EE402C9574EE515039.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6E8D947A316B3EB3F8F540C548BE2AB9 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6E8D947A316B3EB3F8F540C548BE2AB9.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6F12F344E3E8E7524EF3F77BFB72261C → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6F12F344E3E8E7524EF3F77BFB72261C.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_71460E5BCA4A52243BE6E7439C61617E → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_71460E5BCA4A52243BE6E7439C61617E.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_730867CA97078564CA42827956E0A0EB → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_730867CA97078564CA42827956E0A0EB.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_73AC5E2C268C96A4CAD6424F052AC061 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_73AC5E2C268C96A4CAD6424F052AC061.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_76B0D5EBA1D098AF9455317D6574F851 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_76B0D5EBA1D098AF9455317D6574F851.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_77231D65F9AF248286D2DD2789795358 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_77231D65F9AF248286D2DD2789795358.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_77EAAEFBF7DB43542B68C9C54B96E71B → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_77EAAEFBF7DB43542B68C9C54B96E71B.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_7B67BF31A06942E93DB2D48729ADE164 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_7B67BF31A06942E93DB2D48729ADE164.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_7B81B2B417473A244E240E5442E5A584 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_7B81B2B417473A244E240E5442E5A584.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_7C2DF039620DD791494EBC9571EC4702 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_7C2DF039620DD791494EBC9571EC4702.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_804B31A4240A31609BE55507CF13D4AF → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_804B31A4240A31609BE55507CF13D4AF.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_8085EAAFAFD005641F623ECD8E5CA2CE → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_8085EAAFAFD005641F623ECD8E5CA2CE.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_84A1F513388D432BC79751785347CA1C → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_84A1F513388D432BC79751785347CA1C.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_8877C0D8915D56B7636F0D2D21691F37 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_8877C0D8915D56B7636F0D2D21691F37.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_908C5009A79454DFBC69673A33E8539B → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_908C5009A79454DFBC69673A33E8539B.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_91785D291CBB3CC40AB8659C8E48CCC2 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_91785D291CBB3CC40AB8659C8E48CCC2.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_96C80F6315435E069F89D90B92C9AF28 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_96C80F6315435E069F89D90B92C9AF28.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_970B582FA9A724174BE31CD748AA6B78 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_970B582FA9A724174BE31CD748AA6B78.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_98255F75624265EE9253343B089B20EB → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_98255F75624265EE9253343B089B20EB.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_9eab5ec6ac3d99b498a1d16c1c815acf → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_9eab5ec6ac3d99b498a1d16c1c815acf.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_9EFF84BA812547C2A976CF5422FE6F5F → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_9EFF84BA812547C2A976CF5422FE6F5F.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_A089CE062ADB6BC44A720BA745894BAC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_A089CE062ADB6BC44A720BA745894BAC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_A16AAE7520DC43FD809352945FA733C4 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_A16AAE7520DC43FD809352945FA733C4.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_A5AD5B36B774D8346A0A1178784A7CB1 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_A5AD5B36B774D8346A0A1178784A7CB1.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_A70BEE519BF3C4AFE8FF967782BCE1C5 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_A70BEE519BF3C4AFE8FF967782BCE1C5.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_AAC664A5170FFE9D7A99FE3655D2EB07 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_AAC664A5170FFE9D7A99FE3655D2EB07.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_ABD864F9EA8C9D53643FBC09F33A6D80 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_ABD864F9EA8C9D53643FBC09F33A6D80.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_B5A81845CEE0B3B515471D47AB5DCA4D → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_B5A81845CEE0B3B515471D47AB5DCA4D.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_B8CF35CA81EEC9F3B9950639D7B081C2 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_B8CF35CA81EEC9F3B9950639D7B081C2.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_BCA1BC2A2A49AB231AE5D70813F95798 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_BCA1BC2A2A49AB231AE5D70813F95798.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_BD3A0501343A6108089D4377D59CC7C3 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_BD3A0501343A6108089D4377D59CC7C3.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_BDD4CD7DD0E397F62485A46461456B98 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_BDD4CD7DD0E397F62485A46461456B98.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_C1C069EBDAB76ED3B8A16261EF358254 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_C1C069EBDAB76ED3B8A16261EF358254.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_c1c4f01781cc94c4c8fb1542c0981a2a → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_c1c4f01781cc94c4c8fb1542c0981a2a.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_C700036D047AFEFD2509C0BEAE94E5C0 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_C700036D047AFEFD2509C0BEAE94E5C0.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_C7E8F3786E01F944DBE7F5ABC7E8C1B9 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_C7E8F3786E01F944DBE7F5ABC7E8C1B9.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_CFD2C1F142D260E3CB8B271543DA9F98 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_CFD2C1F142D260E3CB8B271543DA9F98.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_D20352A90C039D93DBF6126ECE614057 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_D20352A90C039D93DBF6126ECE614057.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_D2B2239FF44095189D0AC79E4F230906 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_D2B2239FF44095189D0AC79E4F230906.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_D2E6A39FF04EFD2B63510C209F107178 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_D2E6A39FF04EFD2B63510C209F107178.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_E8E2425A91A0CE509E96BEB5D26F3C4A → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_E8E2425A91A0CE509E96BEB5D26F3C4A.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_EA4E63A47BBC7D4396DAB18E0CB25839 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_EA4E63A47BBC7D4396DAB18E0CB25839.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_ECE71497D9AD3B941B9C38AAE3EAA60E → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_ECE71497D9AD3B941B9C38AAE3EAA60E.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_EDDFC45970FA9FA2690007E697D824AB → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_EDDFC45970FA9FA2690007E697D824AB.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_EFEE0228DC83E77358593193D847A0EC → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_EFEE0228DC83E77358593193D847A0EC.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F02864575993F2261FB861FB01F71921 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F02864575993F2261FB861FB01F71921.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F0679767ED2736F8275A87DD9589575C → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F0679767ED2736F8275A87DD9589575C.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F0D6692ABB34D6119C7C9416F2FB0DEA → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F0D6692ABB34D6119C7C9416F2FB0DEA.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F2ADA5F02B0C6DA4F87FD7AFD9B6C4AB → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F2ADA5F02B0C6DA4F87FD7AFD9B6C4AB.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F60730A4A66673047777F5728467D401 → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F60730A4A66673047777F5728467D401.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F90E4FA5B9C5FAA37B1345D4D38C12DD → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_F90E4FA5B9C5FAA37B1345D4D38C12DD.dll → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\ItemsState.ini → Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\WSBROW~1.DLL.q_Quarantine_FC80_q.ini → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\cache\StartUp → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\cache → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\checkdetails\BrowserCleanerModule.result → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\checkdetails → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\driverupdate\driverupdate.log → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\driverupdate → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\ExceptionHandlerDll\Exception.exlog → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\ExceptionHandlerDll\Trace.log → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\ExceptionHandlerDll → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\gahelper.xml → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\newsfeed\data.xml → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\newsfeed → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\RegCleanerDll\Backups → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\RegCleanerDll\BlackList.cfg → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\RegCleanerDll\Log\2016-07-15 17-04-46 RegCleanerDll.log → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\RegCleanerDll\Log → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\RegCleanerDll\RegCleanerDll.cfg → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\RegCleanerDll → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\remote_devices.db → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\Rn5b3260.dat → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\Rn5c3260.dat → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\Rn5f3260.dat → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\Rn5s3260.dat → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\scheduler_ignore.dat → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\services\services.xml → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\services → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\Setup Log 2016-03-27 #002.log → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\simplitec_Power_Suite.ini → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\softwareproducts → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\03d09322094210491b780c5b420e5e0f.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\04ae9dd25be5d353d2eda9bc33119964.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\0985a20e6d19305d2bc17f8e4e7babfe.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\0d6da56b05a7e5cb6a155b6acd80aaa0.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\12ce7fb45c16798f338602fef1c4466f.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\13a775b7d0b48c4d6df5604cb8a04d68.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\1a776a77155aed50f0a782dcac8750d1.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\2e125e8daee00d323bcda6106a3221a9.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\42ac26a0c73fa832da33883f7cdfe0c1.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\51b933fbf4bdc6441c10f4adef24ec7e.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\56280b07e7992bc450b69631cc30a087.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\5ae56c073b93d1ddc9ec7cfc2b0f7a68.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\5f9210aa02e9a09760dc3617b3bff3b3.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\7229983d0f41f104dbb408bb28f89050.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\a41e71864e4b2e47efae6e6d27f4b959.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\b255368d4b0ae9842909dc00617b6df3.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\bb8d3d5c7f2e9f6f34e16f5f1265e824.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\e53765858d39e3a737f7a85d2a13d994.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\e858d147660ddb9dc60897935936ffd6.png → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\startup.log → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\startup\startup.xml → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster\startup → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\usertips_DE.xml → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\usertips_EN.xml → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\usertips_ES.xml → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\usertips_FR.xml → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\usertips_IT.xml → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\usertips_KO.xml → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\usertips_NL.xml → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\usertips_PL.xml → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\usertips_PT.xml → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\usertips_RU.xml → Deleted
[PUP.Gen1][File] C:\ProgramData\simplitec\KMPFaster\winsettings.dat → Deleted
[PUP.Gen1][Folder] C:\ProgramData\simplitec\KMPFaster → Deleted
[PUP.HackTool][Folder] C:\Windows\AutoKMS → Deleted
[PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.ini → Deleted
[PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.log → Deleted
[PUP.HackTool][File] C:\Windows\AutoKMS\Uninstall-Autokms-Tasks.cmd → Deleted
[PUP.DownloadAssistant][Folder] C:\Users\USER\AppData\Roaming\DVDVideoSoft → Deleted
[PUP.DownloadAssistant][File] C:\Users\USER\AppData\Roaming\DVDVideoSoft\common.cfg → Deleted
[PUP.DownloadAssistant][File] C:\Users\USER\AppData\Roaming\DVDVideoSoft\FreeYTVDownloader.cfg → Deleted
[PUP.DownloadAssistant][File] C:\Users\USER\AppData\Roaming\DVDVideoSoft\freeytvdownloader_userlist.txt → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\4ceyoqwo.qfr → Deleted
[PUP.Gen1][File] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\Drivers.data → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\emwiv0zy.gq4 → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\fsljrdvr.yyt → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\hjsepx5w.drk → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\mlklmjnm.imk → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\o2dqmah5.5gh → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\s4njha42.nog → Deleted
[PUP.Gen1][File] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\sgfdshea.thw\acpivpc.cat → Deleted
[PUP.Gen1][File] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\sgfdshea.thw\acpivpc.inf → Deleted
[PUP.Gen1][File] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\sgfdshea.thw\acpivpc.sys → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\sgfdshea.thw → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\stzg4yoe.roi → Deleted
[PUP.Gen1][File] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\z33uuxte.bqs\intcdaud.cat → Deleted
[PUP.Gen1][File] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\z33uuxte.bqs\intcdaud.inf → Deleted
[PUP.Gen1][File] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\z33uuxte.bqs\intcdaud.sys → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\z33uuxte.bqs → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\zszafuz1.25w → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers\ztwxlgbk.cca → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\drivers → Deleted
[PUP.Gen1][File] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy\settings.dat → Deleted
[PUP.Gen1][Folder] C:\Users\USER\AppData\Roaming\Easeware\DriverEasy → Deleted
[PUP.Gen1][Folder] C:\ProgramData\SecTaskMan → ERROR [3]
[PUP.Gen1][Folder] C:\ProgramData\simplitec → ERROR [3]
[PUP.HackTool][Folder] C:\Program Files\KMSpico → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\simplitec → Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchEngine][Firefox:Config] z94n8t79.default : user_pref(“browser.search.defaultenginename”, “Coolrom Search Engine”); → Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 +++++
— User —
[MBR] 5d43a0b57305f7e812c5c5626882d2d7
[BSP] a7f419dda298f4e53c24e5d515cc1d5d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 119163 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 244049920 | Size: 836 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 245764033 | Size: 356935 MB
User = LL1 … OK
User = LL2 … OK

                              Comment

                              • maxim123
                                PCHF Member
                                • Aug 2017
                                • 466
                                #23
                                JRT scan

                                Code:
                                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by Max (Administrator) on Tue 08/08/2017 at 17:24:45.73
[CODE]



File System: 2

Successfully deleted: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\searchplugins\youtube-video-search.xml (File)
Successfully deleted: C:\WINDOWS\wininit.ini (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
                                Scan was completed on Tue 08/08/2017 at 17:29:18.24
                                End of JRT log
                                [ICODE][/CODE][/ICODE]

                                  Comment

                                  • maxim123
                                    PCHF Member
                                    • Aug 2017
                                    • 466
                                    #24
                                    adware cleaner log:

                                    Code:
                                    # AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 08 12:18:01 2017
[HEADING=1]Updated on 2017/05/08 by Malwarebytes[/HEADING]
[HEADING=1]Running on Windows 10 Pro (X64)[/HEADING]
[HEADING=1]Mode: clean[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.
[HR][/HR]
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
[HR][/HR]
C:/AdwCleaner/AdwCleaner[C0].txt - [5637 B] - [2017/2/18 15:57:30]
C:/AdwCleaner/AdwCleaner[C1].txt - [1924 B] - [2017/8/3 12:16:42]
C:/AdwCleaner/AdwCleaner[S0].txt - [5054 B] - [2017/2/18 10:49:52]
C:/AdwCleaner/AdwCleaner[S1].txt - [5126 B] - [2017/2/18 15:39:49]
C:/AdwCleaner/AdwCleaner[S2].txt - [1866 B] - [2017/8/3 11:58:50]
C:/AdwCleaner/AdwCleaner[S3].txt - [1282 B] - [2017/8/8 12:16:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########

                                      Comment

                                      • maxim123
                                        PCHF Member
                                        • Aug 2017
                                        • 466
                                        #25
                                        zhp diag scan log:
                                        [the link you gave didn’t open, so I downloaded from majorgeeks]

                                        ~ ZHPDiag v2017.8.4.134 By Nicolas Coolman (2017/08/04)
                                        ~ Run by Max (Administrator) (2017/08/08 18:22:20)
                                        ~ Web: https://www.nicolascoolman.com
                                        ~ Blog: https://nicolascoolman.eu/
                                        ~ Facebook: ZHP
                                        ~ Certificate ZHPDiag: Legal
                                        ~ State version: Version OK
                                        ~ Mode: Scan
                                        ~ Report: C:\Users\USER\Desktop\ZHPDiag.txt
                                        ~ Report: C:\Users\USER\AppData\Roaming\ZHP\ZHPDiag.txt
                                        ~ UAC: Activate
                                        ~ System startup: Normal (Normal boot)
                                        Windows 10 Pro, 64-bit (Build 15063) =>.Microsoft Corporation

                                        —\ Internet Browsers (4) - 0s
                                        ~ GCIE: Google Chrome v60.0.3112.90
                                        ~ MFIE: Mozilla Firefox 39.0 (x86 en-US)
                                        ~ MSIE: Microsoft Edge v40
                                        ~ MSIE: Internet Explorer v11.483.15063.0

                                        —\ Windows Product Information (3) - 3s
                                        ~ Windows Server License Manager Script : OK
                                        ~ Licence Script File Génération : OK
                                        Windows Automatic Updates : OK

                                        —\ System protection software (1) - 2s
                                        Windows Defender (Activate) (Protection)

                                        —\ System optimization software (1) - 3s
                                        ~ Tweaking.com - Windows Repair v4.0.1 (Optimize)

                                        —\ Surveillance software (1) - 3s
                                        ~ Adobe Flash Player 26 PPAPI (Surveillance)

                                        —\ Information on the system (6) - 0s
                                        ~ Operating System: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel
                                        ~ Operating System: 64-bit
                                        ~ Boot mode: Normal (Normal boot)
                                        Total RAM: 4088.172 MB (42% free) : OK =>.RAM Value
                                        System Restore: Activé (Enable)
                                        System drive C: has 55 GB (46%) free of 119 GB : OK =>.Disk Space

                                        —\ Connection to the system mode (3) - 0s
                                        ~ Computer Name: ADMIN
                                        ~ User Name: Max
                                        ~ Logged in as Administrator

                                        —\ Enumeration of the disk units (2) - 0s
                                        ~ Drive C: has 55 GB free of 119 GB (System)
                                        ~ Drive D: has 3 GB free of 356 GB

                                        —\ State of the Windows Security Center (7) - 0s
                                        [HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
                                        [HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\policies\system] EnableLUA: OK
                                        [HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
                                        [HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
                                        [HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\Associations] Application: OK
                                        [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
                                        [HKLM64\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

