• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
28
4
43
#1
Hi all,

About a week after my last visit I noticed a browser hijack. I opened a page and in just under a second the browser loaded a page claiming to be a Firefox update page, and it popped up a download window asking me to download a javascript file. It's been busy at work so I haven't had time to deal with this, but today it happened again and I was in the middle of typing in another application when this download popup took over and I'd hit the spacebar before I knew what was going on. So now I probably have something malicious and definitely need to make time to deal with this crap again.

Here are the FRST and MBR logs:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by ****** (administrator) on ******-PC (11-03-2017 15:10:28)
Running from C:\Users\******\Desktop\Virus Stuff
Loaded Profiles: ****** (Available Profiles: ******)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6963272 2013-01-15] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-03-14] (Acresso Corporation)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2014-04-09]
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3113485377-2953679804-1031508582-1000] => 192.168.0.221:3128
Tcpip\..\Interfaces\{71B88154-5A6B-457A-ADCF-3F33C69C7093}: [NameServer] 8.8.8.8,75.114.81.2

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 [2017-03-11]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> Google
FF Homepage: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> hxxp://www.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ftp", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.socks", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ssl", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ftp", "192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> http", "192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> socks", "192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ssl", "192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-20] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default [2017-03-11]
CHR Extension: (Google Slides) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-05]
CHR Extension: (Google Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-05]
CHR Extension: (Google Drive) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-05]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-05]
CHR Extension: (Google Search) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
CHR Extension: (Google Sheets) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2016-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-07]
CHR Extension: (Gmail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-05]
CHR Extension: (Chrome Media Router) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11-21] (BUFFALO INC.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AKAI_EIE_PRO_MIDI; C:\Windows\System32\drivers\akaieiem.sys [31984 2011-09-22] (Numark)
R3 AKAI_EIE_PRO_USB; C:\Windows\System32\Drivers\akaieieu.sys [424176 2011-09-22] (Ploytec GmbH)
R3 AKAI_EIE_WDM; C:\Windows\System32\drivers\akaieiea.sys [54000 2011-09-22] (Numark)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft, Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-25] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-25] (Zemana Ltd.)
S3 BEHRINGER_2902; System32\Drivers\BUSB2902.sys [X]
S3 BUSB_AUDIO_WDM; system32\drivers\busbwdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 15:10 - 2017-03-11 15:10 - 00000000 ____D C:\FRST
2017-03-11 14:50 - 2017-02-22 18:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-11 14:50 - 2017-02-22 18:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-11 14:50 - 2017-02-18 09:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-11 14:50 - 2017-02-18 09:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-11 14:50 - 2016-12-31 10:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-11 14:50 - 2016-12-31 10:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-11 14:50 - 2016-12-31 10:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-11 14:50 - 2016-12-31 10:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-11 14:50 - 2016-12-31 10:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-11 14:48 - 2017-03-11 14:48 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-11 14:48 - 2017-03-11 14:48 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-11 14:48 - 2017-03-11 14:48 - 00000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2017-03-11 14:47 - 2017-03-11 14:47 - 09261616 _____ (Piriform Ltd) C:\Users\******\Desktop\ccsetup527.exe
2017-03-11 12:28 - 2017-03-11 12:28 - 15038328 _____ (Balsamiq ) C:\Users\******\Desktop\Balsamiq_Mockups_3.5.8.exe
2017-03-03 23:23 - 2017-03-03 23:54 - 00040448 _____ C:\Users\******\Desktop\Cisco Options.xls
2017-03-03 23:23 - 2017-03-03 23:23 - 00001355 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-03-03 23:23 - 2017-03-03 23:23 - 00001355 _____ C:\ProgramData\Desktop\Foxit Reader.lnk
2017-03-03 23:23 - 2017-03-03 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-03-01 19:18 - 2017-03-01 19:26 - 63333188 _____ C:\Users\******\Desktop\04 - Plorp (2017-03-01).wav
2017-02-25 16:33 - 2017-02-25 16:35 - 1113651520 _____ C:\Users\******\Desktop\Greg Wilson - What We Actually Know About Software Development.mp4
2017-02-20 06:32 - 2016-07-22 09:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-02-20 06:32 - 2016-07-22 09:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-02-20 06:07 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-20 06:07 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-20 06:07 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-20 06:07 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-02-20 06:07 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-20 06:07 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-02-20 06:07 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-20 06:07 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-20 06:07 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-20 06:07 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-20 06:07 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-20 06:07 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-02-20 06:07 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-02-20 06:07 - 2016-11-21 13:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-02-20 06:07 - 2016-11-20 11:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-02-20 06:07 - 2016-11-20 09:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-20 06:07 - 2016-11-17 11:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-02-20 06:07 - 2016-11-14 18:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-02-20 06:07 - 2016-11-14 17:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-02-20 06:07 - 2016-11-12 14:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-02-20 06:07 - 2016-11-12 14:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-02-20 06:07 - 2016-11-12 14:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-02-20 06:07 - 2016-11-12 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-02-20 06:07 - 2016-11-12 14:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-02-20 06:07 - 2016-11-12 14:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-20 06:07 - 2016-11-12 14:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-02-20 06:07 - 2016-11-12 14:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-02-20 06:07 - 2016-11-12 14:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-02-20 06:07 - 2016-11-12 14:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-02-20 06:07 - 2016-11-12 14:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-02-20 06:07 - 2016-11-12 14:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-20 06:07 - 2016-11-12 14:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-02-20 06:07 - 2016-11-12 14:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-02-20 06:07 - 2016-11-12 14:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-20 06:07 - 2016-11-12 14:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-02-20 06:07 - 2016-11-12 13:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-02-20 06:07 - 2016-11-12 13:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-20 06:07 - 2016-11-12 13:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-02-20 06:07 - 2016-11-12 13:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-02-20 06:07 - 2016-11-12 13:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-02-20 06:07 - 2016-11-12 13:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-02-20 06:07 - 2016-11-12 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-02-20 06:07 - 2016-11-12 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-02-20 06:07 - 2016-11-12 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-02-20 06:07 - 2016-11-12 13:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-02-20 06:07 - 2016-11-12 13:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-20 06:07 - 2016-11-12 13:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-02-20 06:07 - 2016-11-12 13:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-02-20 06:07 - 2016-11-12 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-02-20 06:07 - 2016-11-12 13:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-02-20 06:07 - 2016-11-12 13:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-02-20 06:07 - 2016-11-12 13:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-02-20 06:07 - 2016-11-12 13:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-02-20 06:07 - 2016-11-12 13:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-20 06:07 - 2016-11-12 13:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-02-20 06:07 - 2016-11-12 13:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-20 06:07 - 2016-11-12 13:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-02-20 06:07 - 2016-11-12 13:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-02-20 06:07 - 2016-11-12 13:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-02-20 06:07 - 2016-11-12 13:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-20 06:07 - 2016-11-12 13:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-20 06:07 - 2016-11-12 13:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-02-20 06:07 - 2016-11-12 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-02-20 06:07 - 2016-11-12 13:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-02-20 06:07 - 2016-11-12 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-02-20 06:07 - 2016-11-12 12:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-02-20 06:07 - 2016-11-12 12:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-02-20 06:07 - 2016-11-12 12:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-02-20 06:07 - 2016-11-12 12:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-02-20 06:07 - 2016-11-12 12:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-02-20 06:07 - 2016-11-12 12:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-20 06:07 - 2016-11-12 12:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-02-20 06:07 - 2016-11-12 12:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-20 06:07 - 2016-11-12 12:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-20 06:07 - 2016-11-12 12:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-02-20 06:07 - 2016-11-12 12:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-02-20 06:07 - 2016-11-12 12:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-20 06:07 - 2016-11-12 12:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-20 06:07 - 2016-11-12 12:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-20 06:07 - 2016-11-12 12:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-20 06:07 - 2016-11-12 12:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-20 06:07 - 2016-11-12 12:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-20 06:07 - 2016-11-12 12:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-02-20 06:07 - 2016-11-10 11:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-20 06:07 - 2016-11-10 11:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-20 06:07 - 2016-11-09 11:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-02-20 