                                        —\ Search Generic System Files (24) - 3s
                                        [MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - 20/06/2017 - (.Microsoft Corporation - Windows Explorer.) – C:\WINDOWS\Explorer.exe [4847424] =>.Microsoft Windows®
                                        [MD5.ECB702B8C5650381C0784F1EEABB97BC] - 19/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\WINDOWS\System32\rundll32.exe [68608] =>.Microsoft Corporation
                                        [MD5.B2DB5876B6F68D32E470F691C7088F3F] - 07/07/2017 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\WINDOWS\System32\Wininit.exe [318232] =>.Microsoft Windows Publisher®
                                        [MD5.BC776B6B434641AF71ED0CC00BC859AA] - 07/07/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\WINDOWS\System32\wininet.dll [3307008] =>.Microsoft Corporation
                                        [MD5.31E3287EF6D97C5864A301CEA75BBBA1] - 07/07/2017 - (.Microsoft Corporation - Windows Logon Application.) – C:\WINDOWS\System32\Winlogon.exe [706560] =>.Microsoft Corporation
                                        [MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 19/03/2017 - (.Microsoft Corporation - Software Licensing Library.) – C:\WINDOWS\System32\sppcomapi.dll [414208] =>.Microsoft Corporation
                                        [MD5.0F9FA6A2D4EAE50393DCE473759A9845] - 19/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\System32\dnsapi.dll [661224] =>.Microsoft Windows®
                                        [MD5.3F969D5ADEAB3284ABD500B37D74A8F8] - 19/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\Syswow64\dnsapi.dll [508344] =>.Microsoft Windows®
                                        [MD5.AC1928C2F7505BD556C552F153B062AB] - 19/03/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\WINDOWS\System32\drivers\AFD.sys [610712] =>.Microsoft Windows®
                                        [MD5.01733BEEE02E51F712330D5909BD701C] - 19/03/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\WINDOWS\System32\drivers\atapi.sys [29088] =>.Microsoft Windows®
                                        [MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 19/03/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\WINDOWS\System32\drivers\Cdfs.sys [93184] =>.Microsoft Corporation
                                        [MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 19/03/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\WINDOWS\System32\drivers\Cdrom.sys [160256] =>.Microsoft Corporation
                                        [MD5.185A4519B7764F4DEF714D890A7A9FD2] - 19/03/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\WINDOWS\System32\drivers\DfsC.sys [150528] =>.Microsoft Corporation
                                        [MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - 20/06/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\WINDOWS\System32\drivers\HDAudBus.sys [86528] =>.Microsoft Corporation
                                        [MD5.C6C8315E3262FAE460529C6DA2951682] - 19/03/2017 - (.Microsoft Corporation - i8042 Port Driver.) – C:\WINDOWS\System32\drivers\i8042prt.sys [115200] =>.Microsoft Corporation
                                        [MD5.DCC05E5EAA580C97F13B434FAFACED85] - 19/03/2017 - (.Microsoft Corporation - IP Network Address Translator.) – C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
                                        [MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 19/03/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\WINDOWS\System32\drivers\MRxSmb.sys [467352] =>.Microsoft Windows®
                                        [MD5.30C2F67EC84EB11B22011620107E0325] - 19/03/2017 - (.Microsoft Corporation - MBT Transport driver.) – C:\WINDOWS\System32\drivers\netBT.sys [305152] =>.Microsoft Corporation
                                        [MD5.8D72D5038C5F91AFEF1B160FE524C2D9] - 20/06/2017 - (.Microsoft Corporation - NT File System Driver.) – C:\WINDOWS\System32\drivers\ntfs.sys [2327456] =>.Microsoft Windows®
                                        [MD5.2CC6C325B271C7CA60F374F8F868CB45] - 19/03/2017 - (.Microsoft Corporation - Parallel Port Driver.) – C:\WINDOWS\System32\drivers\Parport.sys [97792] =>.Microsoft Corporation
                                        [MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 19/03/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008] =>.Microsoft Corporation
                                        [MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 19/03/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\WINDOWS\System32\drivers\rdpdr.sys [183296] =>.Microsoft Corporation
                                        [MD5.892AB2637603A5E9507C39E61101C3C3] - 03/06/2017 - (.Microsoft Corporation - TDI Translation Driver.) – C:\WINDOWS\System32\drivers\tdx.sys [119712] =>.Microsoft Windows®
                                        [MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 19/03/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) – C:\WINDOWS\System32\drivers\volsnap.sys [397216] =>.Microsoft Windows®

                                        —\ Non Microsoft non disabled Windows Services (12) - 3s
                                        O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\WINDOWS\system32\atiesrxx.exe =>.AMD
                                        O23 - Service: C:\WINDOWS\system32\CxAudMsg64.exe,-100 (CxAudMsg) . (.Conexant Systems Inc. - Conexant Audio Message Service.) - C:\WINDOWS\system32\CxAudMsg64.exe =>.Conexant Systems Inc.
                                        O23 - Service: Elan Service (ETDService) . (.ELAN Microelectronics Corp. - Elan Service.) - C:\Program Files\Elantech\ETDService.exe =>.ELAN Microelectronics Corporation®
                                        O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                                        O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\WINDOWS\system32\igfxCUIService.exe =>.Intel Corporation
                                        O23 - Service: System Interface Foundation Service (ImControllerService) . (.Lenovo Group Limited - Lenovo.Modern.ImController.) - C:\Program Files\lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe =>.Lenovo®
                                        O23 - Service: Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe =>.Intel(R) Corporation
                                        O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Intel® Management Engine Firmware®
                                        O23 - Service: Conexant SmartAudio service (SAService) . (…) - C:\Windows\System32\SASrv.exe (.not file.)
                                        O23 - Service: Sandboxie Service (SbieSvc) . (.Sandboxie Holdings, LLC - Sandboxie Service.) - d:\Program Files\Sandboxie\SbieSvc.exe =>.Invincea, Inc.®
                                        O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
                                        O23 - Service: Power Control [2014/08/18 01:23:32] ({C5F942FD-1110-4664-86CE-0C6BDA305235}) . (.CyberLink Corp. - .) - C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fc l =>.CyberLink Corp.®

                                        —\ Services not Microsoft (SR=Run, SS=Stop) (20) - 35s
                                        SS - Demand [11/07/2017] [ 272384] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe =>.Adobe Systems Incorporated®
                                        SR - Auto [04/05/2017] [ 551832] (AMD External Events Utility) . (.AMD.) - C:\WINDOWS\system32\atiesrxx.exe =>.Advanced Micro Devices, Inc.®
                                        SS - Demand [12/06/2017] [ 301496] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWOW64\IntelCpHeciSvc.exe =>.Intel(R) pGFX®
                                        SR - Auto [25/07/2013] [ 206552] C:\WINDOWS\system32\CxAudMsg64.exe,-100 (CxAudMsg) . (.Conexant Systems Inc..) - C:\WINDOWS\system32\CxAudMsg64.exe =>.Conexant Systems, Inc.®
                                        SR - Auto [24/08/2015] [ 135072] Elan Service (ETDService) . (.ELAN Microelectronics Corp..) - C:\Program Files\Elantech\ETDService.exe =>.ELAN Microelectronics Corporation®
                                        SS - Demand [27/02/2016] [ 1045256] FLEXnet Licensing Service (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe =>.Acresso Software Inc.®
                                        SS - Auto [03/10/2015] [ 144200] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                                        SS - Demand [03/10/2015] [ 144200] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                                        SR - Auto [12/06/2017] [ 373688] Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) . (.Intel Corporation.) - C:\WINDOWS\system32\igfxCUIService.exe =>.Intel(R) pGFX®
                                        SR - Auto [05/06/2017] [ 57160] System Interface Foundation Service (ImControllerService) . (.Lenovo Group Limited.) - C:\Program Files\lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe =>.Lenovo®
                                        SR - Auto [27/08/2013] [ 747520] Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe =>.Intel(R) Corporation
                                        SS - Demand [27/08/2013] [ 828376] Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe =>.Intel® Trusted Connect Service®
                                        SR - Auto [17/09/2013] [ 169432] Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Intel® Management Engine Firmware®
                                        SS - Demand [17/09/2013] [ 169432] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
                                        SS - Demand [17/09/2013] [ 169432] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
                                        SS - Disabl [17/09/2013] [ 169432] RosettaStoneDaemon (RosettaStoneDaemon) . (.Rosetta Stone Ltd..) - C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.e xe =>.Rosetta Stone Ltd®
                                        SR - Auto [17/09/2013] [ 169432] Sandboxie Service (SbieSvc) . (.Sandboxie Holdings, LLC.) - d:\Program Files\Sandboxie\SbieSvc.exe =>.Invincea, Inc.®
                                        SS - Auto [17/09/2013] [ 169432] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
                                        SS - Demand [17/09/2013] [ 169432] SwitchBoard (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe =>.Adobe Systems Incorporated
                                        SS - Auto [17/09/2013] [ 169432] Power Control [2014/08/18 01:23:32] ({C5F942FD-1110-4664-86CE-0C6BDA305235}) . (.CyberLink Corp..) - C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fc l =>.CyberLink Corp.®

                                        —\ Task Planned Automatically (19) - 17s
                                        [MD5.68DDCB629A7F2C5A3D2392F8177A3CD0] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) – C:\Program Files\CCleaner\CCleaner.exe [7658200] (.Activate.) =>.Piriform Ltd®
                                        [MD5.053EEEE1ABAE53F044F1E386E22AE525] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
                                        [MD5.053EEEE1ABAE53F044F1E386E22AE525] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
                                        [MD5.8E65EBE8511CD0757BBB17C7670F6563] [APT] [Tweaking.com - Windows Repair Tray Icon] (.Tweaking.com.) – C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [218336] (.Activate.) =>.Tweaking LLC®
                                        [MD5.8FE11A6B735F7C904E1DC0EF7EA79B78] [APT] [{1E6113B1-6320-42D6-98F3-9B2BBA5E0C28}] (.Mozilla Corporation.) – d:\program files (x86)\mozilla firefox\firefox.exe [392136] (.Activate.) =>.Mozilla Corporation®
                                        [MD5.8A268094274301F2673D0D656BF763E5] [APT] [Lenovo\ImController\TimeBasedEvents\06484341-7f04-42cc-ab7a-e55cbeb6bc9f] (.Lenovo Group Limited.) – C:\Program Files\lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe [57160] (.Activate.) =>.Lenovo®
                                        [MD5.8A268094274301F2673D0D656BF763E5] [APT] [Lenovo\ImController\TimeBasedEvents\08483c54-0d53-407b-96a4-579aa11dfc78] (.Lenovo Group Limited.) – C:\Program Files\lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe [57160] (.Activate.) =>.Lenovo®
                                        [MD5.8A268094274301F2673D0D656BF763E5] [APT] [Lenovo\ImController\TimeBasedEvents\110323a4-c849-4dae-9628-a720238a215e] (.Lenovo Group Limited.) – C:\Program Files\lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe [57160] (.Activate.) =>.Lenovo®
                                        [MD5.8A268094274301F2673D0D656BF763E5] [APT] [Lenovo\ImController\TimeBasedEvents\5115b37c-ad53-4808-937c-4d8f4eedbddb] (.Lenovo Group Limited.) – C:\Program Files\lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe [57160] (.Activate.) =>.Lenovo®
                                        O39 - APT: Unknown - (.Legitimate.) – C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job [214]
                                        O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) – C:\WINDOWS\System32\Tasks\CCleanerSkipUAC [2846] =>.Piriform Ltd®
                                        O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) – C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore [3120] =>.Google Inc®
                                        O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) – C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A [3344] =>.Google Inc®
                                        O39 - APT: Unknown - (…) – C:\WINDOWS\System32\Tasks\shutdown [2478]
                                        O39 - APT: Tweaking.com - Windows Repair Tray Icon - (.Tweaking.com.) – C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon [3758] =>.Tweaking LLC®
                                        O39 - APT: {1E6113B1-6320-42D6-98F3-9B2BBA5E0C28} - (.Mozilla Corporation.) – C:\WINDOWS\System32\Tasks{1E6113B1-6320-42D6-98F3-9B2BBA5E0C28} [2240] =>.Mozilla Corporation®
                                        HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero
                                        HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\shutdown
                                        HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking .com - Windows Repair Tray Icon

                                        —\ Auto loading programs from Registry and folders (9) - 1s
                                        O4 - HKLM..\Run: [SecurityHealth] . (.Microsoft Corporation - Windows Defender notification icon.) – C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Windows®
                                        O4 - HKLM..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) – C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe =>.Conexant Systems, Inc.®
                                        O4 - HKLM..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) – C:\Program Files\CONEXANT\SAII\SACpl.exe =>.Conexant Systems, Inc.®
                                        O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) – C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe =>.Adobe Systems Incorporated®
                                        O4 - HKCU..\Run: [SandboxieControl] . (.Sandboxie Holdings, LLC - Sandboxie Control.) – d:\Program Files\Sandboxie\SbieCtrl.exe =>.Invincea, Inc.®
                                        O4 - HKCU..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) – D:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc.
                                        O4 - HKLM..\Wow6432Node\Run: [KeyScrambler] . (.QFX Software Corporation - KeyScrambler.) – d:\Program Files (x86)\KeyScrambler\keyscrambler.exe =>.QFX Software Corporation®
                                        O4 - HKUS\S-1-5-21-900945925-988278395-3478122750-1001..\Run: [SandboxieControl] . (.Sandboxie Holdings, LLC - Sandboxie Control.) – d:\Program Files\Sandboxie\SbieCtrl.exe =>.Invincea, Inc.®
                                        O4 - HKUS\S-1-5-21-900945925-988278395-3478122750-1001..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) – D:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc.

                                        —\ Process running (24) - 4s
                                        [MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxCUIService Module.) – C:\WINDOWS\system32\igfxCUIService.exe [0] [PID.1744] =>.Intel Corporation
                                        [MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Service Module.) – C:\WINDOWS\system32\atiesrxx.exe [0] [PID.1936] =>.AMD
                                        [MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Client Module.) – C:\WINDOWS\system32\atieclxx.exe [0] [PID.2168] =>.AMD
                                        [MD5.F17F3D35E94CFB0D7B85BAE2B1DD3A9E] - (.Sandboxie Holdings, LLC - Sandboxie Service.) – d:\Program Files\Sandboxie\SbieSvc.exe [198792] [PID.2552] =>.Invincea, Inc.®
                                        [MD5.00000000000000000000000000000000] - (.Conexant Systems Inc. - Conexant Audio Message Service.) – C:\WINDOWS\system32\CxAudMsg64.exe [0] [PID.3576] =>.Conexant Systems Inc.
                                        [MD5.2C101AA0A186C079C4044F1FD0D1E5E5] - (.ELAN Microelectronics Corp. - Elan Service.) – C:\Program Files\Elantech\ETDService.exe [135072] [PID.3632] =>.ELAN Microelectronics Corporation®
                                        [MD5.8A268094274301F2673D0D656BF763E5] - (.Lenovo Group Limited - Lenovo.Modern.ImController.) – C:\Program Files\lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe [57160] [PID.3640] =>.Lenovo®
                                        [MD5.DAE6C3099D291EED8922A65C29ABCF52] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) – C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520] [PID.3696] =>.Intel(R) Corporation
                                        [MD5.FA732C734521F9B74149272636D1D4EA] - (.ELAN Microelectronics Corp. - ETD Control Center.) – C:\Program Files\Elantech\ETDCtrl.exe [3743648] [PID.532] =>.ELAN Microelectronics Corporation®
                                        [MD5.AF5DB228216629E05A5EB3A20BEF2693] - (.ELAN Microelectronics Corp. - ETD Control Center Helper.) – C:\Program Files\Elantech\ETDCtrlHelper.exe [2654624] [PID.6528] =>.ELAN Microelectronics Corporation®
                                        [MD5.3A9F29C46129C094B5FA09BBD42AFFB0] - (.ELAN Microelectronics Corp. - ETDIntelligent.) – C:\Program Files\Elantech\ETDIntelligent.exe [2267552] [PID.6560] =>.ELAN Microelectronics Corporation®
                                        [MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxEM Module.) – C:\WINDOWS\system32\igfxEM.exe [0] [PID.6864] =>.Intel Corporation
                                        [MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxHK Module.) – C:\WINDOWS\system32\igfxHK.exe [0] [PID.6892] =>.Intel Corporation
                                        [MD5.FFBFE1175531CD582D89796835CBB598] - (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) – C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent 64.exe [935104] [PID.7192] =>.Conexant Systems, Inc.®
                                        [MD5.3B292B4214F7CCB2076262CA0D235B70] - (.Tonec Inc. - Internet Download Manager (IDM).) – D:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848] [PID.7340] =>.Tonec Inc.
                                        [MD5.21C640C0579CCE82AD8EB14FF28C0DD8] - (.QFX Software Corporation - KeyScrambler.) – D:\Program Files (x86)\KeyScrambler\KeyScrambler.exe [509216] [PID.7572] =>.QFX Software Corporation®
                                        [MD5.B289C20C10B241F6016FECD92B267098] - (.Tonec Inc. - Internet Download Manager agent for click m.) – D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [275512] [PID.7660] =>.Tonec Inc.®
                                        [MD5.26FBEC366638A0162F442D26CC51B026] - (.QFX Software Corporation - KeyScrambler.) – D:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe [563488] [PID.7728] =>.QFX Software Corporation®
                                        [MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.8012] =>.Intel Corporation - Intel® Management Engine Firmware®
                                        [MD5.8E65EBE8511CD0757BBB17C7670F6563] - (.Tweaking.com - Tweaking.com - Windows Repair Tray Icon.) – C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [218336] [PID.6344] =>.Tweaking LLC®
                                        [MD5.C9E3BD3977709EF215AD82AE5A838EF1] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) – C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern .ImController.PluginHost.Device.exe [36680] [PID.7484] =>.Lenovo®
                                        [MD5.C9E3BD3977709EF215AD82AE5A838EF1] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) – C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern .ImController.PluginHost.Device.exe [36680] [PID.8008] =>.Lenovo®
                                        [MD5.797F95CDD6C99A10CAFDC959F3CF1212] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\USER\AppData\Roaming\ZHP\ZHPDiag3.exe [2806656] [PID.8480] =>.Nicolas Coolman
                                        [MD5.C9E3BD3977709EF215AD82AE5A838EF1] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) – C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern .ImController.PluginHost.Device.exe [36680] [PID.1072] =>.Lenovo®

                                        —\ Google Chrome, Start,Search,Extensions (12) - 0s
                                        G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com =>.Google Inc.
                                        G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.com.np =>.Google Inc.
                                        G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] http://drive.google.com/ =>.Google Inc. {Drive}
                                        G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] http://www.youtube.com =>.Youtube {Youtube}
                                        G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] http://www.google.com/ =>.Google Inc. {Hidden Chrome extensions}
                                        G2 - GCE: Preference [User Data\Default] [kgejglhpjiefppelpmljglcjbhoiplfn]
                                        G2 - GCE: Preference [User Data\Default] [kkmlkkjojmombglmlpbpapmhcaljjkde] Zhongwen Chinese Popup Dictionary
                                        G2 - GCE: Preference [User Data\Default] [mdkfiefeoimmobmhdimachkfcpkgahlc]
                                        G2 - GCE: Preference [User Data\Default] [melfcogdhodeocnkdiplgdpkllopbhan] http://ttsreader.com/
                                        G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] =>.Google Inc. {Wallet}
                                        G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] http://mail.google.com/ =>.Google Inc. {Gmail}
                                        G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

                                        —\ Mozilla Firefox,Plugins,Start,Search,Extensions (13) - 7s
                                        P2 - EXT FILE: (.Activate Reader View - The Reader View is a feature that stri.) – C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Prof iles\z94n8t79.default\extensions@activatereaderview.xpi
                                        P2 - EXT FILE: (. CoolROM.com - Contact Us - Coolrom Search Engine.) – C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Prof iles\z94n8t79.default\extensions{0fc22c4c-93ed-48ea-ad12-dc8039cf3795}.xpi
                                        P2 - EXT FILE: (.Adblock Plus - Ads were yesterday!.) – C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Prof iles\z94n8t79.default\extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi =>.Adblock Plus
                                        P2 - EXT FILE: (.Mozilla Corporation.) – C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi =>.Mozilla Corporation
                                        P2 - EXT FILE: (.Mozilla Corporation.) – C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi =>.Mozilla Corporation
                                        P2 - EXT FILE: (.Mozilla Corporation.) – C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi =>.Mozilla Corporation
                                        P2 - EXT FILE: (.Mozilla Corporation.) – C:\Program Files (x86)\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi =>.Mozilla Corporation
                                        P2 - EXT FILE: (.Mozilla Corporation.) – C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi =>.Mozilla Corporation
                                        P2 - EXT: (.Mozilla & Android Open Source Project - ADB Helper.) – C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Prof iles\z94n8t79.default\extensions\adbhelper@mozilla.org =>.Mozilla & Android Open Source Project
                                        P2 - EXT: (.Justin Kovalchuk - Perapera Chinese.) – C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Prof iles\z94n8t79.default\extensions\chineseperakun@gmail.com =>.Justin Kovalchuk
                                        P2 - EXT: (.Internet Download Manager, Tonec Inc. - IDM integration.) – C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Prof iles\z94n8t79.default\extensions\mozilla_cc2@internetdownloadmanager.com =>.Internet Download Manager, Tonec Inc.
                                        P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) – C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 137.dll =>.Adobe Systems Incorporated
                                        P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc..) – C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll =>.Google, Inc.

                                        —\ Internet Explorer Extensions, Start, Search (19) - 0s
                                        R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com =>.Google Inc.
                                        R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                        R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                        R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                        R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                        R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/ =>.Microsoft Corporation
                                        R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                        R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                        R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
                                        R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
                                        R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                        R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                        R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                        R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                        R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                        R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
                                        R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
                                        R1 - HKEY_USERS\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/ =>.Microsoft Corporation
                                        R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

                                        —\ Internet Explorer, Proxy Management (6) - 0s
                                        R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
                                        R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
                                        R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
                                        R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 1
                                        R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
                                        R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies =>.Microsoft

                                        —\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
                                        F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
                                        F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
                                        F2 - REG:system.ini: VMApplet=

                                        —\ Hosts file redirection (1) - 0s
                                        ~ Le fichier hôte est sain (The hosts file is clean) (24)

                                        —\ Browser Helper Object (BHO) (2) - 1s
                                        O2 - BHO: IDM Helper [64Bits] - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) – d:\Program Files (x86)\Internet Download Manager\IDMIECC.dll =>.Tonec Inc.®
                                        O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) – D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL =>.Microsoft Corporation®

                                        —\ Global shortcuts Startup (131) - 12s
                                        O4 - GS\Desktop [Administrator]: Anki.lnk . (…) D:\Program Files (x86)\Anki\anki.exe
                                        O4 - GS\Desktop [Administrator]: Basic Patterns of Chinese Grammar_ A Student’s Guide - Qin Xue Herzberg - Shortcut.lnk . (…) D:\Downloads\Basic Patterns of Chinese Grammar by Qin Xue Herzberg\Basic Patterns of Chinese Grammar_ A Student’s Guide - Qin Xue Herzberg.pdf
                                        O4 - GS\Desktop [Administrator]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
                                        O4 - GS\Desktop [Administrator]: HTTrack Website Copier.lnk . (.HTTrack - WinHTTrack Website Copier, Copy Websites to.) D:\Program Files\WinHTTrack\WinHTTrack.exe =>.Open Source Developer, Xavier Roche®
                                        O4 - GS\Desktop [Administrator]: JDownloader 2.lnk . (.AppWork GmbH - JDownloader 2 Launcher.) D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\JDownloader2.exe =>.Appwork GmbH®
                                        O4 - GS\Desktop [Administrator]: Journal - Shortcut.lnk . (…) D:\documents\Journal
                                        O4 - GS\Desktop [Administrator]: Modern Mandarin Chinese Grammar A Practical Guide - Shortcut.lnk . (…) D:\Downloads\Chinese Language Learning Pack\05.Grammar, Workbooks, Usage\Modern Mandarin Chinese Grammar A Practical Guide.pdf
                                        O4 - GS\Desktop [Administrator]: mp3DirectCut.lnk . (.Martin Pesch - mp3DirectCut - Direct MP3 editor and record.) D:\Program Files (x86)\mp3DirectCut\mp3DirectCut.exe =>.Martin Pesch
                                        O4 - GS\Desktop [Administrator]: PeerBlock.lnk . (.PeerBlock, LLC - PeerBlock.) D:\Program Files\PeerBlock\peerblock.exe =>.PeerBlock, LLC®
                                        O4 - GS\Desktop [Administrator]: procexp64 - Shortcut.lnk . (.Sysinternals - www.sysinternals.com - Sysinternals Process Explorer.) D:\softwares\procexp64.exe =>.Microsoft Corporation®
                                        O4 - GS\Desktop [Administrator]: Sandboxed Web Browser.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) D:\Program Files\Sandboxie\Start.exe default_browser =>.Invincea, Inc.®
                                        O4 - GS\Desktop [Administrator]: Subtitle Edit.lnk . (.Nikse - Subtitle Edit.) C:\Program Files\Subtitle Edit\SubtitleEdit.exe =>.Nikse
                                        O4 - GS\Desktop [Administrator]: The Secrets Kyusho - Pressure Point Fighting (2012) - Shortcut.lnk . (…) D:\Downloads\The Secrets Kyusho - Pressure Point Fighting (2012).pdf
                                        O4 - GS\Desktop [Administrator]: Tweaking.com - Windows Repair.lnk . (.Tweaking.com - Tweaking.com - Windows Repair.) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe =>.Tweaking LLC®
                                        O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\USER\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                        O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                        O4 - GS\Quicklaunch [Administrator]: JDownloader 2.lnk . (.AppWork GmbH - JDownloader 2 Launcher.) D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\JDownloader2.exe =>.Appwork GmbH®
                                        O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                        O4 - GS\Quicklaunch [Administrator]: Sandboxed Web Browser.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) D:\Program Files\Sandboxie\Start.exe default_browser =>.Invincea, Inc.®
                                        O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
                                        O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
                                        O4 - GS\sendTo [Administrator]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
                                        O4 - GS\sendTo [Administrator]: Sandboxie - DefaultBox.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) D:\Program Files\Sandboxie\Start.exe /boxefaultBox =>.Invincea, Inc.®
                                        O4 - GS\sendTo [Administrator]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
                                        O4 - GS\TaskBar [Administrator]: MetaTrader (2).lnk . (.MetaQuotes Software Corp. - MetaTrader.) D:\Program Files (x86)\MetaTrader - EXNESS\terminal.exe {00A74246F26ADF987743017FED54891570} =>.MetaQuotes Software Corp.
                                        O4 - GS\TaskBar [Administrator]: MetaTrader.lnk . (.MetaQuotes Software Corp. - MetaTrader.) D:\Program Files (x86)\InstaTrader\terminal.exe {00A74246F26ADF987743017FED54891570} =>.MetaQuotes Software Corp.
                                        O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) D:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                                        O4 - GS\TaskBar [Administrator]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
                                        O4 - GS\TaskBar [Administrator]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
                                        O4 - GS\Programs [Administrator]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
                                        O4 - GS\Programs [Administrator]: Anki.lnk . (…) D:\Program Files (x86)\Anki\anki.exe
                                        O4 - GS\Programs [Administrator]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
                                        O4 - GS\Desktop [Guest]: Anki.lnk . (…) D:\Program Files (x86)\Anki\anki.exe
                                        O4 - GS\Desktop [Guest]: Basic Patterns of Chinese Grammar_ A Student’s Guide - Qin Xue Herzberg - Shortcut.lnk . (…) D:\Downloads\Basic Patterns of Chinese Grammar by Qin Xue Herzberg\Basic Patterns of Chinese Grammar_ A Student’s Guide - Qin Xue Herzberg.pdf
                                        O4 - GS\Desktop [Guest]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
                                        O4 - GS\Desktop [Guest]: HTTrack Website Copier.lnk . (.HTTrack - WinHTTrack Website Copier, Copy Websites to.) D:\Program Files\WinHTTrack\WinHTTrack.exe =>.Open Source Developer, Xavier Roche®
                                        O4 - GS\Desktop [Guest]: JDownloader 2.lnk . (.AppWork GmbH - JDownloader 2 Launcher.) D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\JDownloader2.exe =>.Appwork GmbH®
                                        O4 - GS\Desktop [Guest]: Journal - Shortcut.lnk . (…) D:\documents\Journal
                                        O4 - GS\Desktop [Guest]: Modern Mandarin Chinese Grammar A Practical Guide - Shortcut.lnk . (…) D:\Downloads\Chinese Language Learning Pack\05.Grammar, Workbooks, Usage\Modern Mandarin Chinese Grammar A Practical Guide.pdf
                                        O4 - GS\Desktop [Guest]: mp3DirectCut.lnk . (.Martin Pesch - mp3DirectCut - Direct MP3 editor and record.) D:\Program Files (x86)\mp3DirectCut\mp3DirectCut.exe =>.Martin Pesch
                                        O4 - GS\Desktop [Guest]: PeerBlock.lnk . (.PeerBlock, LLC - PeerBlock.) D:\Program Files\PeerBlock\peerblock.exe =>.PeerBlock, LLC®
                                        O4 - GS\Desktop [Guest]: procexp64 - Shortcut.lnk . (.Sysinternals - www.sysinternals.com - Sysinternals Process Explorer.) D:\softwares\procexp64.exe =>.Microsoft Corporation®
                                        O4 - GS\Desktop [Guest]: Sandboxed Web Browser.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) D:\Program Files\Sandboxie\Start.exe default_browser =>.Invincea, Inc.®
                                        O4 - GS\Desktop [Guest]: Subtitle Edit.lnk . (.Nikse - Subtitle Edit.) C:\Program Files\Subtitle Edit\SubtitleEdit.exe =>.Nikse
                                        O4 - GS\Desktop [Guest]: The Secrets Kyusho - Pressure Point Fighting (2012) - Shortcut.lnk . (…) D:\Downloads\The Secrets Kyusho - Pressure Point Fighting (2012).pdf
                                        O4 - GS\Desktop [Guest]: Tweaking.com - Windows Repair.lnk . (.Tweaking.com - Tweaking.com - Windows Repair.) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe =>.Tweaking LLC®
                                        O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\USER\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                        O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                        O4 - GS\Quicklaunch [Guest]: JDownloader 2.lnk . (.AppWork GmbH - JDownloader 2 Launcher.) D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\JDownloader2.exe =>.Appwork GmbH®
                                        O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                        O4 - GS\Quicklaunch [Guest]: Sandboxed Web Browser.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) D:\Program Files\Sandboxie\Start.exe default_browser =>.Invincea, Inc.®
                                        O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
                                        O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
                                        O4 - GS\sendTo [Guest]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
                                        O4 - GS\sendTo [Guest]: Sandboxie - DefaultBox.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) D:\Program Files\Sandboxie\Start.exe /boxefaultBox =>.Invincea, Inc.®
                                        O4 - GS\sendTo [Guest]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
                                        O4 - GS\TaskBar [Guest]: MetaTrader (2).lnk . (.MetaQuotes Software Corp. - MetaTrader.) D:\Program Files (x86)\MetaTrader - EXNESS\terminal.exe {00A74246F26ADF987743017FED54891570} =>.MetaQuotes Software Corp.
                                        O4 - GS\TaskBar [Guest]: MetaTrader.lnk . (.MetaQuotes Software Corp. - MetaTrader.) D:\Program Files (x86)\InstaTrader\terminal.exe {00A74246F26ADF987743017FED54891570} =>.MetaQuotes Software Corp.
                                        O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) D:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                                        O4 - GS\TaskBar [Guest]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
                                        O4 - GS\TaskBar [Guest]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
                                        O4 - GS\Programs [Guest]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
                                        O4 - GS\Programs [Guest]: Anki.lnk . (…) D:\Program Files (x86)\Anki\anki.exe
                                        O4 - GS\Programs [Guest]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
                                        O4 - GS\Desktop [Max]: Anki.lnk . (…) D:\Program Files (x86)\Anki\anki.exe
                                        O4 - GS\Desktop [Max]: Basic Patterns of Chinese Grammar_ A Student’s Guide - Qin Xue Herzberg - Shortcut.lnk . (…) D:\Downloads\Basic Patterns of Chinese Grammar by Qin Xue Herzberg\Basic Patterns of Chinese Grammar_ A Student’s Guide - Qin Xue Herzberg.pdf
                                        O4 - GS\Desktop [Max]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
                                        O4 - GS\Desktop [Max]: HTTrack Website Copier.lnk . (.HTTrack - WinHTTrack Website Copier, Copy Websites to.) D:\Program Files\WinHTTrack\WinHTTrack.exe =>.Open Source Developer, Xavier Roche®
                                        O4 - GS\Desktop [Max]: JDownloader 2.lnk . (.AppWork GmbH - JDownloader 2 Launcher.) D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\JDownloader2.exe =>.Appwork GmbH®
                                        O4 - GS\Desktop [Max]: Journal - Shortcut.lnk . (…) D:\documents\Journal
                                        O4 - GS\Desktop [Max]: Modern Mandarin Chinese Grammar A Practical Guide - Shortcut.lnk . (…) D:\Downloads\Chinese Language Learning Pack\05.Grammar, Workbooks, Usage\Modern Mandarin Chinese Grammar A Practical Guide.pdf
                                        O4 - GS\Desktop [Max]: mp3DirectCut.lnk . (.Martin Pesch - mp3DirectCut - Direct MP3 editor and record.) D:\Program Files (x86)\mp3DirectCut\mp3DirectCut.exe =>.Martin Pesch
                                        O4 - GS\Desktop [Max]: PeerBlock.lnk . (.PeerBlock, LLC - PeerBlock.) D:\Program Files\PeerBlock\peerblock.exe =>.PeerBlock, LLC®
                                        O4 - GS\Desktop [Max]: procexp64 - Shortcut.lnk . (.Sysinternals - www.sysinternals.com - Sysinternals Process Explorer.) D:\softwares\procexp64.exe =>.Microsoft Corporation®
                                        O4 - GS\Desktop [Max]: Sandboxed Web Browser.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) D:\Program Files\Sandboxie\Start.exe default_browser =>.Invincea, Inc.®
                                        O4 - GS\Desktop [Max]: Subtitle Edit.lnk . (.Nikse - Subtitle Edit.) C:\Program Files\Subtitle Edit\SubtitleEdit.exe =>.Nikse
                                        O4 - GS\Desktop [Max]: The Secrets Kyusho - Pressure Point Fighting (2012) - Shortcut.lnk . (…) D:\Downloads\The Secrets Kyusho - Pressure Point Fighting (2012).pdf
                                        O4 - GS\Desktop [Max]: Tweaking.com - Windows Repair.lnk . (.Tweaking.com - Tweaking.com - Windows Repair.) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe =>.Tweaking LLC®
                                        O4 - GS\Desktop [Max]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\USER\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                        O4 - GS\Quicklaunch [Max]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                        O4 - GS\Quicklaunch [Max]: JDownloader 2.lnk . (.AppWork GmbH - JDownloader 2 Launcher.) D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\JDownloader2.exe =>.Appwork GmbH®
                                        O4 - GS\Quicklaunch [Max]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                        O4 - GS\Quicklaunch [Max]: Sandboxed Web Browser.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) D:\Program Files\Sandboxie\Start.exe default_browser =>.Invincea, Inc.®
                                        O4 - GS\sendTo [Max]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
                                        O4 - GS\sendTo [Max]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
                                        O4 - GS\sendTo [Max]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
                                        O4 - GS\sendTo [Max]: Sandboxie - DefaultBox.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) D:\Program Files\Sandboxie\Start.exe /boxefaultBox =>.Invincea, Inc.®
                                        O4 - GS\sendTo [Max]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
                                        O4 - GS\TaskBar [Max]: MetaTrader (2).lnk . (.MetaQuotes Software Corp. - MetaTrader.) D:\Program Files (x86)\MetaTrader - EXNESS\terminal.exe {00A74246F26ADF987743017FED54891570} =>.MetaQuotes Software Corp.
                                        O4 - GS\TaskBar [Max]: MetaTrader.lnk . (.MetaQuotes Software Corp. - MetaTrader.) D:\Program Files (x86)\InstaTrader\terminal.exe {00A74246F26ADF987743017FED54891570} =>.MetaQuotes Software Corp.
                                        O4 - GS\TaskBar [Max]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) D:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                                        O4 - GS\TaskBar [Max]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
                                        O4 - GS\TaskBar [Max]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
                                        O4 - GS\Programs [Max]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
                                        O4 - GS\Programs [Max]: Anki.lnk . (…) D:\Program Files (x86)\Anki\anki.exe
                                        O4 - GS\Programs [Max]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
                                        O4 - GS\CommonDesktop [Public]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) D:\Program Files (x86)\Audacity\audacity.exe =>.James Crook®
                                        O4 - GS\CommonDesktop [Public]: calibre - E-book management.lnk . (…) D:\Program Files (x86)\Calibre2\calibre.exe
                                        O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
                                        O4 - GS\CommonDesktop [Public]: CyberLink PowerDVD 14.lnk . (.CyberLink Corp. - CyberLink PowerDVD14.) C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe =>.CyberLink Corp.®
                                        O4 - GS\CommonDesktop [Public]: DCXTrader.lnk . (…) D:\Program Files (x86)\Ese Software\DCX Trader\DCXTrader.exe
                                        O4 - GS\CommonDesktop [Public]: Malwarebytes.lnk . (.Malwarebytes - Malwarebytes.) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe =>.Malwarebytes Corporation®
                                        O4 - GS\CommonDesktop [Public]: MetaTrader - EXNESS.lnk . (.MetaQuotes Software Corp. - MetaTrader.) D:\Program Files (x86)\MetaTrader - EXNESS\terminal.exe {00A74246F26ADF987743017FED54891570} =>.MetaQuotes Software Corp.
                                        O4 - GS\CommonDesktop [Public]: Network Recording Player.lnk . (.Cisco WebEx LLC - NBR Player Execute Module.) D:\programdata\WebEx\WebEx\500\nbrplay.exe =>.Cisco WebEx LLC®
                                        O4 - GS\CommonDesktop [Public]: PrimoPDF - Drop Files Here to Convert!.lnk . (.Nitro PDF - PrimoPDF.) C:\Program Files (x86)\Nitro PDF\PrimoPDF\PrimoPDF.exe =>.Nitro PDF Software®
                                        O4 - GS\CommonDesktop [Public]: Skype.lnk . (…) C:\Windows\Installer{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe =>.Skype Technologies
                                        O4 - GS\CommonDesktop [Public]: VLC media player.lnk . (.VideoLAN - VLC media player.) D:\Program Files (x86)\VideoLAN\VLC\vlc.exe =>.VideoLAN®
                                        O4 - GS\CommonDesktop [Public]: Wise Data Recovery.lnk . (.WiseCleaner.com - Wise Data Recovery.) D:\Program Files (x86)\Wise\Wise Data Recovery\WiseDataRecovery.exe =>.Lespeed Technology Ltd.®
                                        O4 - GS\Programs [Public]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
                                        O4 - GS\Programs [Public]: Anki.lnk . (…) D:\Program Files (x86)\Anki\anki.exe
                                        O4 - GS\Programs [Public]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
                                        O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                        O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
                                        O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
                                        O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
                                        O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
                                        O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
                                        O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
                                        O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
                                        O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
                                        O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
                                        O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
                                        O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
                                        O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
                                        O4 - GS\ProgramsCommon [Public]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) D:\Program Files (x86)\Audacity\audacity.exe =>.James Crook®
                                        O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                        O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
                                        O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
                                        O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                                        O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
                                        O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation

                                        —\ Lop.com/Domain Hijackers (5) - 0s
                                        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 =>.Local IP Adress
                                        O17 - HKLM\System\CCS\Services\Tcpip..{01068155-a52c-4740-b306-07578124303c}: DhcpNameServer = 192.168.1.1 =>.Local IP Adress
                                        O17 - HKLM\System\CCS\Services\Tcpip..{29e036c1-4265-4952-8012-f43a55ab4933}: DhcpNameServer = 192.168.1.1 =>.Local IP Adress
                                        O17 - HKLM\System\CCS\Services\Tcpip..{3ee4e1e4-47d5-4352-aec3-6f70569b12df}: DhcpNameServer = 192.168.1.1 =>.Local IP Adress
                                        O17 - HKLM\System\CCS\Services\Tcpip..{F6C362E6-31CF-4394-9851-E5D33DF654FC}: DhcpNameServer = 192.168.30.1 =>.Local IP Adress

                                        —\ Extra protocols (24) - 1s
                                        O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                                        O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                        O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
                                        O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                        O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                        O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                        O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                        O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
                                        O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                                        O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                        O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                                        O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
                                        O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                                        O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) – C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll =>.Microsoft Corporation®
                                        O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
                                        O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                                        O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
                                        O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
                                        O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                                        O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
                                        O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
                                        O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
                                        O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
                                        O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) – C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL =>.Microsoft Corporation®

                                        —\ CLSID Tasks (Register) (1) - 3s
                                        O40 - TASK: {BF728E4A-B1B4-406C-A6B2-1A4888A56396} - (…) – C:\WINDOWS\system32\osppc.dll (.not file.) [0] (.Orphan.) =>.Superfluous.Orphan

                                        —\ Software installed (68) - 28s
                                        O42 - Logiciel: 7-Zip 9.20 - (.Igor Pavlov.) [HKLM][64Bits] – 7-Zip =>.Igor Pavlov
                                        O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {8C9AA2C1-D07A-48E8-9DD8-471A072947F4} =>.Adobe Systems Incorporated
                                        O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe AIR =>.Adobe Systems Incorporated®
                                        O42 - Logiciel: Adobe Flash Player 26 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
                                        O42 - Logiciel: Adobe Flash Player 26 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe Flash Player PPAPI =>.Adobe Systems Incorporated®
                                        O42 - Logiciel: Anki - (.Damien Elmes.) [HKLM][64Bits] – Anki =>.Damien Elmes
                                        O42 - Logiciel: Audacity 2.1.3 - (.Audacity Team.) [HKLM][64Bits] – Audacity®_is1 =>.Audacity Team
                                        O42 - Logiciel: AutoHotkey 1.1.26.01 - (.Lexikos.) [HKLM][64Bits] – AutoHotkey =>.Lexikos
                                        O42 - Logiciel: Bulk Rename Utility 2.7.1.3 - (.TGRMN Software.) [HKLM][64Bits] – Bulk Rename Utility_is1 =>.TGRMN Software
                                        O42 - Logiciel: calibre - (.Kovid Goyal.) [HKLM][64Bits] – {A253C2A7-FD66-43AA-9EA7-D30E5041F391} =>.Kovid Goyal
                                        O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] – CCleaner =>.Piriform Ltd®
                                        O42 - Logiciel: Conexant HD Audio - (.Conexant.) [HKLM][64Bits] – CNXT_AUDIO_HDA =>.Conexant Systems, Inc.®
                                        O42 - Logiciel: DCX Trader 1.8.15 - (..) [HKLM][64Bits] – DCX_Deploy_0
                                        O42 - Logiciel: Dolby Digital Plus Home Theater - (.Dolby Laboratories Inc.) [HKLM][64Bits] – {7E3D8FA1-6092-469A-955B-68FC4A2C67CA} =>.Dolby Laboratories Inc
                                        O42 - Logiciel: Foxit Reader - (.Foxit Software Inc..) [HKLM][64Bits] – Foxit Reader_is1 =>.Foxit Software Incorporated®
                                        O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] – Google Chrome =>.Google Inc®
                                        O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
                                        O42 - Logiciel: InstaTrader - (.MetaQuotes Software Corp..) [HKLM][64Bits] – InstaTrader =>.MetaQuotes Software Corp.®
                                        O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] – {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel(R) pGFX®
                                        O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] – {B5E06417-A4AC-4225-B36E-7E34C91616E7} =>.Intel Corporation
                                        O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM][64Bits] – Internet Download Manager =>.Tonec Inc.®
                                        O42 - Logiciel: IP Camera Adapter - (.Pavel Khlebovich.) [HKLM][64Bits] – {6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14} =>.Pavel Khlebovich
                                        O42 - Logiciel: Java 8 Update 144 - (.Oracle Corporation.) [HKLM][64Bits] – {26A24AE4-039D-4CA4-87B4-2F32180144F0} =>.Oracle Corporation
                                        O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] – {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
                                        O42 - Logiciel: JDownloader 2 - (.AppWork GmbH.) [HKLM][64Bits] – jdownloader2 =>.Appwork GmbH®
                                        O42 - Logiciel: KeyScrambler - (.QFX Software Corporation.) [HKLM][64Bits] – KeyScrambler =>.QFX Software Corporation
                                        O42 - Logiciel: K-Lite Codec Pack 11.4.0 Basic - (.KLite Inc.) [HKLM][64Bits] – KLiteCodecPack_is1 =>.KLite Inc
                                        O42 - Logiciel: Lenovo EasyCamera - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC} =>.Realtek Semiconductor Corp®
                                        O42 - Logiciel: Lenovo pointing device - (.ELAN Microelectronic Corp..) [HKLM][64Bits] – Elantech =>.ELAN Microelectronics Corporation®
                                        O42 - Logiciel: Lenovo System Interface Foundation Driver - (.Lenovo.) [HKLM][64Bits] – {C2E5CA37-C862-4A69-AC6D-24F450A20C16} =>.Lenovo
                                        O42 - Logiciel: Malwarebytes version 3.1.2.1733 - (.Malwarebytes.) [HKLM][64Bits] – {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1 =>.Malwarebytes Corporation®
                                        O42 - Logiciel: MetaTrader - EXNESS - (.MetaQuotes Software Corp..) [HKLM][64Bits] – MetaTrader - EXNESS =>.MetaQuotes Software Corp.®
                                        O42 - Logiciel: Microsoft Excel 2010 - (.Microsoft Corporation.) [HKLM][64Bits] – Office14.EXCEL =>.Microsoft Corporation®
                                        O42 - Logiciel: Microsoft Word 2010 - (.Microsoft Corporation.) [HKLM][64Bits] – Office14.WORD =>.Microsoft Corporation®
                                        O42 - Logiciel: Microsoft XNA Framework Redistributable 4.0 - (.Microsoft Corporation.) [HKLM][64Bits] – {2BFC7AA0-544C-4E3A-8796-67F3BE655BE9} =>.Microsoft Corporation
                                        O42 - Logiciel: Mozilla Firefox 39.0 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] – Mozilla Firefox 39.0 (x86 en-US) =>.Mozilla Corporation®
                                        O42 - Logiciel: Mozilla Firefox 47.0.1 (x86 en-US) - (.Mozilla.) [HKCU][64Bits] – Mozilla Firefox 47.0.1 (x86 en-US) =>.Mozilla Corporation®
                                        O42 - Logiciel: Mozilla Firefox 54.0.1 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] – Mozilla Firefox 54.0.1 (x86 en-US) =>.Mozilla Corporation®
                                        O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] – MozillaMaintenanceService =>.Mozilla
                                        O42 - Logiciel: MusicBee 3.0 - (.Steven Mayall.) [HKLM][64Bits] – MusicBee =>.Steven Mayall
                                        O42 - Logiciel: Network Recording Player - (.Cisco WebEx LLC.) [HKLM][64Bits] – {79417ECE-DA9D-49B3-B1C9-83AA3EAE6AE0} =>.Cisco WebEx LLC
                                        O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
                                        O42 - Logiciel: OpenAL - (.Open Audio Library.) [HKLM][64Bits] – OpenAL =>.Creative Labs Inc®
                                        O42 - Logiciel: PeerBlock 1.2 (r693) - (.PeerBlock, LLC.) [HKLM][64Bits] – {015C5B35-B678-451C-9AEE-821E8D69621C}_is1 =>.PeerBlock, LLC
                                        O42 - Logiciel: PrimoPDF – brought to you by Nitro PDF Software - (.Nitro PDF Software.) [HKLM][64Bits] – PrimoPDF =>.Nitro PDF Software
                                        O42 - Logiciel: PX Profile Update - (.AMD.) [HKLM][64Bits] – {954CFDDE-AF07-2AF9-9600-706E798D42BA} =>.AMD
                                        O42 - Logiciel: Raptr - (.Raptr, Inc.) [HKLM][64Bits] – Raptr =>.Raptr, Inc
                                        O42 - Logiciel: Rosetta Stone Language Training - (.Rosetta Stone, Ltd.) [HKLM][64Bits] – {00384623-4937-4D7D-BDD9-23513D1C50AB}
                                        O42 - Logiciel: Rosetta Stone Ltd Services - (.Rosetta Stone Ltd..) [HKLM][64Bits] – {3165E4A6-D5DE-46B0-8597-D55E2B826B84} =>.Rosetta Stone Ltd.
                                        O42 - Logiciel: Sandboxie 5.20 (64-bit) - (.Sandboxie Holdings, LLC.) [HKLM][64Bits] – Sandboxie =>.Invincea, Inc.®
                                        O42 - Logiciel: Skype Click to Call - (.Microsoft Corporation.) [HKLM][64Bits] – {873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B} =>.Microsoft Corporation
                                        O42 - Logiciel: Skype™ 7.1 - (..) [HKLM][64Bits] – {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
                                        O42 - Logiciel: Subtitle Edit 3.4.6 - (.Nikse.) [HKLM][64Bits] – SubtitleEdit_is1 =>.Nikse
                                        O42 - Logiciel: Subtitle Edit 3.5.3 - (.Nikse.) [HKLM][64Bits] – SubtitleEdit_is1 =>.Nikse
                                        O42 - Logiciel: Tweaking.com - Windows Repair - (.Tweaking.com.) [HKLM][64Bits] – Tweaking.com - Windows Repair =>.Tweaking.com
                                        O42 - Logiciel: USB Vibration Joystick - (..) [HKLM][64Bits] – {4999B2F1-3E74-409A-B8B5-E94448AA9EA6}
                                        O42 - Logiciel: Virtual DJ Home - Atomix Productions - (.Atomix Production.) [HKLM][64Bits] – Virtual DJ Home - Atomix Productions =>.Atomix Production
                                        O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] – VLC media player =>.VideoLAN
                                        O42 - Logiciel: Vulkan Run Time Libraries 1.0.3.1 - (.LunarG, Inc..) [HKLM][64Bits] – VulkanRT1.0.3.1 =>.LunarG, Inc.
                                        O42 - Logiciel: Vulkan Run Time Libraries 1.0.39.1 - (.LunarG, Inc..) [HKLM][64Bits] – VulkanRT1.0.39.1 =>.LunarG, Inc.®
                                        O42 - Logiciel: Windows 10 Update and Privacy Settings - (.Microsoft Corporation.) [HKLM][64Bits] – {293F2009-0145-450B-B4AA-063D43FB368C} =>.Microsoft Corporation
                                        O42 - Logiciel: Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) - (.Lenovo.) [HKLM][64Bits] – 35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E =>.Lenovo (Beijing) Limited®
                                        O42 - Logiciel: Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.28 - (.Lenovo.) [HKLM][64Bits] – 6BCA401E9CBEED970D75F55FA5320F60D11984E9 =>.Lenovo (Beijing) Limited®
                                        O42 - Logiciel: WinHTTrack Website Copier 3.48-22 (x64) - (.HTTrack.) [HKLM][64Bits] – WinHTTrack Website Copier_is1 =>.Open Source Developer, Xavier Roche®
                                        O42 - Logiciel: WinRAR 4.01 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] – WinRAR archiver =>.win.rar GmbH
                                        O42 - Logiciel: WinRAR 5.40 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] – WinRAR archiver =>.win.rar GmbH®
                                        O42 - Logiciel: Wise Data Recovery 3.82 - (.WiseCleaner.com, Inc..) [HKLM][64Bits] – Wise Data Recovery_is1 =>.WiseCleaner.com, Inc.