06:07 - 2016-11-09 11:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-20 06:07 - 2016-11-09 11:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-20 06:07 - 2016-11-09 11:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-02-20 06:07 - 2016-11-09 11:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-02-20 06:07 - 2016-11-09 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-02-20 06:07 - 2016-11-09 11:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-02-20 06:07 - 2016-11-09 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-02-20 06:07 - 2016-11-09 11:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-02-20 06:07 - 2016-11-09 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-02-20 06:07 - 2016-11-09 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-02-20 06:07 - 2016-11-09 11:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-02-20 06:07 - 2016-11-09 11:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-02-20 06:07 - 2016-11-09 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-02-20 06:07 - 2016-11-06 11:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-20 06:07 - 2016-11-06 11:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-02-20 06:07 - 2016-11-06 11:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-20 06:07 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-02-20 06:07 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-02-20 06:07 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-02-20 06:07 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-02-20 06:07 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-02-20 06:07 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-02-20 06:07 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-02-20 06:07 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-02-20 06:07 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-02-20 06:07 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-02-20 06:07 - 2016-10-27 10:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-02-20 06:07 - 2016-10-27 10:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-02-20 06:07 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-20 06:07 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-02-20 06:07 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-20 06:07 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-02-20 06:07 - 2016-10-11 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-02-20 06:07 - 2016-10-11 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-20 06:07 - 2016-10-11 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-02-20 06:07 - 2016-10-11 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-02-20 06:07 - 2016-10-11 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-02-20 06:07 - 2016-10-11 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-02-20 06:07 - 2016-10-11 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-02-20 06:07 - 2016-10-11 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-02-20 06:07 - 2016-10-11 10:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-02-20 06:07 - 2016-10-11 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-02-20 06:07 - 2016-10-11 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-02-20 06:07 - 2016-10-11 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-02-20 06:07 - 2016-10-11 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-02-20 06:07 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-02-20 06:07 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-02-20 06:07 - 2016-10-11 10:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-02-20 06:07 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-02-20 06:07 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-02-20 06:07 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-02-20 06:07 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-02-20 06:07 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-02-20 06:07 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-02-20 06:07 - 2016-10-11 10:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-02-20 06:07 - 2016-10-11 10:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-02-20 06:07 - 2016-10-11 10:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-02-20 06:07 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-02-20 06:07 - 2016-10-11 10:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-02-20 06:07 - 2016-10-11 10:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-02-20 06:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-02-20 06:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-02-20 06:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-02-20 06:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-02-20 06:07 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-02-20 06:07 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-02-20 06:07 - 2016-10-11 10:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 10:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-02-20 06:07 - 2016-10-11 10:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-02-20 06:07 - 2016-10-11 10:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-02-20 06:07 - 2016-10-11 09:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-02-20 06:07 - 2016-10-11 09:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-02-20 06:07 - 2016-10-11 09:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-02-20 06:07 - 2016-10-11 09:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-02-20 06:07 - 2016-10-11 09:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-02-20 06:07 - 2016-10-11 09:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-02-20 06:07 - 2016-10-11 09:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-02-20 06:07 - 2016-10-11 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-02-20 06:07 - 2016-10-11 09:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 09:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-02-20 06:07 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-02-20 06:07 - 2016-10-11 08:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-02-20 06:07 - 2016-10-11 08:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-02-20 06:07 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-02-20 06:07 - 2016-10-08 08:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-02-20 06:07 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-02-20 06:07 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-02-20 06:07 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-02-20 06:07 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-02-20 06:07 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-02-20 06:07 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-02-20 06:07 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-02-20 06:07 - 2016-10-04 10:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-02-20 06:07 - 2016-10-04 10:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-02-20 06:07 - 2016-10-04 10:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-02-20 06:07 - 2016-10-04 10:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-02-20 06:07 - 2016-10-04 10:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-02-20 06:07 - 2016-10-04 10:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-02-20 06:07 - 2016-10-04 10:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-02-20 06:07 - 2016-10-04 10:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-02-20 06:07 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-02-20 06:07 - 2016-09-12 16:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-02-20 06:07 - 2016-09-12 15:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-02-20 06:07 - 2016-09-12 14:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-02-20 06:07 - 2016-09-12 13:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-02-20 06:07 - 2016-09-12 13:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-02-20 06:07 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-02-20 06:07 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-02-20 06:07 - 2016-09-08 15:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-02-20 06:07 - 2016-09-08 15:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-02-20 06:07 - 2016-09-08 15:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-02-20 06:07 - 2016-09-08 15:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-02-20 06:07 - 2016-09-08 09:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-02-20 06:07 - 2016-09-08 09:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-02-20 06:07 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-02-20 05:59 - 2017-02-20 05:59 - 00000000 ____D C:\Users\******\AppData\Local\Adobe
2017-02-17 09:41 - 2017-02-17 09:44 - 00000000 ____D C:\Users\******\Desktop\The.Naked.Gun.From.the.Files.of.Police.Squad.1988.720p.BluRay.x264.AAC-ETRG
2017-02-17 09:40 - 2017-02-17 09:40 - 00000000 ____D C:\Users\******\Desktop\Airplane! (1980) [1080p] x264 - Jalucian
2017-02-16 23:30 - 2017-02-26 21:30 - 00000000 ____D C:\Users\******\Desktop\The Naked Gun Trilogy (1988-1994)
2017-02-16 23:27 - 2017-03-11 14:48 - 00000000 ____D C:\Users\******\AppData\Roaming\BitTorrent
2017-02-16 23:27 - 2017-02-16 23:27 - 02241224 _____ (BitTorrent Inc.) C:\Users\******\Desktop\BitTorrent.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 15:11 - 2016-09-25 06:53 - 00044488 _____ C:\Windows\ZAM.krnl.trace
2017-03-11 15:11 - 2016-09-25 06:53 - 00017765 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-11 15:11 - 2015-08-15 10:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-11 15:10 - 2016-03-08 08:17 - 00000000 ____D C:\Users\******\Desktop\Virus Stuff
2017-03-11 15:03 - 2016-11-24 13:44 - 00000000 ____D C:\Users\******\AppData\LocalLow\Mozilla
2017-03-11 15:03 - 2009-07-13 23:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-11 15:03 - 2009-07-13 23:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-11 15:01 - 2009-07-14 00:13 - 00799970 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-11 15:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-03-11 14:54 - 2015-09-11 23:53 - 00000000 ____D C:\ProgramData\PACE
2017-03-11 14:54 - 2013-07-16 19:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-11 14:54 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 14:53 - 2014-12-11 07:40 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-11 14:53 - 2014-05-06 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-11 14:52 - 2013-07-16 20:44 - 00000000 ____D C:\Windows\system32\MRT
2017-03-11 14:50 - 2013-07-16 19:29 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-11 14:48 - 2016-10-06 21:13 - 00000000 ____D C:\ProgramData\Foxit Software
2017-03-11 14:48 - 2016-10-01 09:07 - 00000000 ____D C:\Users\******\AppData\Roaming\Media Player Classic
2017-03-11 14:48 - 2014-08-15 01:21 - 00000000 ____D C:\Windows\Minidump
2017-03-11 14:45 - 2015-07-09 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2017-03-11 14:45 - 2015-07-09 23:21 - 00000000 ____D C:\Program Files (x86)\Propellerhead
2017-03-11 14:44 - 2015-10-17 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft GIF Animator
2017-03-11 14:44 - 2015-10-17 01:14 - 00000000 ____D C:\Multimedia Files
2017-03-08 21:18 - 2017-01-21 20:47 - 00082432 _____ C:\Users\******\Desktop\AstroFlux Stuff.xls
2017-03-02 07:08 - 2015-03-09 17:39 - 00000000 ____D C:\Users\******\AppData\Roaming\Audacity
2017-02-26 21:19 - 2014-06-08 15:43 - 00000000 ____D C:\Users\******\AppData\Roaming\MediaMonkey
2017-02-20 08:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-02-20 06:18 - 2016-10-22 12:58 - 00413000 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-20 06:12 - 2013-07-16 15:13 - 00792092 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-20 05:59 - 2015-08-15 10:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-20 05:59 - 2013-07-17 17:30 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-20 05:59 - 2013-07-17 17:30 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-20 05:59 - 2013-07-17 17:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-20 05:59 - 2013-07-17 17:30 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-12 15:07 - 2016-10-15 09:24 - 00000600 _____ C:\Users\******\AppData\Local\PUTTY.RND