                                        —\ HKCU & HKLM Software Keys (197) - 28s
                                        HKLM\SOFTWARE\Wow6432Node\7-Zip =>.Igor Pavlov
                                        HKLM\SOFTWARE\Wow6432Node\ACD Systems =>.ACD Systems
                                        HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
                                        HKLM\SOFTWARE\Wow6432Node\Anki =>.Damien Elmes
                                        HKLM\SOFTWARE\Wow6432Node\Anvisoft =>.Anvisoft
                                        HKLM\SOFTWARE\Wow6432Node\Apple Computer, Inc. =>.Apple Computer, Inc.
                                        HKLM\SOFTWARE\Wow6432Node\Apple Inc. =>.Apple Inc.
                                        HKLM\SOFTWARE\Wow6432Node\ATI =>.ATI
                                        HKLM\SOFTWARE\Wow6432Node\ATI Technologies =>.ATI Technologies
                                        HKLM\SOFTWARE\Wow6432Node\Belarc =>.Belarc
                                        HKLM\SOFTWARE\Wow6432Node\calibre =>.Kovid Goyal
                                        HKLM\SOFTWARE\Wow6432Node\CDDB =>.Cddb Software
                                        HKLM\SOFTWARE\Wow6432Node\Conexant =>.Conexant
                                        HKLM\SOFTWARE\Wow6432Node\CyberLink =>.CyberLink Corporation
                                        HKLM\SOFTWARE\Wow6432Node\DigitalWave =>.DigitalWave Corporation
                                        HKLM\SOFTWARE\Wow6432Node\DivXNetworks =>.DivXNetworks
                                        HKLM\SOFTWARE\Wow6432Node\EA GAMES =>.EA Games
                                        HKLM\SOFTWARE\Wow6432Node\Ese Software
                                        HKLM\SOFTWARE\Wow6432Node\Eset =>.ESET
                                        HKLM\SOFTWARE\Wow6432Node\FarStone =>.FarStone
                                        HKLM\SOFTWARE\Wow6432Node\Foxit Software =>.Foxit Software
                                        HKLM\SOFTWARE\Wow6432Node\Free YouTube Downloader =>.DawnArk, Inc
                                        HKLM\SOFTWARE\Wow6432Node\GNU =>.GNU
                                        HKLM\SOFTWARE\Wow6432Node\GOG.com =>.GOG.com
                                        HKLM\SOFTWARE\Wow6432Node\Google =>.Google
                                        HKLM\SOFTWARE\Wow6432Node\HaaliMkx =>.Haali Media
                                        HKLM\SOFTWARE\Wow6432Node\HideAllIP
                                        HKLM\SOFTWARE\Wow6432Node\HitmanPro =>.EIDOS hitman Game
                                        HKLM\SOFTWARE\Wow6432Node\IM Providers =>.IM Providers
                                        HKLM\SOFTWARE\Wow6432Node\InstallShield =>.InstallShield
                                        HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
                                        HKLM\SOFTWARE\Wow6432Node\Internet Download Manager =>.Tonec Inc
                                        HKLM\SOFTWARE\Wow6432Node\InterVideo =>.InterVideo
                                        HKLM\SOFTWARE\Wow6432Node\iSkysoft =>.iSkysoft Software
                                        HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
                                        HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
                                        HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
                                        HKLM\SOFTWARE\Wow6432Node\KLCodecPack =>.KLite Inc
                                        HKLM\SOFTWARE\Wow6432Node\Lake =>.Lake Sofware
                                        HKLM\SOFTWARE\Wow6432Node\LAV =>.LAV Inc
                                        HKLM\SOFTWARE\Wow6432Node\Lenovo =>.Lenovo
                                        HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
                                        HKLM\SOFTWARE\Wow6432Node\Macrovision =>.Macrovision
                                        HKLM\SOFTWARE\Wow6432Node\Malwarebytes’ Anti-Malware =>.Malwarebytes’ Anti-Malware
                                        HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
                                        HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
                                        HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
                                        HKLM\SOFTWARE\Wow6432Node\MusicBee
                                        HKLM\SOFTWARE\Wow6432Node\Nalpeiron =>.Nalpeiron
                                        HKLM\SOFTWARE\Wow6432Node\Naver
                                        HKLM\SOFTWARE\Wow6432Node\Nero =>.Ahead Corporation
                                        HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
                                        HKLM\SOFTWARE\Wow6432Node\Nullsoft =>.Nullsoft
                                        HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
                                        HKLM\SOFTWARE\Wow6432Node\Opera Software =>.Opera Software
                                        HKLM\SOFTWARE\Wow6432Node\QFX Software =>.QFX Software
                                        HKLM\SOFTWARE\Wow6432Node\QuickTimeLite
                                        HKLM\SOFTWARE\Wow6432Node\R-TT =>.Unknown
                                        HKLM\SOFTWARE\Wow6432Node\Raptr =>.Raptr
                                        HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
                                        HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
                                        HKLM\SOFTWARE\Wow6432Node\Riot Games =>.Riot Games
                                        HKLM\SOFTWARE\Wow6432Node\RtWLan =>.Realtek Semiconductor Corp.
                                        HKLM\SOFTWARE\Wow6432Node\Skype =>.Skype
                                        HKLM\SOFTWARE\Wow6432Node\SuppHelpDir =>.Toshiba Corporation
                                        HKLM\SOFTWARE\Wow6432Node\TeamViewer =>.TeamViewer
                                        HKLM\SOFTWARE\Wow6432Node\TrendMicro =>.TrendMicro
                                        HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
                                        HKLM\SOFTWARE\Wow6432Node\VideoLAN =>.VideoLAN
                                        HKLM\SOFTWARE\Wow6432Node\Vimicro Corporation =>.Vimicro Corporation
                                        HKLM\SOFTWARE\Wow6432Node\VirtualDJ =>.Atomix Production
                                        HKLM\SOFTWARE\Wow6432Node\Volatile =>.Microsoft Corporation
                                        HKLM\SOFTWARE\Wow6432Node\WafCX =>.WafCX
                                        HKLM\SOFTWARE\Wow6432Node\WebEx =>.Cisco Systems, Inc.
                                        HKLM\SOFTWARE\Wow6432Node\WinRAR =>.WinRAR
                                        HKLM\SOFTWARE\Wow6432Node\Wondershare =>.Wondershare
                                        HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
                                        HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
                                        HKCU\SOFTWARE\4kdownload.com =>.4kdownload.com
                                        HKCU\SOFTWARE\7-Zip =>.Igor Pavlov
                                        HKCU\SOFTWARE\ACD Systems =>.ACD Systems
                                        HKCU\SOFTWARE\Adobe =>.Adobe
                                        HKCU\SOFTWARE\AMD =>.AMD
                                        HKCU\SOFTWARE\AMPLITUDE Studios =>.Amplitude Studios
                                        HKCU\SOFTWARE\Ankama =>.Ankama
                                        HKCU\SOFTWARE\Aplicaciones generadas con el Asistente para aplicaciones local
                                        HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
                                        HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
                                        HKCU\SOFTWARE\AppWork =>.Appwork GmbH
                                        HKCU\SOFTWARE\ATI =>.ATI
                                        HKCU\SOFTWARE\BlueStacks =>.BlueStack Systems, Inc.
                                        HKCU\SOFTWARE\Boneloaf
                                        HKCU\SOFTWARE\BugSplat =>.Bugsplat Game
                                        HKCU\SOFTWARE\calibre =>.Kovid Goyal
                                        HKCU\SOFTWARE\Chromium =>.Chromium
                                        HKCU\SOFTWARE\cks =>.Legitimate
                                        HKCU\SOFTWARE\ComfortSoftware =>.Comfort Software
                                        HKCU\SOFTWARE\Conexant =>.Conexant
                                        HKCU\SOFTWARE\Cyberlink =>.CyberLink Corporation
                                        HKCU\SOFTWARE\Daedalic Entertainment GmbH =>.Daedalic Entertainment GmbH
                                        HKCU\SOFTWARE\DAUM =>.DAUM
                                        HKCU\SOFTWARE\DivXNetworks =>.DivXNetworks
                                        HKCU\SOFTWARE\DownloadManager =>.DownloadManager
                                        HKCU\SOFTWARE\ej-technologies =>.ej-technologies
                                        HKCU\SOFTWARE\Elantech =>.Elantech Inc.
                                        HKCU\SOFTWARE\EMU =>.Games Software
                                        HKCU\SOFTWARE\epsxe =>.ePSXe
                                        HKCU\SOFTWARE\ESET =>.ESET
                                        HKCU\SOFTWARE\EXP
                                        HKCU\SOFTWARE\Forex Software =>.REX Game Studios, LLC
                                        HKCU\SOFTWARE\Foxit Software =>.Foxit Software
                                        HKCU\SOFTWARE\FreeTime =>.FreeTime Inc
                                        HKCU\SOFTWARE\FSCR Master
                                        HKCU\SOFTWARE\Fugazo
                                        HKCU\SOFTWARE\Gabest =>.Gabest
                                        HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
                                        HKCU\SOFTWARE\Genymobile =>.Genymobile
                                        HKCU\SOFTWARE\GNU =>.GNU
                                        HKCU\SOFTWARE\GOG.com =>.GOG.com
                                        HKCU\SOFTWARE\Google =>.Google
                                        HKCU\SOFTWARE\GreenTree Applications =>.Superfluous.GreenTreeApp
                                        HKCU\SOFTWARE\Haali =>.Haali Media
                                        HKCU\SOFTWARE\HideAllIP
                                        HKCU\SOFTWARE\Icaros =>.Icaros
                                        HKCU\SOFTWARE\IM Providers =>.IM Providers
                                        HKCU\SOFTWARE\Intel =>.Intel
                                        HKCU\SOFTWARE\IP Webcam
                                        HKCU\SOFTWARE\iSkysoft =>.iSkysoft Software
                                        HKCU\SOFTWARE\JavaSoft =>.JavaSoft
                                        HKCU\SOFTWARE\Katauri Interactive
                                        HKCU\SOFTWARE\Kingsoft =>.Kingosoft Technology Ltd
                                        HKCU\SOFTWARE\KoeiTecmo
                                        HKCU\SOFTWARE\Lake =>.Lake Sofware
                                        HKCU\SOFTWARE\Leapdroid =>.Leapdroid
                                        HKCU\SOFTWARE\Lenovo =>.Lenovo
                                        HKCU\SOFTWARE\Logitech =>.Logitech
                                        HKCU\SOFTWARE\Macromedia =>.Macromedia
                                        HKCU\SOFTWARE\madshi =>.madshi.net
                                        HKCU\SOFTWARE\Magix =>.Magix
                                        HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
                                        HKCU\SOFTWARE\MediaInfo =>.Jérôme Martinez
                                        HKCU\SOFTWARE\Memsource
                                        HKCU\SOFTWARE\MetaQuotes Software =>.MetaQuotes Software
                                        HKCU\SOFTWARE\MGS
                                        HKCU\SOFTWARE\Microgaming
                                        HKCU\SOFTWARE\Mirage =>.Mirage Game
                                        HKCU\SOFTWARE\Mozilla =>.Mozilla
                                        HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
                                        HKCU\SOFTWARE\MPC-HC =>.MPC-HC Team
                                        HKCU\SOFTWARE\Naver
                                        HKCU\SOFTWARE\Nero =>.Ahead Corporation
                                        HKCU\SOFTWARE\Netscape =>.Netscape
                                        HKCU\SOFTWARE\Nitro =>.Nitro
                                        HKCU\SOFTWARE\Obsidian Entertainment =>.Obsidian Entertainment
                                        HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
                                        HKCU\SOFTWARE\Opera Software =>.Opera Software
                                        HKCU\SOFTWARE\OTELNP
                                        HKCU\SOFTWARE\PCSX2
                                        HKCU\SOFTWARE\Piriform =>.Piriform
                                        HKCU\SOFTWARE\QFX Software =>.QFX Software
                                        HKCU\SOFTWARE\QtProject =>.QtProject
                                        HKCU\SOFTWARE\R-TT =>.Unknown
                                        HKCU\SOFTWARE\RAD Game Tools =>.RAD Game Tools
                                        HKCU\SOFTWARE\Raptr =>.Raptr
                                        HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
                                        HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
                                        HKCU\SOFTWARE\RLZer
                                        HKCU\SOFTWARE\SDR Free Ebook Converter
                                        HKCU\SOFTWARE\SKS =>.SKS Software
                                        HKCU\SOFTWARE\Skype =>.Skype
                                        HKCU\SOFTWARE\SYNCJM =>.SYNCJM
                                        HKCU\SOFTWARE\Sysinternals =>.Sysinternals
                                        HKCU\SOFTWARE\SysProgs =>.SysProgs
                                        HKCU\SOFTWARE\TeamViewer =>.TeamViewer
                                        HKCU\SOFTWARE\Tencent =>.Superfluous.Tencent
                                        HKCU\SOFTWARE\TGRMN Software =>.TGRMN Software
                                        HKCU\SOFTWARE\The Creative Assembly =>.The Creative Assembly
                                        HKCU\SOFTWARE\ThsDict.ini
                                        HKCU\SOFTWARE\ThsDict.ini2
                                        HKCU\SOFTWARE\Trolltech =>.Trolltech
                                        HKCU\SOFTWARE\Unity =>.Unity
                                        HKCU\SOFTWARE\Valve =>.Valve
                                        HKCU\SOFTWARE\VirtualDJ =>.Atomix Production
                                        HKCU\SOFTWARE\Vision Thing
                                        HKCU\SOFTWARE\Webex =>.Cisco Systems, Inc.
                                        HKCU\SOFTWARE\Winamp =>.Nullsoft Inc.
                                        HKCU\SOFTWARE\WinHTTrack Website Copier =>.Xavier Roche
                                        HKCU\SOFTWARE\WinRAR =>.WinRAR
                                        HKCU\SOFTWARE\WinRAR SFX =>.RarLab
                                        HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
                                        HKCU\SOFTWARE\WsAudioDevice_383
                                        HKCU\SOFTWARE\Yahoo =>.Yahoo! Inc.
                                        HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
                                        HKCU\SOFTWARE\Ó¦ÓóÌÐòÏòµ¼Éú³ÉµÄ±¾µØÓ¦ÓóÌÐò
                                        HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
                                        HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft
                                        HKCU\SOFTWARE\AppDataLow\Software\Yahoo =>.Yahoo! Inc.