==================== Files in the root of some directories =======

2016-10-15 09:24 - 2017-02-12 15:07 - 0000600 _____ () C:\Users\******\AppData\Local\PUTTY.RND

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 01:22

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Ran by ****** (11-03-2017 15:11:47)
Running from C:\Users\******\Desktop\Virus Stuff
Windows 7 Home Premium Service Pack 1 (X64) (2013-07-17 03:55:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3113485377-2953679804-1031508582-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3113485377-2953679804-1031508582-1004 - Limited - Enabled)
Guest (S-1-5-21-3113485377-2953679804-1031508582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3113485377-2953679804-1031508582-1002 - Limited - Enabled)
****** (S-1-5-21-3113485377-2953679804-1031508582-1000 - Administrator - Enabled) => C:\Users\******

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version: - )
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Akai EIE Pro USB Audio driver (HKLM\...\USB_AUDIO_DEusb-audio.deAkaiEIE) (Version: - )
ALLDATA Repair (HKLM-x32\...\{73090A5A-E0C0-4E0B-A320-E183877061A5}) (Version: 10.51.1000.101 - ALLDATA Corporation)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.12.0 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Auto Clicker Typer 1.0 (HKLM-x32\...\Auto Clicker Typer_is1) (Version: - A Software Plus)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.76 - Buffalo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
File Writer output plugin for WinAMP 2 v1.17(c) (remove only) (HKLM-x32\...\File Writer output plugin) (Version: - )
FNC 11 Installer (x32 Version: 11.06.0000 - Acresso Software) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
GNS3 0.8.7 (HKLM-x32\...\GNS3) (Version: 0.8.7 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.879 - Paramount Software (UK) Ltd.) Hidden
Media Player Classic - Home Cinema 1.6.1.4235 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.1.4235 - MPC-HC Team)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
PACE License Support Win64 (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6823 - Realtek Semiconductor Corp.)
Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Tag&Rename 3.7 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7 - Softpointer Inc)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.576 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1126644A-5791-46EF-B388-FCCC99455443} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {7768EB24-B97D-494E-AEA2-7BC990DE5602} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-20] (Adobe Systems Incorporated)
Task: {776A026D-36F9-4340-8DA2-E3F99BBEDB5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {C6D2E45F-78CC-41FD-81B6-59599E2EB142} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D0CF7A3C-6632-45F8-89E9-8BB37CAD5D7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-07 16:15 - 2015-02-03 21:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-21 15:16 - 2016-09-21 15:16 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-25 06:53 - 2017-01-24 06:51 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\PACE:BAE58937CBFFCB07 [1]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-07-24 09:57 - 2016-10-07 06:07 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\Control Panel\Desktop\\Wallpaper -> Ïöu
DNS Servers: 8.8.8.8 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{AD67C483-AC60-41BB-AA6A-6F29AFB8D06A}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [UDP Query User{C02AF7DB-64DC-464A-A265-114A4DE86935}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [{1F3499E8-655E-432D-8E46-DB2E4C4AF239}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{E20751D3-ACF2-479E-92E5-F3A406C8CF05}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{A1EA805D-A3B5-4079-B33A-FD26FEBAB8D4}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{37F3B9E2-EB1E-4AE1-BE6B-CEF37EC496E7}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2EE99B42-3919-4534-B710-EB69610D46AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{032587B6-A885-462D-B804-927DA9D1AD55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{077FACB6-55AC-4832-9097-C85A5D7D026C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4F5B9F22-C33A-4D83-9053-5482949DD1E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{51B26A99-E019-494B-95B0-1500FED4E4EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7408BE0-4307-42A0-8356-93EAE9B2CCBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{44466AEE-8566-4572-BDEF-DE303D8AE807}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [UDP Query User{DCD31EE1-4676-4A86-8ABB-39D2EDB735E1}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [TCP Query User{113F6EB5-3276-4474-861E-6E442A9A1347}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{EFA9DFE5-0481-4F1F-9A7D-A49258143EA7}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{2E973914-B053-4AE4-9C96-6F5982475618}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{7E4431AB-1944-4EF8-B85A-D6A0946732F9}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{9DD1246B-EB22-44D9-9D35-898337EC5652}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [TCP Query User{A5268866-D16A-4EC6-9440-D886DD5182E8}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [UDP Query User{18A19F28-115E-47B2-A1C9-28C16A276AEA}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [{83C19C54-7633-4BDB-99BC-BF5545CD7B49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF1B2D19-10C9-40B6-97A7-3941A6B4E33C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AA1814B4-675B-4A51-B85A-3409C5F0E60F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{95C89ED3-AB41-4B3B-BA3B-FDDFEB705E13}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AA1DB257-7E9F-4A58-AD69-209215D58549}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{70B7B4D9-1F62-4550-B771-B1C8D0150210}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A2830A0B-6DF1-48E6-A6ED-26392C03B918}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E1A6CE9-9055-4B96-9D21-764265CC8AEA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D29E484-46F0-4FF0-98E5-53E0E649FB8C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2FE6BBA8-5B29-400D-A0A5-CBF2F5B545C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F7C3E5EE-BED6-47B0-8C82-4999A0F5C7A4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2224901B-FE9E-4976-8B10-DC4BB4794154}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E179A782-F107-440A-8575-4931144BE997}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

20-02-2017 06:08:00 Windows Update
20-02-2017 06:32:58 Windows Update
24-02-2017 03:05:57 Windows Update
28-02-2017 03:06:33 Windows Update
07-03-2017 08:24:13 Windows Update
11-03-2017 14:50:16 Windows Update

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2017 02:57:05 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 02:57:05 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 02:57:05 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 02:57:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/11/2017 02:57:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 02:57:04 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/11/2017 02:57:04 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 02:57:04 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 02:57:04 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (03/11/2017 02:57:03 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (2920) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00D9C.log.