                                        —\ Contents of the Common Files folders (384) - 42s
                                        O43 - CFD: 18/08/2014 - D – C:\Program Files\Adobe =>.Adobe Systems Incorporated®
                                        O43 - CFD: 25/03/2015 - D – C:\Program Files\Adware-Removal-Tool =>.Pawan Kumar®
                                        O43 - CFD: 05/06/2017 - AD – C:\Program Files\AMD =>.Advanced Micro Devices, Inc.®
                                        O43 - CFD: 11/05/2015 - D – C:\Program Files\ATI =>.ATI
                                        O43 - CFD: 05/06/2017 - AD – C:\Program Files\ATI Technologies =>.ATI Technologies
                                        O43 - CFD: 03/08/2017 - D – C:\Program Files\AutoHotkey =>.Chicony Multimedia
                                        O43 - CFD: 26/06/2017 - AD – C:\Program Files\CCleaner =>.Piriform Ltd
                                        O43 - CFD: 04/06/2017 - D – C:\Program Files\Common Files =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\Program Files\CONEXANT =>.Conexant Systems, Inc.®
                                        O43 - CFD: 07/12/2014 - D – C:\Program Files\DIFX =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - AD – C:\Program Files\Dolby Digital Plus =>.Dolby Laboratories Inc
                                        O43 - CFD: 04/06/2017 - D – C:\Program Files\Elantech =>.ELAN Microelectronics Corporation®
                                        O43 - CFD: 04/06/2017 - D – C:\Program Files\Intel =>.Intel Corporation
                                        O43 - CFD: 05/06/2017 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
                                        O43 - CFD: 25/10/2016 - [0] D – C:\Program Files\Leapdroid =>.Leapdroid
                                        O43 - CFD: 03/08/2017 - D – C:\Program Files\lenovo =>.Lenovo
                                        O43 - CFD: 01/06/2017 - D – C:\Program Files\Malwarebytes =>.Malwarebytes
                                        O43 - CFD: 09/11/2016 - D – C:\Program Files\Microsoft Office =>.Microsoft Corporation
                                        O43 - CFD: 05/06/2017 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
                                        O43 - CFD: 18/08/2014 - D – C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
                                        O43 - CFD: 05/06/2017 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
                                        O43 - CFD: 03/08/2017 - D – C:\Program Files\Subtitle Edit =>.Nikse
                                        O43 - CFD: 04/06/2017 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
                                        O43 - CFD: 31/05/2017 - AD – C:\Program Files\UNP =>.Microsoft Corporation
                                        O43 - CFD: 12/07/2017 - RD – C:\Program Files\Windows Defender =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Program Files\Windows Defender Advanced Threat Protection =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
                                        O43 - CFD: 12/07/2017 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Program Files\Windows Security =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - SHD – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
                                        O43 - CFD: 08/08/2017 - HD – C:\Program Files\WindowsApps =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
                                        O43 - CFD: 03/08/2017 - D – C:\Program Files\WinRAR =>.win.rar GmbH®
                                        O43 - CFD: 10/08/2015 - D – C:\Program Files (x86)\Adobe =>.Adobe Systems Incorporated®
                                        O43 - CFD: 04/06/2017 - AD – C:\Program Files (x86)\AMD =>.Advanced Micro Devices, Inc.®
                                        O43 - CFD: 09/08/2015 - D – C:\Program Files (x86)\AMD AVT =>.Advanced Micro Devices Inc
                                        O43 - CFD: 09/08/2015 - AD – C:\Program Files (x86)\ATI Technologies =>.ATI Technologies
                                        O43 - CFD: 30/03/2015 - [0] D – C:\Program Files (x86)\Belarc =>.Belarc, Inc.
                                        O43 - CFD: 03/08/2017 - D – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
                                        O43 - CFD: 18/08/2014 - D – C:\Program Files (x86)\Cooler_PC
                                        O43 - CFD: 18/08/2014 - D – C:\Program Files (x86)\CyberLink =>.CyberLink Corporation
                                        O43 - CFD: 12/10/2016 - D – C:\Program Files (x86)\FreeCodecPack =>.Free Codec Pack
                                        O43 - CFD: 17/08/2014 - D – C:\Program Files (x86)\FreeTime =>.FreeTime
                                        O43 - CFD: 03/10/2015 - D – C:\Program Files (x86)\Google =>.Google Inc®
                                        O43 - CFD: 03/08/2017 - HD – C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield
                                        O43 - CFD: 07/12/2014 - D – C:\Program Files (x86)\Intel =>.Intel Corporation
                                        O43 - CFD: 26/06/2017 - D – C:\Program Files (x86)\Internet Download Manager =>.Tonec Inc
                                        O43 - CFD: 05/06/2017 - D – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
                                        O43 - CFD: 03/08/2017 - D – C:\Program Files (x86)\Java =>.Oracle
                                        O43 - CFD: 17/08/2014 - D – C:\Program Files (x86)\K-Lite Codec Pack =>.KLite Inc
                                        O43 - CFD: 03/08/2017 - D – C:\Program Files (x86)\Lenovo =>.Lenovo
                                        O43 - CFD: 02/06/2016 - [0] D – C:\Program Files (x86)\Microsoft =>.Microsoft Corporation
                                        O43 - CFD: 09/11/2016 - D – C:\Program Files (x86)\Microsoft Analysis Services =>.Microsoft Corporation
                                        O43 - CFD: 09/11/2016 - D – C:\Program Files (x86)\Microsoft SQL Server Compact Edition =>.Microsoft Corporation
                                        O43 - CFD: 09/11/2016 - D – C:\Program Files (x86)\Microsoft Synchronization Services =>.Microsoft Corporation
                                        O43 - CFD: 06/05/2015 - D – C:\Program Files (x86)\Microsoft XNA =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
                                        O43 - CFD: 03/08/2017 - AD – C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
                                        O43 - CFD: 03/08/2017 - D – C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla
                                        O43 - CFD: 05/06/2017 - D – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\Program Files (x86)\MSXML 4.0 =>.Microsoft Corporation
                                        O43 - CFD: 09/04/2015 - D – C:\Program Files (x86)\Nitro PDF =>.Nitro PDF Software®
                                        O43 - CFD: 18/08/2014 - D – C:\Program Files (x86)\NSIS Uninstall Information =>.MSIS
                                        O43 - CFD: 06/02/2017 - D – C:\Program Files (x86)\OpenAL =>.Open Audio Library
                                        O43 - CFD: 17/02/2015 - D – C:\Program Files (x86)\OTELNP
                                        O43 - CFD: 17/08/2014 - D – C:\Program Files (x86)\QT Lite
                                        O43 - CFD: 17/08/2014 - D – C:\Program Files (x86)\R-Studio =>.R-Tools Technology Inc.®
                                        O43 - CFD: 22/06/2016 - [0] D – C:\Program Files (x86)\Raptr =>.Raptr
                                        O43 - CFD: 25/07/2016 - D – C:\Program Files (x86)\Raptr Inc =>.Raptr Inc.
                                        O43 - CFD: 09/08/2015 - D – C:\Program Files (x86)\Realtek =>.Realtek
                                        O43 - CFD: 14/02/2015 - D – C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver =>.Realtek Semiconductor Corp.
                                        O43 - CFD: 05/06/2017 - D – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
                                        O43 - CFD: 27/02/2016 - D – C:\Program Files (x86)\Rosetta Stone =>.Rosetta Stone Ltd®
                                        O43 - CFD: 27/02/2016 - AD – C:\Program Files (x86)\RosettaStoneLtdServices =>.Rosetta Stone Ltd®
                                        O43 - CFD: 25/10/2016 - RD – C:\Program Files (x86)\Skype =>.Skype
                                        O43 - CFD: 07/08/2017 - D – C:\Program Files (x86)\Tweaking.com =>.Tweaking LLC®
                                        O43 - CFD: 07/08/2017 - [0] HD – C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\Program Files (x86)\USB Disk Security =>.FlashPeak Inc
                                        O43 - CFD: 03/08/2017 - D – C:\Program Files (x86)\USB Vibration =>.InstallShield Software Corporation®
                                        O43 - CFD: 23/02/2015 - D – C:\Program Files (x86)\Vimicro =>.Vimicro
                                        O43 - CFD: 29/03/2015 - D – C:\Program Files (x86)\Virtual Router =>.CodePlex
                                        O43 - CFD: 05/06/2017 - D – C:\Program Files (x86)\VulkanRT =>.LunarG, Inc
                                        O43 - CFD: 12/07/2017 - D – C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
                                        O43 - CFD: 12/07/2017 - D – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - SHD – C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip =>.Igor Pavlov
                                        O43 - CFD: 19/03/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
                                        O43 - CFD: 12/07/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
                                        O43 - CFD: 12/07/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
                                        O43 - CFD: 25/07/2016 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved =>.AMD Gaming Evolved
                                        O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
                                        O43 - CFD: 05/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings =>.Advanced Micro Devices Inc
                                        O43 - CFD: 03/08/2017 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft =>.Anvisoft
                                        O43 - CFD: 03/08/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey =>.Chicony Multimedia
                                        O43 - CFD: 04/09/2015 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BufferZone
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
                                        O43 - CFD: 03/08/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management =>.Kovid Goyal
                                        O43 - CFD: 26/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant =>.Conexant
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14 =>.CyberLink Corporation
                                        O43 - CFD: 09/08/2015 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin =>.Dolphin DevTeam
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ese Software
                                        O43 - CFD: 14/06/2017 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstaTrader
                                        O43 - CFD: 04/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel =>.Intel Corporation
                                        O43 - CFD: 26/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager =>.Tonec Inc
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IP Camera Adapter =>.DeskShare Inc
                                        O43 - CFD: 03/08/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack =>.KLite Inc
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler =>.QFX Software
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo =>.Lenovo
                                        O43 - CFD: 19/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes =>.Malwarebytes
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader - EXNESS
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Recording Player
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
                                        O43 - CFD: 17/08/2014 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 =>.Google Inc.
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QT Lite
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr =>.Raptr
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone =>.Rosetta Stone
                                        O43 - CFD: 07/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie =>.Sandboxie
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
                                        O43 - CFD: 19/03/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
                                        O43 - CFD: 03/08/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit =>.Nikse
                                        O43 - CFD: 19/03/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
                                        O43 - CFD: 07/08/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com =>.Tweaking.com
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security =>.FlashPeak Inc
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLan Team
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vimicro USB PC Camera (ZC0301PLH)
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ =>.Atomix Production
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1 =>.Kronos Group
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack =>.HTTrack
                                        O43 - CFD: 03/08/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Data Recovery =>.WiseCleaner.com, Inc
                                        O43 - CFD: 17/08/2014 - D – C:\ProgramData\ACD Systems =>.ACD Systems Ltd
                                        O43 - CFD: 23/03/2015 - D – C:\ProgramData\Adobe =>.Adobe
                                        O43 - CFD: 05/06/2017 - D – C:\ProgramData\AMD =>.AMD
                                        O43 - CFD: 04/03/2016 - D – C:\ProgramData\Anvisoft =>.Anvisoft
                                        O43 - CFD: 17/08/2014 - D – C:\ProgramData\Apple Computer =>.Apple Inc.
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
                                        O43 - CFD: 22/06/2016 - D – C:\ProgramData\ATI =>.ATI
                                        O43 - CFD: 07/08/2016 - [0] D – C:\ProgramData\BlueStacksSetup =>.BlueStack Systems, Inc.
                                        O43 - CFD: 16/07/2016 - [0] D – C:\ProgramData\Comms =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\Conexant =>.Conexant
                                        O43 - CFD: 19/03/2015 - D – C:\ProgramData\CyberLink =>.CyberLink Corporation
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
                                        O43 - CFD: 07/12/2014 - D – C:\ProgramData\Downloaded Installations =>.Microsoft Corporation
                                        O43 - CFD: 03/06/2015 - D – C:\ProgramData\Energy Manager =>.Lenovo
                                        O43 - CFD: 27/02/2016 - D – C:\ProgramData\FLEXnet =>.Flexera Software
                                        O43 - CFD: 05/06/2016 - D – C:\ProgramData\Foxit ContentPlatform =>.Foxit Corporation
                                        O43 - CFD: 12/07/2017 - [0] D – C:\ProgramData\Foxit Software =>.Foxit Software
                                        O43 - CFD: 01/11/2015 - D – C:\ProgramData\Fugazo =>.Games Software
                                        O43 - CFD: 26/03/2015 - D – C:\ProgramData\HitmanPro =>.EIDOS hitman Game
                                        O43 - CFD: 26/06/2017 - [0] D – C:\ProgramData\IDM =>.IDM
                                        O43 - CFD: 18/08/2014 - D – C:\ProgramData\install_clap =>.Microsoft Corporation
                                        O43 - CFD: 07/12/2014 - D – C:\ProgramData\Intel =>.Intel Corporation
                                        O43 - CFD: 12/12/2016 - D – C:\ProgramData\iSkysoft =>.iSkySoft
                                        O43 - CFD: 12/10/2016 - D – C:\ProgramData\iSkysoft Application Common Data
                                        O43 - CFD: 12/12/2016 - D – C:\ProgramData\iSkysoft iTube Studio
                                        O43 - CFD: 03/04/2015 - D – C:\ProgramData\KONAMI =>.Konami
                                        O43 - CFD: 11/03/2017 - D – C:\ProgramData\Lenovo =>.Lenovo
                                        O43 - CFD: 03/08/2017 - D – C:\ProgramData\MAGIX =>.Magix
                                        O43 - CFD: 01/06/2017 - D – C:\ProgramData\Malwarebytes =>.Malwarebytes
                                        O43 - CFD: 24/03/2015 - D – C:\ProgramData\MetaQuotes
                                        O43 - CFD: 07/10/2016 - D – C:\ProgramData\mgs
                                        O43 - CFD: 04/07/2017 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
                                        O43 - CFD: 13/03/2017 - D – C:\ProgramData\Microsoft Help =>.Microsoft Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\ProgramData\Microsoft Toolkit =>.Microsoft Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\ProgramData\Mozilla =>.Mozilla Corporation
                                        O43 - CFD: 25/04/2016 - D – C:\ProgramData\Nero =>.Ahead Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\ProgramData\Nitro =>.Nitro
                                        O43 - CFD: 28/03/2015 - D – C:\ProgramData\Office Genuine Advantage =>.Microsoft Corporation
                                        O43 - CFD: 03/07/2015 - D – C:\ProgramData\Oracle =>.Oracle
                                        O43 - CFD: 03/08/2017 - D – C:\ProgramData\Package Cache =>.Microsoft Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\ProgramData\PDVD =>.PDVD
                                        O43 - CFD: 25/03/2015 - D – C:\ProgramData\QFX Software =>.QFX Software
                                        O43 - CFD: 07/12/2014 - D – C:\ProgramData\Qualcomm Atheros =>.Qualcomm Atheros
                                        O43 - CFD: 31/07/2015 - D – C:\ProgramData\Realtek =>.Realtek
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\regid.1986-12.com.adobe =>.Adobe Inc.
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
                                        O43 - CFD: 25/03/2015 - D – C:\ProgramData\RELOADED
                                        O43 - CFD: 31/08/2015 - D – C:\ProgramData\Riot Games =>.Riot Games
                                        O43 - CFD: 08/08/2017 - D – C:\ProgramData\RogueKiller =>.Adlice Software
                                        O43 - CFD: 27/02/2016 - D – C:\ProgramData\Rosetta Stone =>.Rosetta Stone
                                        O43 - CFD: 27/02/2016 - D – C:\ProgramData\Rosetta Stone Backups
                                        O43 - CFD: 27/02/2016 - D – C:\ProgramData\RosettaStoneLtdServices
                                        O43 - CFD: 24/02/2015 - D – C:\ProgramData\Skype =>.Skype
                                        O43 - CFD: 19/03/2017 - [0] D – C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
                                        O43 - CFD: 03/06/2015 - D – C:\ProgramData\Steam =>.Steam Games
                                        O43 - CFD: 03/08/2017 - D – C:\ProgramData\Sun =>.Oracle
                                        O43 - CFD: 18/08/2014 - D – C:\ProgramData\SUPPORTDIR =>.Microsoft Corporation
                                        O43 - CFD: 02/02/2015 - D – C:\ProgramData\Synaptics =>.Synaptics
                                        O43 - CFD: 02/11/2015 - AD – C:\ProgramData\Temp =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\USOPrivate =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\ProgramData\USOShared =>.Microsoft Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\ProgramData\VS Revo Group =>.VS Revo Group
                                        O43 - CFD: 19/03/2017 - D – C:\ProgramData\WindowsHolographicDevices =>.Microsoft Corporation
                                        O43 - CFD: 27/05/2015 - D – C:\ProgramData\X360CE =>.Microsoft Corporation
                                        O43 - CFD: 23/03/2015 - D – C:\Program Files (x86)\Common Files\Adobe =>.Adobe
                                        O43 - CFD: 03/08/2017 - AD – C:\Program Files (x86)\Common Files\Adobe AIR =>.Adobe Inc.
                                        O43 - CFD: 04/03/2016 - D – C:\Program Files (x86)\Common Files\Anvisoft =>.Anvisoft
                                        O43 - CFD: 07/12/2014 - D – C:\Program Files (x86)\Common Files\Atheros =>.Qualcomm Atheros
                                        O43 - CFD: 11/05/2015 - D – C:\Program Files (x86)\Common Files\ATI Technologies =>.ATI Technologies
                                        O43 - CFD: 09/11/2016 - AD – C:\Program Files (x86)\Common Files\DESIGNER =>.Designer
                                        O43 - CFD: 09/03/2015 - HD – C:\Program Files (x86)\Common Files\EAInstaller =>.Electronic Arts, Inc.
                                        O43 - CFD: 22/02/2016 - D – C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
                                        O43 - CFD: 04/06/2017 - D – C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation
                                        O43 - CFD: 03/08/2017 - D – C:\Program Files (x86)\Common Files\Java =>.Oracle
                                        O43 - CFD: 22/05/2015 - D – C:\Program Files (x86)\Common Files\Macrovision Shared =>.Rovi Corporation
                                        O43 - CFD: 04/06/2017 - AD – C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
                                        O43 - CFD: 25/04/2016 - D – C:\Program Files (x86)\Common Files\Nero =>.Ahead Corporation
                                        O43 - CFD: 07/12/2014 - D – C:\Program Files (x86)\Common Files\postureAgent =>.Microsoft Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\Program Files (x86)\Common Files\PX Storage Engine =>.Sonic Solutions
                                        O43 - CFD: 19/03/2017 - D – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
                                        O43 - CFD: 14/02/2015 - AD – C:\Program Files (x86)\Common Files\Skype =>.Skype
                                        O43 - CFD: 04/06/2017 - D – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Roaming\ACD Systems =>.ACD Systems Ltd
                                        O43 - CFD: 08/04/2015 - D – C:\Users\USER\AppData\Roaming\Adobe =>.Adobe
                                        O43 - CFD: 11/02/2015 - D – C:\Users\USER\AppData\Roaming\Adobe.ExMan
                                        O43 - CFD: 25/08/2015 - D – C:\Users\USER\AppData\Roaming\AMD =>.AMD
                                        O43 - CFD: 07/12/2014 - D – C:\Users\USER\AppData\Roaming\ATI =>.ATI
                                        O43 - CFD: 27/07/2017 - D – C:\Users\USER\AppData\Roaming\audacity =>.Audacity
                                        O43 - CFD: 08/07/2017 - D – C:\Users\USER\AppData\Roaming\calibre =>.Kovid Goyal
                                        O43 - CFD: 27/02/2016 - D – C:\Users\USER\AppData\Roaming\com.rosettastone.lan guagetraining
                                        O43 - CFD: 19/03/2015 - D – C:\Users\USER\AppData\Roaming\CyberLink =>.CyberLink Corporation
                                        O43 - CFD: 17/02/2017 - D – C:\Users\USER\AppData\Roaming\discordptb
                                        O43 - CFD: 08/08/2017 - D – C:\Users\USER\AppData\Roaming\DMCache =>.DMCache
                                        O43 - CFD: 17/09/2016 - D – C:\Users\USER\AppData\Roaming\dvdcss =>.VideoLan Team
                                        O43 - CFD: 17/04/2015 - D – C:\Users\USER\AppData\Roaming\Ebook Converter =>.ebook Converter
                                        O43 - CFD: 22/02/2016 - D – C:\Users\USER\AppData\Roaming\FarStone =>.FarStone
                                        O43 - CFD: 13/06/2015 - [0] D – C:\Users\USER\AppData\Roaming\fltk.org =>.fltk.org
                                        O43 - CFD: 29/07/2017 - D – C:\Users\USER\AppData\Roaming\Foxit AgentInformation =>.Foxit Corporation
                                        O43 - CFD: 29/07/2017 - D – C:\Users\USER\AppData\Roaming\Foxit Software =>.Foxit Software
                                        O43 - CFD: 01/11/2015 - D – C:\Users\USER\AppData\Roaming\Fugazo =>.Games Software
                                        O43 - CFD: 03/08/2017 - D – C:\Users\USER\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
                                        O43 - CFD: 02/04/2015 - D – C:\Users\USER\AppData\Roaming\Identities =>.Microsoft Corporation
                                        O43 - CFD: 03/08/2017 - D – C:\Users\USER\AppData\Roaming\IDM =>.IDM
                                        O43 - CFD: 24/03/2015 - D – C:\Users\USER\AppData\Roaming\Kalypso Media =>.Kalypso Media
                                        O43 - CFD: 25/10/2016 - AD – C:\Users\USER\AppData\Roaming\Leapdroid =>.Leapdroid
                                        O43 - CFD: 22/06/2016 - D – C:\Users\USER\AppData\Roaming\library_dir =>.library_dir
                                        O43 - CFD: 02/11/2016 - D – C:\Users\USER\AppData\Roaming\LolClient =>.LolClient
                                        O43 - CFD: 08/07/2017 - D – C:\Users\USER\AppData\Roaming\LSC =>.LSC
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Roaming\Macromedia =>.Macromedia
                                        O43 - CFD: 03/08/2017 - D – C:\Users\USER\AppData\Roaming\MAGIX =>.Magix
                                        O43 - CFD: 04/05/2015 - D – C:\Users\USER\AppData\Roaming\MetaQuotes
                                        O43 - CFD: 07/07/2017 - SD – C:\Users\USER\AppData\Roaming\Microsoft =>.Microsoft Corporation
                                        O43 - CFD: 05/06/2015 - D – C:\Users\USER\AppData\Roaming\Mozilla =>.Mozilla Corporation
                                        O43 - CFD: 26/06/2017 - [0] D – C:\Users\USER\AppData\Roaming\MPC-HC =>.MPC-HC Team
                                        O43 - CFD: 28/07/2017 - D – C:\Users\USER\AppData\Roaming\MusicBee
                                        O43 - CFD: 02/02/2015 - D – C:\Users\USER\AppData\Roaming\My Bluetooth =>.Legitimate
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Roaming\Nero =>.Ahead Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Roaming\Nitro =>.Nitro
                                        O43 - CFD: 09/10/2015 - D – C:\Users\USER\AppData\Roaming\OfficeRecovery
                                        O43 - CFD: 11/07/2016 - [0] D – C:\Users\USER\AppData\Roaming\Opera Software =>.Opera Software
                                        O43 - CFD: 21/02/2015 - D – C:\Users\USER\AppData\Roaming\PhotoScape =>.Mooii Tech Software
                                        O43 - CFD: 03/08/2017 - D – C:\Users\USER\AppData\Roaming\PrimoPDF
                                        O43 - CFD: 19/02/2017 - D – C:\Users\USER\AppData\Roaming\ProgReporter
                                        O43 - CFD: 25/03/2015 - D – C:\Users\USER\AppData\Roaming\QFX Software =>.QFX Software
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Roaming\R-TT
                                        O43 - CFD: 15/07/2016 - D – C:\Users\USER\AppData\Roaming\Raptr =>.Raptr
                                        O43 - CFD: 03/08/2017 - D – C:\Users\USER\AppData\Roaming\Samsung =>.Samsung Electronics
                                        O43 - CFD: 09/02/2017 - D – C:\Users\USER\AppData\Roaming\Skype =>.Skype
                                        O43 - CFD: 21/02/2015 - D – C:\Users\USER\AppData\Roaming\StageManager.BD09281 8F67280F4B42B04877600987F0111B594.1
                                        O43 - CFD: 10/05/2015 - D – C:\Users\USER\AppData\Roaming\Steam =>.Steam Games
                                        O43 - CFD: 03/08/2017 - D – C:\Users\USER\AppData\Roaming\Subtitle Edit =>.Nikse
                                        O43 - CFD: 03/08/2017 - D – C:\Users\USER\AppData\Roaming\Sun =>.Oracle
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Roaming\TeamViewer =>.TeamViewer GmbH
                                        O43 - CFD: 02/06/2016 - D – C:\Users\USER\AppData\Roaming\The Creative Assembly =>.The Creative Assembly
                                        O43 - CFD: 30/10/2015 - D – C:\Users\USER\AppData\Roaming\Vitzo =>.Vitzo Ltd
                                        O43 - CFD: 08/08/2017 - D – C:\Users\USER\AppData\Roaming\vlc =>.VideoLan Team
                                        O43 - CFD: 25/03/2015 - D – C:\Users\USER\AppData\Roaming\WinRAR =>.WinRAR
                                        O43 - CFD: 28/06/2016 - D – C:\Users\USER\AppData\Roaming\Wise Data Recovery =>.WiseCleaner.com, Inc
                                        O43 - CFD: 08/08/2016 - D – C:\Users\USER\AppData\Roaming\yiwanzhushou
                                        O43 - CFD: 08/08/2017 - D – C:\Users\USER\AppData\Roaming\ZHP =>.Nicolas Coolman
                                        O43 - CFD: 12/10/2016 - D – C:\Users\USER\AppData\Local\4kdownload.com =>.4kdownload.com
                                        O43 - CFD: 16/07/2016 - [0] D – C:\Users\USER\AppData\Local\ActiveSync =>.Microsoft Corporation
                                        O43 - CFD: 06/03/2017 - D – C:\Users\USER\AppData\Local\Adobe =>.Adobe
                                        O43 - CFD: 05/06/2017 - D – C:\Users\USER\AppData\Local\AMD =>.AMD
                                        O43 - CFD: 05/06/2015 - D – C:\Users\USER\AppData\Local\Ankama =>.Ankama
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\Users\USER\AppData\Local\Application Data =>.Microsoft Corporation
                                        O43 - CFD: 07/12/2014 - D – C:\Users\USER\AppData\Local\ATI =>.ATI
                                        O43 - CFD: 28/04/2017 - D – C:\Users\USER\AppData\Local\Audacity =>.Audacity
                                        O43 - CFD: 07/08/2016 - D – C:\Users\USER\AppData\Local\Bluestacks =>.BlueStack Systems, Inc.
                                        O43 - CFD: 02/02/2015 - D – C:\Users\USER\AppData\Local\BMExplorer =>.BMExplorer
                                        O43 - CFD: 18/04/2015 - [0] D – C:\Users\USER\AppData\Local\calibre-cache =>.Kovid Goyal
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Local\Chris_Pietschmann_(htt p__
                                        O43 - CFD: 21/08/2015 - D – C:\Users\USER\AppData\Local\Comms =>.Microsoft Corporation
                                        O43 - CFD: 02/04/2015 - D – C:\Users\USER\AppData\Local\Conexant =>.Conexant
                                        O43 - CFD: 10/02/2017 - D – C:\Users\USER\AppData\Local\ConnectedDevicesPlatfo rm =>.Microsoft Corporation
                                        O43 - CFD: 25/04/2016 - [0] D – C:\Users\USER\AppData\Local\CrashDumps =>.Microsoft Corporation
                                        O43 - CFD: 18/08/2014 - D – C:\Users\USER\AppData\Local\CyberLink =>.CyberLink Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Local\Cyberlink SoftDMA =>.CyberLink Corporation
                                        O43 - CFD: 29/03/2016 - [0] D – C:\Users\USER\AppData\Local\Daedalic Entertainment GmbH =>.Daedalic Entertainment GmbH
                                        O43 - CFD: 03/06/2015 - D – C:\Users\USER\AppData\Local\Darksiders2
                                        O43 - CFD: 04/06/2017 - [0] D – C:\Users\USER\AppData\Local\DBG =>.DBG
                                        O43 - CFD: 10/07/2017 - [0] D – C:\Users\USER\AppData\Local\Diagnostics =>.Microsoft Corporation
                                        O43 - CFD: 18/08/2014 - D – C:\Users\USER\AppData\Local\Downloaded Installations =>.Microsoft Corporation
                                        O43 - CFD: 15/01/2017 - [0] D – C:\Users\USER\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
                                        O43 - CFD: 17/02/2015 - SHD – C:\Users\USER\AppData\Local\EmieBrowserModeList =>.Enterprise mode Site List Mgr
                                        O43 - CFD: 06/09/2015 - [0] SHD – C:\Users\USER\AppData\Local\EmieSiteList =>.Enterprise mode Site List Mgr
                                        O43 - CFD: 06/09/2015 - [0] SHD – C:\Users\USER\AppData\Local\EmieUserList =>.Enterprise mode Site List Mgr
                                        O43 - CFD: 10/05/2015 - D – C:\Users\USER\AppData\Local\EMU =>.Games Software
                                        O43 - CFD: 17/04/2015 - D – C:\Users\USER\AppData\Local\ERW
                                        O43 - CFD: 29/04/2015 - D – C:\Users\USER\AppData\Local\Foxit Reader =>.Foxit Corporation
                                        O43 - CFD: 09/08/2016 - D – C:\Users\USER\AppData\Local\Genymobile =>.Genymobile
                                        O43 - CFD: 25/11/2016 - D – C:\Users\USER\AppData\Local\Google =>.Google
                                        O43 - CFD: 02/06/2015 - D – C:\Users\USER\AppData\Local\GWX =>.GWX
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\Users\USER\AppData\Local\History =>.Microsoft Corporation
                                        O43 - CFD: 02/02/2015 - D – C:\Users\USER\AppData\Local\Intel_Corporation =>.Intel Corporation
                                        O43 - CFD: 30/01/2016 - D – C:\Users\USER\AppData\Local\joeglens.wordpress.com
                                        O43 - CFD: 08/08/2016 - D – C:\Users\USER\AppData\Local\Leapdroid =>.Leapdroid
                                        O43 - CFD: 30/09/2016 - D – C:\Users\USER\AppData\Local\Lenovo =>.Lenovo
                                        O43 - CFD: 25/03/2015 - D – C:\Users\USER\AppData\Local\Macromedia =>.Macromedia
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Local\MediaServer =>.MediaServer
                                        O43 - CFD: 07/08/2017 - D – C:\Users\USER\AppData\Local\Microsoft =>.Microsoft Corporation
                                        O43 - CFD: 30/12/2016 - D – C:\Users\USER\AppData\Local\Microsoft Help =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\Users\USER\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
                                        O43 - CFD: 28/03/2015 - D – C:\Users\USER\AppData\Local\Mozilla =>.Mozilla Corporation
                                        O43 - CFD: 10/02/2017 - D – C:\Users\USER\AppData\Local\My Games =>.My Games
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Local\Nero =>.Ahead Corporation
                                        O43 - CFD: 20/08/2015 - [0] D – C:\Users\USER\AppData\Local\NetworkTiles =>.NetworkTiles
                                        O43 - CFD: 11/07/2016 - [0] D – C:\Users\USER\AppData\Local\Opera Software =>.Opera Software
                                        O43 - CFD: 04/06/2017 - D – C:\Users\USER\AppData\Local\Packages =>.Microsoft Corporation
                                        O43 - CFD: 10/08/2015 - [0] D – C:\Users\USER\AppData\Local\PeerDistRepub =>.Microsoft Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Local\Programs =>.Microsoft Corporation
                                        O43 - CFD: 09/08/2015 - D – C:\Users\USER\AppData\Local\Publishers =>.Microsoft Corporation
                                        O43 - CFD: 27/07/2017 - D – C:\Users\USER\AppData\Local\Recovery =>.Recovery Labs
                                        O43 - CFD: 02/06/2016 - D – C:\Users\USER\AppData\Local\SKIDROW =>.SKIDROW
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Local\Skype =>.Skype
                                        O43 - CFD: 19/10/2015 - D – C:\Users\USER\AppData\Local\Skyrim =>.Skyrim Games
                                        O43 - CFD: 17/02/2017 - D – C:\Users\USER\AppData\Local\SquirrelTemp =>.Squirrels
                                        O43 - CFD: 08/08/2017 - D – C:\Users\USER\AppData\Local\Temp =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\Users\USER\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                        O43 - CFD: 09/08/2015 - D – C:\Users\USER\AppData\Local\TileDataLayer =>.Microsoft Corporation
                                        O43 - CFD: 01/06/2017 - D – C:\Users\USER\AppData\Local\UNP =>.Microsoft Corporation
                                        O43 - CFD: 20/09/2016 - D – C:\Users\USER\AppData\Local\VirtualStore =>.Microsoft Corporation
                                        O43 - CFD: 17/08/2014 - D – C:\Users\USER\AppData\Local\VS Revo Group =>.VS Revo Group
                                        O43 - CFD: 08/08/2017 - D – C:\Users\USER\AppData\Local\ZHP =>.Nicolas Coolman
                                        O43 - CFD: 17/08/2014 - [0] D – C:\Users\USER\AppData\Local\Programs\Common =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - RD – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessibility =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - RD – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories =>.Microsoft Corporation
                                        O43 - CFD: 12/07/2017 - RD – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Administrative Tools =>.Administrative Tools
                                        O43 - CFD: 04/06/2017 - D – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\FormatFactory =>.FormatFactory
                                        O43 - CFD: 17/02/2017 - [0] D – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Hammer & Chisel, Inc =>.Hammer & Chisel, Inc
                                        O43 - CFD: 26/06/2017 - D – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Internet Download Manager =>.Tonec Inc
                                        O43 - CFD: 29/07/2017 - D – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\JDownloader =>.JDownloader
                                        O43 - CFD: 19/03/2017 - D – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Maintenance =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - D – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\MusicBee
                                        O43 - CFD: 04/06/2017 - D – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\OTELNP
                                        O43 - CFD: 04/06/2017 - D – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\R-Studio
                                        O43 - CFD: 12/07/2017 - RD – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - RD – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\System Tools =>.Microsoft Corporation
                                        O43 - CFD: 16/04/2015 - [0] D – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Virtual DJ =>.Atomix Production
                                        O43 - CFD: 19/03/2017 - RD – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows PowerShell =>.Microsoft Corporation
                                        O43 - CFD: 03/08/2017 - D – C:\Users\USER\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\WinRAR =>.WinRAR
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
                                        O43 - CFD: 19/03/2017 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
                                        O43 - CFD: 04/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                        O43 - CFD: 07/08/2017 - D – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
                                        O43 - CFD: 22/07/2017 - – C:\WINDOWS\System32\Config\systemprofile\AppData\R oaming\Foxit Software =>.Foxit Software