System errors:
=============
Error: (03/11/2017 02:58:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).

Error: (03/11/2017 02:57:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/11/2017 02:57:05 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (03/11/2017 02:55:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (03/05/2017 02:42:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (03/05/2017 02:42:17 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:33:01 AM on ‎3/‎5/‎2017 was unexpected.

Error: (03/04/2017 08:49:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (03/04/2017 08:49:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:47:26 PM on ‎3/‎4/‎2017 was unexpected.

Error: (03/03/2017 11:23:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Foxit Reader Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/23/2017 11:05:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 22%
Total physical RAM: 8122.92 MB
Available physical RAM: 6258.8 MB
Total Virtual: 16244.02 MB
Available Virtual: 14266.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:174.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5390540C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-03-11 15:13:47
-----------------------------
15:13:47.626 OS Version: Windows x64 6.1.7601 Service Pack 1
15:13:47.626 Number of processors: 4 586 0x3A09
15:13:47.626 ComputerName: ******-PC UserName: ******
15:13:48.795 Initialize success
15:13:48.820 VM: initialized successfully
15:13:48.821 VM: Intel CPU supported
15:14:05.956 VM: supported disk I/O ataport.SYS
15:14:20.678 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:14:20.681 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 11
15:14:20.787 VM: Disk 0 MBR read successfully
15:14:20.790 Disk 0 MBR scan
15:14:20.792 Disk 0 Windows 7 default MBR code
15:14:20.798 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:14:20.800 Disk 0 default boot code
15:14:20.808 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
15:14:20.835 Disk 0 scanning C:\Windows\system32\drivers
15:14:27.416 Service scanning
15:14:45.006 Modules scanning
15:14:45.007 Disk 0 trace - called modules:
15:14:45.017 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:14:45.017 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077de060]
15:14:45.018 3 CLASSPNP.SYS[fffff8800145043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80072cd060]
15:14:45.018 Disk 0 statistics 109499/0/18 @ 8.16 MB/s
15:14:45.018 Scan finished successfully
15:19:55.114 Disk 0 MBR has been saved successfully to "C:\Users\******\Desktop\Virus Stuff\MBR.dat"
15:19:55.118 The log file has been saved successfully to "C:\Users\******\Desktop\Virus Stuff\aswMBR.txt"
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Malware Teacher
Jul 22, 2016
2,797
491
#2
Let's clean some trash from the machine before a FRST fix... :)

Clean up temp files and reduce startup load with CCleaner.


Note: This tool will clean your browsing history as well.

  • Download CCleaner from here.
  • After install Click Options.
  • Go to monitoring.
  • Uncheck All Monitoring items.
  • Go to advanced -- Click close program after cleaning.
  • Go to settings -- click run ccleaner when the computer starts.
  • Now that you have ccleaner installed and set-up:
  • Open the program.
  • Go to Tools
  • Go to Startup
  • Now double click each item. To Disable.
  • Leave only your antivirus enabled.
  • Then disable All items in your scheduled task as well.
  • Unless they are related to windows defender.Or your antivirus.
  • Reboot the machine.





ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.






2. Once you have started the program, you will need to click the scanner button.



The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.


Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all other the running programs
  • Disable ALL Antivirus -- Antimalware -- Applications.
  • Right Click Rogue Killer and Run as Administrator.
  • Click the Start Scan button.
  • Allow the scan to run -- it can take ten minutes or more.
  • Once the scan is complete check All items for removal.

  • After All items are checked then press Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on open report -- then open txt
  • Copy the content of the report and paste it here in your next reply.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Let's have a fresh look at your system after the above scans please.


Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked, as well as Shortcut.txt
  • Press Scan button and wait.
  • The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt
Please Copy & Paste them into your next reply. But attach Shortcut.txt
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
28
4
43
#3
Here you go. Based on the timestamp though it looks like the FRST files failed to overwrite the previous files.


~ ZHPCleaner v2017.3.11.43 by Nicolas Coolman (2017/03/11)
~ Run by ****** (Administrator) (11/03/2017 19:29:27)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\******\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\******\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (3)
REPLACED Google Chrome Preferences: "https://d31qbv1cthcecs.cloudfront.net/" =>.Superfluous.CloudfrontNet
REPLACED Google Chrome Preferences: "https://d5nxst8fruw4z.cloudfront.net/" =>.Superfluous.CloudfrontNet
FOUND PARAMS: ProxyServer [192.168.0.221:3128] (User.Validation)


---\\ Hosts file (1)
~ The hosts file is legitimate (21)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (23)
MOVED file: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\temporary\http+++game258437.konggames.com\.metadata =>PUP.Optional.KongGames
MOVED file: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\temporary\http+++game258437.konggames.com\.metadata-v2 =>PUP.Optional.KongGames
MOVED file: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\temporary\http+++game258437.konggames.com\asmjs\metadata =>PUP.Optional.KongGames
MOVED file: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\temporary\http+++game258437.konggames.com\asmjs\module15 =>PUP.Optional.KongGames
MOVED file: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\http+++gameofthrones.wikia.com\.metadata =>.Superfluous.IronSourceLtd
MOVED file: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\http+++gameofthrones.wikia.com\.metadata-v2 =>.Superfluous.IronSourceLtd
MOVED file: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\http+++gameofthrones.wikia.com\idb\1560848701eBcD_dIenxde.sqlite =>.Superfluous.IronSourceLtd
MOVED file: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\http+++game258437.konggames.com\.metadata =>PUP.Optional.KongGames
MOVED file: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\http+++game258437.konggames.com\.metadata-v2 =>PUP.Optional.KongGames
MOVED file: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863\storage\default\http+++game258437.konggames.com\idb\2083995541%s2fFbid.sqlite =>PUP.Optional.KongGames
MOVED file: C:\Windows\Installer\wix{2F72F540-1F60-4266-9506-952B21D6640D}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{963BFE7E-C350-4346-B43C-B02358306A45}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{D4D86CB2-2370-4691-8272-3869EDED6C64}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d160accw6snlyf.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d160accw6snlyf.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic
MOVED file: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic
MOVED file: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage =>.Superfluous.AkamaiHD
MOVED file: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage-journal =>.Superfluous.AkamaiHD
MOVED file: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage =>PUP.Optional.AddLyrics
MOVED file: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime


---\\ Registry ( Key, Value, Data) (1)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\GreenTree Applications [] =>.Superfluous.GreenTreeApp


---\\ Summary of the elements found (9)
https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/ =>.Superfluous.CloudfrontNet
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.KongGames
https://www.anti-malware.top/2016/05/02/superfluous-ironsourceltd/ =>.Superfluous.IronSourceLtd
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/ =>PUP.Optional.Generic
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.AkamaiHD
https://nicolascoolman.eu/2017/02/24/pup-optional-addlyrics/ =>PUP.Optional.AddLyrics
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/ =>Riskware.QuickTime
https://www.anti-malware.top/2016/09/10/superfluous-greentreeapp/ =>.Superfluous.GreenTreeApp


---\\ Other deletions. (19)
~ Registry Keys Tracing deleted (19)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 640
~ Items found : 1
~ Items cancelled : 0
~ Items repaired : 26


~ End of clean in 00h00mn25s
~====================
ZHPCleaner-[R]-11032017-19_29_52.txt
ZHPCleaner--11032017-19_27_12.txt



RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ****** [Administrator]
Started from : C:\Users\******\Desktop\Virus Stuff\RogueKillerX64.exe
Mode : Delete -- Date : 03/11/2017 19:46:46 (Duration : 00:18:53)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 192.168.0.221:3128 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 192.168.0.221:3128 -> ERROR [2]
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3113485377-2953679804-1031508582-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUM.Proxy][Firefox:Config] o3pp8go9.default-1457451338863 : user_pref("network.proxy.http", "192.168.0.221"); -> Deleted
[PUM.Proxy][Firefox:Config] o3pp8go9.default-1457451338863 : user_pref("network.proxy.http_port", 3128); -> Deleted
[PUM.Proxy][Firefox:Config] o3pp8go9.default-1457451338863 : user_pref("network.proxy.type", 1); -> Replaced (0)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 948b0143e7913946f5214fb9c90e8945
[BSP] 01e1d774ce13edc49aefae9472da5deb : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Home Premium x64
Ran by ****** (Administrator) on Sat 03/11/2017 at 20:08:29.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 16

Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67FN7DD3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3B2RN64 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9MMT042 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY4XI2D3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFWS14J1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSXO6BBK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNRZYX55 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WAPHMCXX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67FN7DD3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3B2RN64 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9MMT042 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY4XI2D3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFWS14J1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSXO6BBK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNRZYX55 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WAPHMCXX (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/11/2017 at 20:10:31.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v6.044 - Logfile created 11/03/2017 at 20:14:59
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-11.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : ****** - ******-PC
# Running from : C:\Users\******\Desktop\Virus Stuff\adwcleaner_6.044.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1179 Bytes] - [11/03/2017 20:14:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1252 Bytes] ##########

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Ran by ****** (11-03-2017 20:20:12)
Running from C:\Users\******\Desktop\Virus Stuff
Windows 7 Home Premium Service Pack 1 (X64) (2013-07-17 03:55:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3113485377-2953679804-1031508582-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3113485377-2953679804-1031508582-1004 - Limited - Enabled)
Guest (S-1-5-21-3113485377-2953679804-1031508582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3113485377-2953679804-1031508582-1002 - Limited - Enabled)
****** (S-1-5-21-3113485377-2953679804-1031508582-1000 - Administrator - Enabled) => C:\Users\******

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version: - )
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Akai EIE Pro USB Audio driver (HKLM\...\USB_AUDIO_DEusb-audio.deAkaiEIE) (Version: - )
ALLDATA Repair (HKLM-x32\...\{73090A5A-E0C0-4E0B-A320-E183877061A5}) (Version: 10.51.1000.101 - ALLDATA Corporation)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.12.0 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Auto Clicker Typer 1.0 (HKLM-x32\...\Auto Clicker Typer_is1) (Version: - A Software Plus)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.76 - Buffalo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
File Writer output plugin for WinAMP 2 v1.17(c) (remove only) (HKLM-x32\...\File Writer output plugin) (Version: - )
FNC 11 Installer (x32 Version: 11.06.0000 - Acresso Software) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
GNS3 0.8.7 (HKLM-x32\...\GNS3) (Version: 0.8.7 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.879 - Paramount Software (UK) Ltd.) Hidden
Media Player Classic - Home Cinema 1.6.1.4235 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.1.4235 - MPC-HC Team)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
PACE License Support Win64 (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6823 - Realtek Semiconductor Corp.)
Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Tag&Rename 3.7 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7 - Softpointer Inc)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.576 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1126644A-5791-46EF-B388-FCCC99455443} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {7768EB24-B97D-494E-AEA2-7BC990DE5602} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-20] (Adobe Systems Incorporated)
Task: {776A026D-36F9-4340-8DA2-E3F99BBEDB5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {C6D2E45F-78CC-41FD-81B6-59599E2EB142} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D0CF7A3C-6632-45F8-89E9-8BB37CAD5D7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-07 16:15 - 2015-02-03 21:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-21 15:16 - 2016-09-21 15:16 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-25 06:53 - 2017-01-24 06:51 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\PACE:BAE58937CBFFCB07 [1]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-07-24 09:57 - 2016-10-07 06:07 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\Control Panel\Desktop\\Wallpaper -> Ïöu
DNS Servers: 8.8.8.8 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Outlook 2007.lnk => C:\Windows\pss\Microsoft Office Outlook 2007.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{AD67C483-AC60-41BB-AA6A-6F29AFB8D06A}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [UDP Query User{C02AF7DB-64DC-464A-A265-114A4DE86935}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [{1F3499E8-655E-432D-8E46-DB2E4C4AF239}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{E20751D3-ACF2-479E-92E5-F3A406C8CF05}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{A1EA805D-A3B5-4079-B33A-FD26FEBAB8D4}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{37F3B9E2-EB1E-4AE1-BE6B-CEF37EC496E7}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2EE99B42-3919-4534-B710-EB69610D46AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{032587B6-A885-462D-B804-927DA9D1AD55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{077FACB6-55AC-4832-9097-C85A5D7D026C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4F5B9F22-C33A-4D83-9053-5482949DD1E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{51B26A99-E019-494B-95B0-1500FED4E4EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7408BE0-4307-42A0-8356-93EAE9B2CCBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{44466AEE-8566-4572-BDEF-DE303D8AE807}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [UDP Query User{DCD31EE1-4676-4A86-8ABB-39D2EDB735E1}D:\lotro 1\lotroclient.exe] => (Allow) D:\lotro 1\lotroclient.exe
FirewallRules: [TCP Query User{113F6EB5-3276-4474-861E-6E442A9A1347}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{EFA9DFE5-0481-4F1F-9A7D-A49258143EA7}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{2E973914-B053-4AE4-9C96-6F5982475618}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{7E4431AB-1944-4EF8-B85A-D6A0946732F9}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{9DD1246B-EB22-44D9-9D35-898337EC5652}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [TCP Query User{A5268866-D16A-4EC6-9440-D886DD5182E8}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [UDP Query User{18A19F28-115E-47B2-A1C9-28C16A276AEA}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [{83C19C54-7633-4BDB-99BC-BF5545CD7B49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF1B2D19-10C9-40B6-97A7-3941A6B4E33C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AA1814B4-675B-4A51-B85A-3409C5F0E60F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{95C89ED3-AB41-4B3B-BA3B-FDDFEB705E13}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AA1DB257-7E9F-4A58-AD69-209215D58549}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{70B7B4D9-1F62-4550-B771-B1C8D0150210}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A2830A0B-6DF1-48E6-A6ED-26392C03B918}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E1A6CE9-9055-4B96-9D21-764265CC8AEA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D29E484-46F0-4FF0-98E5-53E0E649FB8C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2FE6BBA8-5B29-400D-A0A5-CBF2F5B545C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F7C3E5EE-BED6-47B0-8C82-4999A0F5C7A4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2224901B-FE9E-4976-8B10-DC4BB4794154}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E179A782-F107-440A-8575-4931144BE997}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-02-2017 03:05:57 Windows Update
28-02-2017 03:06:33 Windows Update
07-03-2017 08:24:13 Windows Update
11-03-2017 14:50:16 Windows Update
11-03-2017 20:08:34 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2017 08:18:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/11/2017 08:17:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Faulting module name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Exception code: 0xc0000005
Fault offset: 0x000000000001133c
Faulting process id: 0x474
Faulting application start time: 0x01d29ace533c907a
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: a62a5c0d-06c1-11e7-a4b4-d43d7eb196c8

Error: (03/11/2017 07:41:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/11/2017 07:40:52 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 07:40:52 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 07:40:52 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 07:40:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/11/2017 07:40:38 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 07:40:36 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/11/2017 07:40:36 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (03/11/2017 08:17:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (03/11/2017 08:15:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/11/2017 08:15:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/11/2017 08:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Macrium Reflect Image Mounting Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 08:15:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PACE License Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (03/11/2017 08:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 08:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NAS PM Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 08:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 08:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Foxit Reader Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 08:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 17%
Total physical RAM: 8122.92 MB
Available physical RAM: 6695.87 MB
Total Virtual: 16244.02 MB
Available Virtual: 14821.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:178.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5390540C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Malware Teacher
Jul 22, 2016
2,797
491
#4
. Based on the timestamp
It is the same file, lets run a scanner that looks deeper than FRST, when we are done with this tool we will check one final time with FRST for any remnants




ZHP Diag Scan



Download ZHP Diag to your desktop.


1. Right Click Run as Admin.
2. Click the Scanner button.




When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
28
4
43
#5
~ ZHPDiag v2017.3.11.43 By Nicolas Coolman (2017/03/09)
~ Run by ****** (Administrator) (2017/03/11 21:09:40)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\******\Desktop\ZHPDiag.txt
~ Report: C:\Users\******\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

---\\ Internet Browsers (3) - 0s
~ GCIE: Google Chrome v56.0.2924.87
~ MFIE: Mozilla Firefox 51.0.1 (x86 en-US)
~ MSIE: Internet Explorer v11.0.9600.18537

---\\ Windows Product Information (4) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software (Superfluous) (1) - 0s
~ Zemana AntiMalware v2.70.576 (Superfluous)

---\\ Surveillance software (1) - 1s
~ Adobe Flash Player 24 NPAPI (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 8317.868 MB (78% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 182 GB (38%) free of 476 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: ******-PC
~ User Name: ******
~ Logged in as Administrator

---\\ Enumeration of the disk units (1) - 0s
~ Drive C: has 182 GB free of 476 GB (System)

---\\ State of the Windows Security Center (13) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

---\\ Search Generic System Files (24) - 0s
[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - 29/08/2016 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [3229696] =>.Microsoft Corporation
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 13/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [45568] =>.Microsoft Corporation
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 13/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [129024] =>.Microsoft Corporation
[MD5.105954F9BEAD700A6DF4B5B489FCCB4B] - 12/11/2016 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [2920960] =>.Microsoft Corporation
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - 16/07/2014 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [455168] =>.Microsoft Corporation
[MD5.067FA52BFB59A56110A12312EF9AF243] - 20/11/2010 - (.Microsoft Corporation - Software Licensing Library.) -- C:\Windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation
[MD5.492D07D79E7024CA310867B526D9636D] - 03/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation
[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 03/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\Syswow64\dnsapi.dll [270336] =>.Microsoft Corporation
[MD5.9A4A1EEE802BF2F878EE8EAB407B21B7] - 13/10/2015 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [497664] =>.Microsoft Corporation
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 13/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windows®
[MD5.B8BD2BB284668C84865658C77574381A] - 13/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 20/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation
[MD5.9B38580063D281A99E68EF5813022A5F] - 08/09/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [106496] =>.Microsoft Corporation
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 20/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 13/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 13/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation
[MD5.632E8A00090E4F85F304E152C92C7F2C] - 05/01/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [159744] =>.Microsoft Corporation
[MD5.E47D571FEC2C76E867935109AB2A770C] - 11/05/2016 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [262144] =>.Microsoft Corporation
[MD5.47B2D0B31BDC3EBE6090228E2BA3764D] - 11/01/2016 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1684416] =>.Microsoft Windows®
[MD5.0086431C29C35BE1DBC43F52CC273887] - 13/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 20/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 13/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation
[MD5.AA77EB517D2F07A947294F260E3ACA83] - 13/10/2015 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [118272] =>.Microsoft Corporation
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - 20/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [295808] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (15) - 1s
O23 - Service: Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
O23 - Service: Bonjour Service (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
O23 - Service: Foxit Reader Service (FoxitReaderService) . (.Foxit Software Inc. - Foxit Reader ConnectedPDF Windows Service..) - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe =>.Foxit Software Incorporated®
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: HASP License Manager (hasplms) . (.Aladdin Knowledge Systems Ltd. - Aladdin HASP License Manager Service.) - C:\Windows\system32\hasplms.exe =>.Aladdin Knowledge Systems Ltd.
O23 - Service: Handsfree Headset Service (HFGService) . (.CSR, plc - Handsfree Headset Service.) - C:\Windows\System32\HFGService.dll =>.CSR, plc
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\Windows\system32\igfxCUIService.exe =>.Intel Corporation
O23 - Service: NAS PM Service (NasPmService) . (.BUFFALO INC. - NAS Power Management Service.) - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe =>.BUFFALO INC.
O23 - Service: NVIDIA Network Service (NvNetworkService) . (.NVIDIA Corporation - NVIDIA Network Service.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe =>.NVIDIA Corporation®
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) . (.NVIDIA Corporation - NVIDIA Streamer Service.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe =>.NVIDIA Corporation®
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.4.) - C:\Windows\system32\nvvsvc.exe =>.NVIDIA Corporation
O23 - Service: PACE License Services (PaceLicenseDServices) . (.PACE Anti-Piracy, Inc. - PACE License Service.) - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe =>.PACE Anti-Piracy, Inc.®
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) . (.Paramount Software UK Ltd - Reflect Service - Enables mounting of image.) - C:\Program Files\Macrium\Reflect\ReflectService.exe =>.Paramount Software UK Ltd®
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®

---\\ Services not Microsoft (SR=Run, SS=Stop) (22) - 7s
SS - Demand [20/02/2017] [ 270936] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SR - Auto [05/08/2016] [ 83768] Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
SS - Demand [31/10/2014] [ 588024] BlackBerry Device Manager (BlackBerry Device Manager) . (.BlackBerry Limited.) - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe =>.BlackBerry Ltd.®
SR - Auto [12/08/2015] [ 462096] Bonjour Service (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
SS - Demand [01/10/2014] [ 281488] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWOW64\IntelCpHeciSvc.exe =>.Intel Corporation - pGFX®
SR - Auto [29/12/2016] [ 1659592] Foxit Reader Service (FoxitReaderService) . (.Foxit Software Inc..) - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe =>.Foxit Software Incorporated®
SS - Auto [05/02/2016] [ 154440] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [05/02/2016] [ 154440] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SR - Auto [21/04/2009] [ 2869760] HASP License Manager (hasplms) . (.Aladdin Knowledge Systems Ltd..) - C:\Windows\system32\hasplms.exe =>.Aladdin Knowledge Systems Ltd.
SR - Auto [21/12/2009] [ 535552] Handsfree Headset Service (HFGService) . (.CSR, plc.) - C:\Windows\System32\HFGService.dll =>.CSR, plc
SS - Demand [22/10/2004] [ 73728] InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe =>.Macrovision Corporation
SS - Auto [01/10/2014] [ 319376] Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\system32\igfxCUIService.exe =>.Intel Corporation - pGFX®
SS - Demand [09/09/2016] [ 651576] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe =>.Apple Inc.®
SS - Demand [22/09/2016] [ 172488] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
SR - Auto [21/11/2013] [ 245760] NAS PM Service (NasPmService) . (.BUFFALO INC..) - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe =>.BUFFALO INC.
SR - Auto [25/07/2014] [ 1720608] NVIDIA Network Service (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe =>.NVIDIA Corporation®
SR - Auto [25/07/2014] [18956064] NVIDIA Streamer Service (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe =>.NVIDIA Corporation®
SR - Auto [03/02/2015] [ 932040] NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe =>.NVIDIA Corporation®
SR - Auto [05/02/2015] [18009504] PACE License Services (PaceLicenseDServices) . (.PACE Anti-Piracy, Inc..) - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe =>.PACE Anti-Piracy, Inc.®
SR - Auto [12/10/2015] [ 3476432] Macrium Reflect Image Mounting Service (ReflectService.exe) . (.Paramount Software UK Ltd.) - C:\Program Files\Macrium\Reflect\ReflectService.exe =>.Paramount Software UK Ltd®
SS - Auto [25/07/2016] [ 324224] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
SR - Auto [25/07/2016] [ 324224] NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®