                                        —\ Image File Execution Options (17) - 1s
                                        O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                        O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\3] =>.Microsoft Windows®
                                        O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                        O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\256] =>.Microsoft Corporation
                                        O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\256] =>.Microsoft Corporation
                                        O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                        O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\256] =>.Microsoft Corporation
                                        O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\256] =>.Microsoft Corporation
                                        O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\1118481] =>.Microsoft Corporation
                                        O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\2097152] =>.Microsoft Corporation
                                        O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                        O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\4294967296] =>.Microsoft Corporation
                                        O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                        O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                        O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\2097152] =>.Microsoft Corporation
                                        O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\32768] =>.Microsoft Windows Publisher®
                                        O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation

                                        —\ System Drivers List (85) - 18s
                                        O58 - SDL:2017/06/03 13:35:44 A . (.Malwarebytes - Malwarebytes SwissArmy.) – C:\WINDOWS\System32\drivers\110C1792.sys [252832] =>.Malwarebytes Corporation®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.LSI - LSI 3ware SCSI Storport Driver.) – C:\WINDOWS\System32\drivers\3ware.sys [107424] =>.Microsoft Windows®
                                        O58 - SDL:2017/06/03 13:36:48 A . (.Malwarebytes - Malwarebytes SwissArmy.) – C:\WINDOWS\System32\drivers\59E9189A.sys [252832] =>.Malwarebytes Corporation®
                                        O58 - SDL:2014/12/07 14:36:36 A . (.Lenovo Corporation - ACPI Virtual Power Controller Driver.) – C:\WINDOWS\System32\drivers\AcpiVpc.sys [35600] =>.Lenovo (Beijing) Limited®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) – C:\WINDOWS\System32\drivers\adp80xx.sys [1135512] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) – C:\WINDOWS\System32\drivers\amdsata.sys [83352] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\WINDOWS\System32\drivers\amdsbs.sys [259488] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\WINDOWS\System32\drivers\amdxata.sys [27040] =>.Microsoft Windows®
                                        O58 - SDL:2015/02/09 14:24:24 A . (.AnviSoft.com - Anvi Folder Protect Filter Driver.) – C:\WINDOWS\System32\drivers\AnviFPFltd.sys [28568] =>.Anvei Technology Co., LTD®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
                                        O58 - SDL:2016/08/04 02:48:20 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) – C:\WINDOWS\System32\drivers\atikmdag.sys [26706464] =>.Microsoft Windows Hardware Compatibility Publisher®
                                        O58 - SDL:2016/08/04 02:48:16 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) – C:\WINDOWS\System32\drivers\atikmpag.sys [518176] =>.Microsoft Windows Hardware Compatibility Publisher®
                                        O58 - SDL:2015/09/28 23:53:15 A . (.Sysprogs OU - WinCDEmu virtual CDROM bus.) – C:\WINDOWS\System32\drivers\BazisVirtualCDBus.sys [172376] =>.Sysprogs OU®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) – C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
                                        O58 - SDL:2017/03/19 02:41:23 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) – C:\WINDOWS\System32\drivers\bxvbda.sys [533920] =>.Microsoft Windows®
                                        O58 - SDL:2015/10/08 13:49:26 A . (.Conexant Systems Inc. - 64-bit High Definition Audio Function Drive.) – C:\WINDOWS\System32\drivers\CHDRT64.sys [1561728] =>.Conexant Systems, Inc.®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) – C:\WINDOWS\System32\drivers\cht4dx64.sys [102816] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) – C:\WINDOWS\System32\drivers\cht4sx64.sys [347032] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) – C:\WINDOWS\System32\drivers\cht4vx64.sys [2104224] =>.Microsoft Windows®
                                        O58 - SDL:2015/08/24 21:55:05 A . (.ELAN Microelectronics Corp. - ETD Kernel Center.) – C:\WINDOWS\System32\drivers\ETD.sys [467032] =>.ELAN MICROELECTRONICS CORPORATION®
                                        O58 - SDL:2017/03/19 02:41:23 A . (.QLogic Corporation - QLogic 10 GigE VBD.) – C:\WINDOWS\System32\drivers\evbda.sys [3419040] =>.Microsoft Windows®
                                        O58 - SDL:2017/06/01 14:19:40 A . (.Malwarebytes - Malwarebytes Anti-Ransomware Protection.) – C:\WINDOWS\System32\drivers\farflt.sys [113592] =>.Malwarebytes Corporation®
                                        O58 - SDL:2008/10/29 08:47:02 A . (.FarStone Inc. - FarStone Bus Enumerator.) – C:\WINDOWS\System32\drivers\FCDABUS.SYS [24592] =>.Farstone Technology Inc®
                                        O58 - SDL:2009/12/23 17:33:50 A . (.FarStone Inc. - FarStone SCSI Miniport.) – C:\WINDOWS\System32\drivers\FVXSCSI.SYS [118360] {02AFB82ABDED8F860823C142D94AB36B} =>.FarStone Inc.
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\WINDOWS\System32\drivers\HpSAMD.sys [64416] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:28 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
                                        O58 - SDL:2017/03/19 02:41:28 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) – C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
                                        O58 - SDL:2017/03/19 02:41:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656] =>.Intel Corporation
                                        O58 - SDL:2017/03/19 02:41:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.s ys [85504] =>.Intel Corporation
                                        O58 - SDL:2017/03/19 02:41:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376] =>.Intel Corporation
                                        O58 - SDL:2017/03/19 02:41:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448] =>.Intel Corporation
                                        O58 - SDL:2017/03/19 02:41:23 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
                                        O58 - SDL:2017/03/19 02:41:19 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
                                        O58 - SDL:2017/03/19 02:41:26 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) – C:\WINDOWS\System32\drivers\iaStorAV.sys [673184] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Mellanox - InfiniBand Fabric Bus Driver.) – C:\WINDOWS\System32\drivers\ibbus.sys [526240] =>.Microsoft Windows®
                                        O58 - SDL:2017/06/08 22:00:14 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) – C:\WINDOWS\System32\drivers\idmwfp.sys [223432] =>.Tonec Inc.®
                                        O58 - SDL:2017/06/12 01:56:24 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) – C:\WINDOWS\System32\drivers\igdkmd64.sys [7970232] =>.Intel(R) pGFX®
                                        O58 - SDL:2016/08/21 21:45:38 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) – C:\WINDOWS\System32\drivers\IntcDAud.sys [481768] =>.Intel(R) OWR®
                                        O58 - SDL:2013/10/29 06:53:35 A . (.Intel Corporation - Intel® WiDi Solution.) – C:\WINDOWS\System32\drivers\intelaud.sys [39320] =>.Intel Wireless Display®
                                        O58 - SDL:2013/10/29 06:53:35 A . (.Intel Corporation - Intel® WiDi Solution.) – C:\WINDOWS\System32\drivers\iwdbus.sys [27032] =>.Intel Wireless Display®
                                        O58 - SDL:2015/06/03 19:28:30 A . (.QFX Software Corporation - KeyScrambler Keyboard Encryption Driver.) – C:\WINDOWS\System32\drivers\keyscrambler.sys [224208] =>.QFX Software Corporation®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas.sys [108960] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas2i.sys [123808] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas3i.sys [103328] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
                                        O58 - SDL:2017/05/31 11:09:14 A . (…) – C:\WINDOWS\System32\drivers\mbae64.sys [77376] =>.Malwarebytes Corporation®
                                        O58 - SDL:2017/06/01 14:19:31 A . (.Malwarebytes - Malwarebytes Real-Time Protection.) – C:\WINDOWS\System32\drivers\mbam.sys [44960] =>.Malwarebytes Corporation®
                                        O58 - SDL:2017/06/01 14:19:48 A . (.Malwarebytes - Malwarebytes Chameleon.) – C:\WINDOWS\System32\drivers\MBAMChameleon.sys [188312] =>.Malwarebytes Corporation®
                                        O58 - SDL:2017/07/03 18:59:10 A . (.Malwarebytes - Malwarebytes SwissArmy.) – C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832] =>.Malwarebytes Corporation®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\megasas.sys [59808] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\MegaSas2i.sys [64416] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\WINDOWS\System32\drivers\megasr.sys [575904] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Mellanox - MLX4 Bus Driver.) – C:\WINDOWS\System32\drivers\mlx4_bus.sys [842656] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) – C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
                                        O58 - SDL:2017/06/01 14:21:39 A . (.Malwarebytes - Malwarebytes Web Protection.) – C:\WINDOWS\System32\drivers\mwac.sys [93600] =>.Malwarebytes Corporation®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Mellanox - NetworkDirect Support Filter Driver.) – C:\WINDOWS\System32\drivers\ndfltr.sys [108960] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\WINDOWS\System32\drivers\nvraid.sys [150432] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas2i.sys [58784] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
                                        O58 - SDL:2015/08/09 13:04:05 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.40 64-bit Dr.) – C:\WINDOWS\System32\drivers\rt640x64.sys [886528] =>.Realtek Semiconductor Corp®
                                        O58 - SDL:2015/06/04 11:41:30 A . (.Realtek Semiconductor Corporation - Realtek Bluetooth Filter Driver.) – C:\WINDOWS\System32\drivers\RtkBtfilter.sys [615728] =>.Realtek Semiconductor Corp®
                                        O58 - SDL:2015/08/10 18:22:26 A . (.Realsil Semiconductor Corporation - RTS USB READER Driver.) – C:\WINDOWS\System32\drivers\RtsUer.sys [410880] =>.Realtek Semiconductor Corp®
                                        O58 - SDL:2015/08/10 18:22:12 A . (.Realtek Semiconductor Corp. - Realtek UVC Driver for Vista/Win7/Win8/Win8.) – C:\WINDOWS\System32\drivers\rtsuvc.sys [3068160] =>.Realtek Semiconductor Corp®
                                        O58 - SDL:2013/08/08 14:12:54 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/V.) – C:\WINDOWS\System32\drivers\RtsUVStor.sys [329944] =>.Realtek Semiconductor Corp®
                                        O58 - SDL:2017/03/19 02:41:20 A . (.Realtek Semiconductor Corporation - Realtek PCIE NDIS Driver 47528 20362.) – C:\WINDOWS\System32\drivers\rtwlane.sys [6320640] =>.Realtek Semiconductor Corporation
                                        O58 - SDL:2017/03/19 02:41:26 A . (…) – C:\WINDOWS\System32\drivers\SDFRd.sys [31128] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid2.sys [44960] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid4.sys [81824] =>.Microsoft Windows®
                                        O58 - SDL:2016/09/05 05:47:06 A . (.Samsung Electronics Co., Ltd. - SAMSUNG USB Composite Device Driver.) – C:\WINDOWS\System32\drivers\ssudbus.sys [131712] =>.Samsung Electronics CO., LTD.®
                                        O58 - SDL:2016/09/05 05:47:12 A . (.Samsung Electronics Co., Ltd. - SAMSUNG Android Modem Device Driver.) – C:\WINDOWS\System32\drivers\ssudmdm.sys [165504] =>.Samsung Electronics CO., LTD.®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) – C:\WINDOWS\System32\drivers\stexstor.sys [31136] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:42:24 A . (. - WDM CODEC Class Device Driver 2.0.) – C:\WINDOWS\System32\drivers\stream.sys [75776] =>.Microsoft Corporation
                                        O58 - SDL:2016/04/21 14:55:04 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) – C:\WINDOWS\System32\drivers\tap0901.sys [27136] =>.The OpenVPN Project
                                        O58 - SDL:2017/02/09 16:40:18 A . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) – C:\WINDOWS\System32\drivers\taphss6.sys [42064] =>.AnchorFree Inc®
                                        O58 - SDL:2013/09/17 01:05:12 A . (.Intel Corporation - Intel(R) Management Engine Interface.) – C:\WINDOWS\System32\drivers\TeeDriverx64.sys [99288] =>.Intel Corporation - Intel® Management Engine Firmware®
                                        O58 - SDL:2017/08/08 16:18:24 A . (…) – C:\WINDOWS\System32\drivers\TrueSight.sys [28272] =>.Adlice®
                                        O58 - SDL:2015/09/08 11:47:40 A . (.Oracle Corporation - VirtualBox NDIS 6.0 Host-Only Network Adapt.) – C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [117768] =>.Oracle Corporation®
                                        O58 - SDL:2015/09/08 11:47:40 A . (.Oracle Corporation - VirtualBox NDIS 6.0 Lightweight Filter Driv.) – C:\WINDOWS\System32\drivers\VBoxNetLwf.sys [146072] =>.Oracle Corporation®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\WINDOWS\System32\drivers\vsmraid.sys [166816] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) – C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305568] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Mellanox - Kernel WinMad.) – C:\WINDOWS\System32\drivers\winmad.sys [32160] =>.Microsoft Windows®
                                        O58 - SDL:2017/03/19 02:41:25 A . (.Mellanox - Kernel WinVerbs.) – C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®
                                        O58 - SDL:2013/11/12 22:50:22 A . (.Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN de.) – C:\WINDOWS\System32\athwbx.sys [3880448] =>.Qualcomm Atheros Communications, Inc.