---\\ Task Planned Automatically (10) - 7s
[MD5.89ECFB35517F62C3802B227F288B750E] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [324224] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.3B2336A8281ABE998D156B580D6FAC4F] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [324224] (.Activate.) =>.Piriform Ltd®
[MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [324224] (.Activate.) =>.Google Inc®
[MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [324224] (.Activate.) =>.Google Inc®
[MD5.23985274780D27117C470AA259B79B30] [APT] [Apple\AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [324224] (.Activate.) =>.Apple Inc.®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [324224] =>.Adobe Systems Incorporated®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [324224] =>.Adobe Systems Incorporated®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [324224] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [324224] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [324224] =>.Google Inc®

---\\ Auto loading programs from Registry and folders (4) - 0s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

---\\ Process running (25) - 0s
[MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.4.) -- C:\Windows\system32\nvvsvc.exe [0] [PID.824] =>.NVIDIA Corporation
[MD5.32B37DD6E7D423DF3CF3B196C8005F85] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [409800] [PID.848] =>.NVIDIA Corporation®
[MD5.90B24138CAA9A068B2E1C3B2A913789A] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1200328] [PID.1356] =>.NVIDIA Corporation®
[MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 341.4.) -- C:\Windows\system32\nvvsvc.exe [0] [PID.1364] =>.NVIDIA Corporation
[MD5.885888F8AAD89108A5EE2D0174690220] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768] [PID.1684] =>.Apple Inc.®
[MD5.B5C2F92EE1106DFE7BB1CCE4D35B6037] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [462096] [PID.1928] =>.Apple Inc.®
[MD5.46FB1A0445ADBE490A1B14F5D68A0E15] - (.Foxit Software Inc. - Foxit Reader ConnectedPDF Windows Service..) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592] [PID.2028] =>.Foxit Software Incorporated®
[MD5.00000000000000000000000000000000] - (.Aladdin Knowledge Systems Ltd. - Aladdin HASP License Manager Service.) -- C:\Windows\system32\hasplms.exe [0] [PID.1596] =>.Aladdin Knowledge Systems Ltd.
[MD5.8B866F4B58CB07765C0FEB13100ECF2B] - (.BUFFALO INC. - NAS Power Management Service.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760] [PID.2056] =>.BUFFALO INC.
[MD5.45D6780D0525D7BC29E2E3605CA73C18] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608] [PID.2120] =>.NVIDIA Corporation®
[MD5.E5597D09E5239C0F908948DB7057AC26] - (.NVIDIA Corporation - NVIDIA Streamer Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064] [PID.2144] =>.NVIDIA Corporation®
[MD5.CF68416210A56B51C64BCA85AC63A503] - (.PACE Anti-Piracy, Inc. - PACE License Service.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [18009504] [PID.2460] =>.PACE Anti-Piracy, Inc.®
[MD5.302266897C0E1C64340F2EA0C4029DCB] - (.Paramount Software UK Ltd - Reflect Service - Enables mounting of image.) -- C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432] [PID.2552] =>.Paramount Software UK Ltd®
[MD5.27E9C689B3FC1BDAED9B2B3681D833F3] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [2446992] [PID.2836] =>.NVIDIA Corporation®
[MD5.05470C684B62C2F86325D8685E4513CB] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104] [PID.2848] =>.NVIDIA Corporation®
[MD5.E5597D09E5239C0F908948DB7057AC26] - (.NVIDIA Corporation - NVIDIA Streamer Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064] [PID.2796] =>.NVIDIA Corporation®
[MD5.750446ED76A5D13E902174DDDDA1A62B] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440] [PID.4572] =>.Google Inc®
[MD5.FE40EC349D80C0ED24A5808DCFE9A0D2] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe [288920] [PID.4592] =>.Google Inc®
[MD5.B5C7D56B6DB76C66E24B4B735BB66509] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe [366232] [PID.4600] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496] [PID.4544] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496] [PID.4520] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496] [PID.4496] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496] [PID.1732] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496] [PID.4164] =>.Google Inc®
[MD5.8E250FADD558485AF6AD0DC33F40C09D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\******\Desktop\Virus Stuff\ZHPDiag3.exe [2708480] [PID.4740] =>.Nicolas Coolman

---\\ Google Chrome, Start,Search,Extensions (12) - 0s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ajax.googleapis.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d31qbv1cthcecs.cloudfront.net =>.Superfluous.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d5nxst8fruw4z.cloudfront.net =>.Superfluous.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://pchelpforum.net
G0 - GCSP: Preferences [User Data\Default][HomePage] http://pchf2-jew4efcjsvzg0rz43cny.stackpathdns.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://plus.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.com =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (3) - 1s
M0 - MFSP: prefs.js [****** - o3pp8go9.default-1457451338863] http://www.google.com/ =>.Google Inc.
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll =>.Adobe Systems Incorporated
P2 - FPN: [HKLM] [@RIM.com/WebSLLauncher,version=1.0] - (.Research In Motion.) -- C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll =>.Research In Motion

---\\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com =>.Google Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKEY_USERS\S-1-5-21-3113485377-2953679804-1031508582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/ =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (9) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)