                                        —\ Last modified or created user files (3) - 115s
                                        O61 - LFC: 2017/08/03 22:33:28 A . (..) – C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Prof iles\z94n8t79.default\extensions\adbhelper@mozilla.org\win32\adb.exe [1489920]
                                        O61 - LFC: 2017/08/03 22:33:28 A . (..) – C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Prof iles\z94n8t79.default\extensions\adbhelper@mozilla.org\win32\fastboot.exe [806912]
                                        O61 - LFC: 2017/08/03 15:23:57 A . (..) – C:\Users\USER\Desktop\rsthosts_2.0.exe [353632]

                                        —\ File Associations Shell Spawning (11) - 0s
                                        O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
                                        O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
                                        O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
                                        O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
                                        O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
                                        O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
                                        O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                        O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
                                        O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
                                        O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S
                                        O67 - Shell Spawning: <.html> [HKCU..\open\Command] (.Mozilla Corporation - Firefox.) – D:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®

                                        —\ Start Menu Internet (16) - 0s
                                        O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                                        O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\Shell\open\Command] (.Mozilla Corporation - Firefox.) – d:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                                        O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                        O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                        O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                                        O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) – d:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                                        O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                                        O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
                                        O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                                        O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) – d:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                                        O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                                        O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
                                        O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                                        O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) – d:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                                        O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                                        O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

                                        —\ Search Browser Infection (5) - 16s
                                        O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com/ =>.Google Inc.
                                        O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
                                        O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
                                        O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
                                        O69 - SBI: SearchScopes [HKLM] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.

                                        —\ Search Svchost Services (47) - 1s
                                        O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\WINDOWS\system32\srvsvc.dll [303616] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\WINDOWS\System32\gpsvc.dll [1269248] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\WINDOWS\System32\ikeext.dll [934912] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\WINDOWS\System32\iphlpsvc.dll [996864] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\WINDOWS\System32\appinfo.dll [138752] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\WINDOWS\system32\iscsiexe.dll [150016] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\WINDOWS\System32\eapsvc.dll [108032] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\WINDOWS\system32\schedsvc.dll [877568] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\WINDOWS\system32\wbem\WMIsvc.dll [221696] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\WINDOWS\system32\profsvc.dll [413696] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [385536] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\WINDOWS\System32\wercplsupport.dll [91648] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) – C:\WINDOWS\system32\Windows.SharedPC.AccountManage r.dll [192512] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) – C:\WINDOWS\System32\XblGameSave.dll [1135104] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) – C:\WINDOWS\System32\NaturalAuth.dll [723968] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) – C:\WINDOWS\system32\wlidsvc.dll [2155008] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) – C:\WINDOWS\System32\usermgr.dll [877568] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) – C:\WINDOWS\System32\XblAuthManager.dll [1013248] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) – C:\Windows\System32\Windows.Internal.Management.dl l [536064] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) – C:\WINDOWS\System32\xbgmsvc.dll [301216] =>.Microsoft Windows Publisher®
                                        O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\WINDOWS\system32\themeservice.dll [69632] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) – C:\Windows\System32\TokenBroker.dll [1054208] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) – C:\WINDOWS\System32\lfsvc.dll [43520] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) – C:\WINDOWS\System32\irmon.dll [24576] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\WINDOWS\System32\rasauto.dll [104448] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\WINDOWS\System32\rasmans.dll [873472] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [490496] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\WINDOWS\System32\sens.dll [69632] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\WINDOWS\System32\ipnathlp.dll [537600] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [306688] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\WINDOWS\system32\wuaueng.dll [2444288] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\WINDOWS\System32\qmgr.dll [1159680] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [612864] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) – C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) – C:\WINDOWS\system32\flightsettings.dll [699904] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) – C:\WINDOWS\system32\WpnService.dll [276480] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\WINDOWS\System32\bdesvc.dll [385536] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) – C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) – C:\WINDOWS\system32\usocore.dll [681984] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) – C:\WINDOWS\System32\NetSetupSvc.dll [261632] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) – C:\WINDOWS\System32\DeviceSetupManager.dll [233984] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) – C:\WINDOWS\System32\ncasvc.dll [167424] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) – C:\WINDOWS\System32\XboxGipSvc.dll [18944] =>.Microsoft Corporation
                                        O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) – C:\Windows\System32\appmgmts.dll [196096] =>.Microsoft Corporation

                                        —\ Additional Scan (O88) (1) - 1s
                                        ~ No malicious or unnecessary items found.

                                        —\ Summary of the elements found (2) - 0s
                                        Redirecting... =>.Superfluous.GreenTreeApp
                                        Tencent AddressBar, Barre d’outils de navigateur. - ZAM =>.Superfluous.Tencent

                                        ~ Unselected Options:
                                        ~ End of the scan, 41194 items in 06mn13s (1281)(0)

                                          Comment

                                          • Malnutrition
                                            PCHF Moderator
                                            • Jul 2016
                                            • 7045
                                            #26
                                            ZHP Diag Fix.

                                            ZHP Fix                                             [MEDIA=imgur]4bd9Ugb[/MEDIA]
                                            [ul]
                                            [li]Disable your antivirus prior to this fix![/li]
                                            [li]Download ZHP-Fix from here.[/li][li]UnZip it to your desktop – Tool Here if needed… 7-Zip[/li]
                                            [li]Install it.[/li][li]Click Suivant 5 Times.[/li][li]Then Installer.[/li][li]Then Terminer.[/li][li]Then right clcick the ZHP Fix icon Run as admin.[/li][li]Copy the entire content of the code box below, the next step will grab it from your clipboard.[/li]
                                            [li]Then click on import.[/li][li]Then click GO.[/li][li]If you see any Prompts like the one below, select Oui. = Yes in French. [/li]
                                            [li]https://pchelpforum.net/attachments/...7-40-png.2248/ [/li]
                                            [li]Allow completion.[/li][li]A log file will appear on your desktop. [/li]
                                            [li]Post it here in your next reply.[/li][/ul]

                                            [ICODE] Script ZhpFix SysRestore EmptyFlash ProxyFix EmptyCLSID O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl® SS - Demand [11/07/2017] [ 272384] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe =>.Adobe Systems Incorporated® SS - Demand [17/09/2013] [ 169432] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation® SS - Auto [17/09/2013] [ 169432] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl® [MD5.8E65EBE8511CD0757BBB17C7670F6563] [APT] [Tweaking.com - Windows Repair Tray Icon] (.Tweaking.com.) -- C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [218336] (.Activate.) =>.Tweaking LLC® O39 - APT: Unknown - (...) -- C:\WINDOWS\System32\Tasks\shutdown [2478] O39 - APT: Tweaking.com - Windows Repair Tray Icon - (.Tweaking.com.) -- C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon [3758] =>.Tweaking LLC® O39 - APT: {1E6113B1-6320-42D6-98F3-9B2BBA5E0C28} - (.Mozilla Corporation.) -- C:\WINDOWS\System32\Tasks\{1E6113B1-6320-42D6-98F3-9B2BBA5E0C28} [2240] =>.Mozilla Corporation® HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\shutdown HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking .com - Windows Repair Tray Icon G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com =>.Google Inc. G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc. P2 - EXT FILE: (.http://coolrom.com/contact.php - Coolrom Search Engine.) -- C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Prof iles\z94n8t79.default\extensions\{0fc22c4c-93ed-48ea-ad12-dc8039cf3795}.xpi R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 1 O40 - TASK: {BF728E4A-B1B4-406C-A6B2-1A4888A56396} - (...) -- C:\WINDOWS\system32\osppc.dll (.not file.) [0] (.Orphan.) =>.Superfluous.Orphan O42 - Logiciel: Mozilla Firefox 39.0 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 39.0 (x86 en-US) =>.Mozilla Corporation® O42 - Logiciel: Mozilla Firefox 47.0.1 (x86 en-US) - (.Mozilla.) [HKCU][64Bits] -- Mozilla Firefox 47.0.1 (x86 en-US) =>.Mozilla Corporation® HKLM\SOFTWARE\Wow6432Node\Eset =>.ESET HKLM\SOFTWARE\Wow6432Node\Free YouTube Downloader =>.DawnArk, Inc HKLM\SOFTWARE\Wow6432Node\Wondershare =>.Wondershare HKCU\SOFTWARE\BlueStacks =>.BlueStack Systems, Inc. HKCU\SOFTWARE\Boneloaf HKCU\SOFTWARE\Chromium =>.Chromium HKCU\SOFTWARE\epsxe =>.ePSXe HKCU\SOFTWARE\ESET =>.ESET HKCU\SOFTWARE\RLZer HKCU\SOFTWARE\Tencent =>.Superfluous.Tencent HKCU\SOFTWARE\ThsDict.ini HKCU\SOFTWARE\ThsDict.ini2 HKCU\SOFTWARE\Vision Thing HKCU\SOFTWARE\Yahoo =>.Yahoo! Inc. HKCU\SOFTWARE\AppDataLow\Software\Yahoo =>.Yahoo! Inc. HKCU\SOFTWARE\Ó¦ÓóÌÐòÏòµ¼Éú³ÉµÄ±¾µØÓ¦ÓóÌÐò C:\Program Files\Leapdroid C:\Program Files (x86)\Belarc C:\Program Files (x86)\NSIS Uninstall Information C:\ProgramData\BlueStacksSetup C:\Users\USER\AppData\Roaming\My Bluetooth C:\Users\USER\AppData\Roaming\yiwanzhushou C:\Users\USER\AppData\Local\Bluestacks C:\Users\USER\AppData\Local\Chris_Pietschmann_(htt p__ C:\Users\USER\AppData\Local\GWX O58 - SDL:2016/04/21 14:55:04 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) -- C:\WINDOWS\System32\drivers\tap0901.sys [27136] =>.The OpenVPN Project O58 - SDL:2017/02/09 16:40:18 A . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\WINDOWS\System32\drivers\taphss6.sys [42064] =>.AnchorFree Inc® O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation HKCU\SOFTWARE\GreenTree Applications =>.Superfluous.GreenTreeApp EmptyTemp[/ICODE]

                                              Comment

                                              • maxim123
                                                PCHF Member
                                                • Aug 2017
                                                • 466
                                                #27
                                                Hi, here is the zhpfix log:

                                                Code:
                                                Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d’export Registre :
Run by Max at 8/9/2017 10:51:15 AM
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (15063)

Recycle Bin emptied (02mn AMs)

========== Software ==========
ABSENT Uninstall Process: d:\program files (x86)\mozilla firefox\uninstall\helper.exe

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 39.0 (x86 en-US)]
REMOVES Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 47.0.1 (x86 en-US)]
REMOVES: Service: SkypeUpdate
REMOVES: HKLM\SOFTWARE\Wow6432Node\Eset
REMOVES: HKLM\SOFTWARE\Wow6432Node\Free YouTube Downloader
REMOVES: HKLM\SOFTWARE\Wow6432Node\Wondershare
REMOVES: HKCU\SOFTWARE\BlueStacks
REMOVES: HKCU\SOFTWARE\Boneloaf
REMOVES: HKCU\SOFTWARE\Chromium
REMOVES: HKCU\SOFTWARE\epsxe
REMOVES: HKCU\SOFTWARE\ESET
REMOVES: HKCU\SOFTWARE\RLZer
REMOVES: HKCU\SOFTWARE\Tencent
REMOVES: HKCU\SOFTWARE\ThsDict.ini
REMOVES: HKCU\SOFTWARE\ThsDict.ini2
REMOVES: HKCU\SOFTWARE\Vision Thing
REMOVES: HKCU\SOFTWARE\Yahoo
REMOVES: HKCU\SOFTWARE\AppDataLow\Software\Yahoo
REMOVES: HKCU\SOFTWARE\Ó¦ÓóÌÐòÏòµ¼Éú³ÉµÄ±¾µØÓ¦ÓóÌÐò
REMOVES: Services Svchost: dmwappushservice
REMOVES: HKCU\SOFTWARE\GreenTree Applications

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value
REMOVES: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

========== Elements of the registry data ==========
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1

========== Folders ==========
No folders empty CLSID Local user
REMOVES: c:\program files\leapdroid
REMOVES: c:\program files (x86)\belarc
REMOVES: c:\program files (x86)\nsis uninstall information
REMOVES: c:\programdata\bluestackssetup
REMOVES: c:\users\user\appdata\roaming\my bluetooth
REMOVES: c:\users\user\appdata\roaming\yiwanzhushou
REMOVES: c:\users\user\appdata\local\bluestacks
REMOVES: c:\users\user\appdata\local\chris_pietschmann_(http__
REMOVES: c:\users\user\appdata\local\gwx
Deletes temporary Windows (218)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\program files (x86)\skype\updater\updater.exe
REMOVES Reboot: c:\windows\system32\tasks\shutdown
REMOVES Reboot: c:\windows\system32\tasks{1e6113b1-6320-42d6-98f3-9b2bba5e0c28}
REMOVES Reboot: c:\windows\system32\drivers\tap0901.sys
REMOVES Reboot: c:\windows\system32\drivers\taphss6.sys
Deletes temporary Windows (6509) (628,620,600 octets)

========== Scheduled task ==========
REMOVES: Tweaking.com - Windows Repair Tray Icon

========== System restore ==========
No System Restore Point created

========== Other ==========
NON-TREATY O40 - TASK: {BF728E4A-B1B4-406C-A6B2-1A4888A56396} - (…) – C:\WINDOWS\system32\osppc.dll (.not file.) [0] (.Orphan.)

========== Summary ==========
21 : Registry keys
7 : Registry values
4 : Elements of the registry data
11 : Folders
7 : Files
1 : Software
1 : Scheduled task
1 : System restore
1 : Other

End of clean in 44mn AMs

========== Path to file report ==========
C:\Users\USER\AppData\Roaming\ZHP\ZHPFix[R1].txt - 8/9/2017 10:51:17 AM [3705]
                                                It tried to uninstall firefox, which I cancelled. Do I have to uninstall the firefox? Also, I haven’t run chkdsk, do I have to run it (you told me to ask before I do it)?

                                                  Comment

                                                  • Malnutrition
                                                    PCHF Moderator
                                                    • Jul 2016
                                                    • 7045
                                                    #28
                                                    Originally posted by maxim123
                                                    Do I have to uninstall the firefox?
                                                    No, it was just removing the older versions.
                                                    Originally posted by maxim123
                                                    Also, I haven’t run chkdsk, do I have to run it (you told me to ask before I do it)?
                                                    Yes, I highly suggest that. Once that is complete, please let me know how things are running.

                                                      Comment

                                                      • Malnutrition
                                                        PCHF Moderator
                                                        • Jul 2016
                                                        • 7045
                                                        #29
                                                        9-Lab Scan.

                                                        [ul]
                                                        [li]Download 9-Lab Removal Tool. [/li][li]CLICK HERE to determine whether you’re running 32-bit or 64-bit for Windows.[/li][li]Disable your antivirus prior to this scan.[/li]
                                                        [li]Install the program onto your computer, then right click the icon run as administrator.[/li][li]Update the program and then run a Quick scan![/li][li]Make sure the program updates, might be better to install it update reboot and check for updates again.[/li][li]You need to make sure the database updates!!![/li][li]Upon Scan Completion Click on Show Results.[/li][li]Then Click On Clean[/li][li]Then Click on Save Log.[/li][li]Save it to your desktop, copy and paste the contents of the log here in your next reply.[/li][/ul]

                                                          Comment

                                                          • maxim123
                                                            PCHF Member
                                                            • Aug 2017
                                                            • 466
                                                            #30
                                                            I will run the chkdsk and let you know

                                                              Comment

                                                              Previous 1 2 3 template Next
                                                              Working...

                                                                We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                                By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                                I Agree