---\\ Global shortcuts Startup (154) - 8s
O4 - GS\Desktop [Administrator]: Share (LS-QVL24C) (Y) - Shortcut.lnk . (...) Y:\
O4 - GS\Desktop [Administrator]: share2 (LS-QL5E5) (Z) - Shortcut.lnk . (...) Z:\
O4 - GS\Desktop [Administrator]: Sleep List (with wake up) - Shortcut.lnk . (...) C:\Sleep Playlist\Sleep List (with wake up).m3u
O4 - GS\Desktop [Administrator]: to do - Shortcut.lnk . (...) Z:\to do.txt
O4 - GS\Desktop [Administrator]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\******\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\******\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [Administrator]: Foxit Reader.lnk . (.Foxit Software Inc. - Foxit Reader 8.2.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe =>.Foxit Software Incorporated®
O4 - GS\Quicklaunch [Administrator]: iTunes (2).lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Quicklaunch [Administrator]: Microsoft Office Excel 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Administrator]: Microsoft Office Outlook 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Administrator]: Microsoft Office Word 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Administrator]: Notepad++.lnk . (.Don HO [email protected] - Notepad++ : a free (GNU) source code editor.) C:\Program Files (x86)\Notepad++\notepad++.exe =>.Notepad++®
O4 - GS\Quicklaunch [Administrator]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [Administrator]: Password Safe.lnk . (.SourceForge.net - Password Safe Application.) C:\Program Files (x86)\Password Safe\pwsafe.exe =>.SourceForge.net
O4 - GS\Quicklaunch [Administrator]: PUTTY.EXE - Shortcut.lnk . (.Simon Tatham - SSH, Telnet and Rlogin client.) C:\Users\******\Desktop\Putty\PUTTY.EXE =>.Simon Tatham
O4 - GS\Quicklaunch [Administrator]: Skype (2).lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Software Sarl®
O4 - GS\Quicklaunch [Administrator]: WINAMP.LNK . (.Nullsoft - Winamp.) C:\Program Files (x86)\Winamp\winamp.exe =>.Nullsoft
O4 - GS\Quicklaunch [Administrator]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: Microsoft Office Outlook 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [ASPNET]: Share (LS-QVL24C) (Y) - Shortcut.lnk . (...) Y:\
O4 - GS\Desktop [ASPNET]: share2 (LS-QL5E5) (Z) - Shortcut.lnk . (...) Z:\
O4 - GS\Desktop [ASPNET]: Sleep List (with wake up) - Shortcut.lnk . (...) C:\Sleep Playlist\Sleep List (with wake up).m3u
O4 - GS\Desktop [ASPNET]: to do - Shortcut.lnk . (...) Z:\to do.txt
O4 - GS\Desktop [ASPNET]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\******\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [ASPNET]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\******\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [ASPNET]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [ASPNET]: Foxit Reader.lnk . (.Foxit Software Inc. - Foxit Reader 8.2.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe =>.Foxit Software Incorporated®
O4 - GS\Quicklaunch [ASPNET]: iTunes (2).lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Quicklaunch [ASPNET]: Microsoft Office Excel 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [ASPNET]: Microsoft Office Outlook 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [ASPNET]: Microsoft Office Word 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [ASPNET]: Notepad++.lnk . (.Don HO [email protected] - Notepad++ : a free (GNU) source code editor.) C:\Program Files (x86)\Notepad++\notepad++.exe =>.Notepad++®
O4 - GS\Quicklaunch [ASPNET]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [ASPNET]: Password Safe.lnk . (.SourceForge.net - Password Safe Application.) C:\Program Files (x86)\Password Safe\pwsafe.exe =>.SourceForge.net
O4 - GS\Quicklaunch [ASPNET]: PUTTY.EXE - Shortcut.lnk . (.Simon Tatham - SSH, Telnet and Rlogin client.) C:\Users\******\Desktop\Putty\PUTTY.EXE =>.Simon Tatham
O4 - GS\Quicklaunch [ASPNET]: Skype (2).lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Software Sarl®
O4 - GS\Quicklaunch [ASPNET]: WINAMP.LNK . (.Nullsoft - Winamp.) C:\Program Files (x86)\Winamp\winamp.exe =>.Nullsoft
O4 - GS\Quicklaunch [ASPNET]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\sendTo [ASPNET]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [ASPNET]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [ASPNET]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [ASPNET]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [ASPNET]: Microsoft Office Outlook 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [ASPNET]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [ASPNET]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [ASPNET]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: Share (LS-QVL24C) (Y) - Shortcut.lnk . (...) Y:\
O4 - GS\Desktop [Guest]: share2 (LS-QL5E5) (Z) - Shortcut.lnk . (...) Z:\
O4 - GS\Desktop [Guest]: Sleep List (with wake up) - Shortcut.lnk . (...) C:\Sleep Playlist\Sleep List (with wake up).m3u
O4 - GS\Desktop [Guest]: to do - Shortcut.lnk . (...) Z:\to do.txt
O4 - GS\Desktop [Guest]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\******\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\******\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [Guest]: Foxit Reader.lnk . (.Foxit Software Inc. - Foxit Reader 8.2.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe =>.Foxit Software Incorporated®
O4 - GS\Quicklaunch [Guest]: iTunes (2).lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Quicklaunch [Guest]: Microsoft Office Excel 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Guest]: Microsoft Office Outlook 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Guest]: Microsoft Office Word 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Guest]: Notepad++.lnk . (.Don HO [email protected] - Notepad++ : a free (GNU) source code editor.) C:\Program Files (x86)\Notepad++\notepad++.exe =>.Notepad++®
O4 - GS\Quicklaunch [Guest]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [Guest]: Password Safe.lnk . (.SourceForge.net - Password Safe Application.) C:\Program Files (x86)\Password Safe\pwsafe.exe =>.SourceForge.net
O4 - GS\Quicklaunch [Guest]: PUTTY.EXE - Shortcut.lnk . (.Simon Tatham - SSH, Telnet and Rlogin client.) C:\Users\******\Desktop\Putty\PUTTY.EXE =>.Simon Tatham
O4 - GS\Quicklaunch [Guest]: Skype (2).lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Software Sarl®
O4 - GS\Quicklaunch [Guest]: WINAMP.LNK . (.Nullsoft - Winamp.) C:\Program Files (x86)\Winamp\winamp.exe =>.Nullsoft
O4 - GS\Quicklaunch [Guest]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: Microsoft Office Outlook 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [******]: Share (LS-QVL24C) (Y) - Shortcut.lnk . (...) Y:\
O4 - GS\Desktop [******]: share2 (LS-QL5E5) (Z) - Shortcut.lnk . (...) Z:\
O4 - GS\Desktop [******]: Sleep List (with wake up) - Shortcut.lnk . (...) C:\Sleep Playlist\Sleep List (with wake up).m3u
O4 - GS\Desktop [******]: to do - Shortcut.lnk . (...) Z:\to do.txt
O4 - GS\Desktop [******]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\******\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [******]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\******\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [******]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [******]: Foxit Reader.lnk . (.Foxit Software Inc. - Foxit Reader 8.2.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe =>.Foxit Software Incorporated®
O4 - GS\Quicklaunch [******]: iTunes (2).lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Quicklaunch [******]: Microsoft Office Excel 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [******]: Microsoft Office Outlook 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [******]: Microsoft Office Word 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [******]: Notepad++.lnk . (.Don HO [email protected] - Notepad++ : a free (GNU) source code editor.) C:\Program Files (x86)\Notepad++\notepad++.exe =>.Notepad++®
O4 - GS\Quicklaunch [******]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [******]: Password Safe.lnk . (.SourceForge.net - Password Safe Application.) C:\Program Files (x86)\Password Safe\pwsafe.exe =>.SourceForge.net
O4 - GS\Quicklaunch [******]: PUTTY.EXE - Shortcut.lnk . (.Simon Tatham - SSH, Telnet and Rlogin client.) C:\Users\******\Desktop\Putty\PUTTY.EXE =>.Simon Tatham
O4 - GS\Quicklaunch [******]: Skype (2).lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Software Sarl®
O4 - GS\Quicklaunch [******]: WINAMP.LNK . (.Nullsoft - Winamp.) C:\Program Files (x86)\Winamp\winamp.exe =>.Nullsoft
O4 - GS\Quicklaunch [******]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\sendTo [******]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [******]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [******]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [******]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [******]: Microsoft Office Outlook 2007.lnk . (...) C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [******]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [******]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [******]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\CommonDesktop [Public]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Program Files (x86)\Audacity\audacity.exe =>.The Audacity Team
O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: Foxit Reader.lnk . (.Foxit Software Inc. - Foxit Reader 8.2.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe =>.Foxit Software Incorporated®
O4 - GS\CommonDesktop [Public]: MediaMonkey.lnk . (.Ventis Media Inc. - MediaMonkey.) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe =>.Ventis Media, Inc.®
O4 - GS\CommonDesktop [Public]: Reason 8.lnk . (.Propellerhead Software AB - Reason.) C:\Program Files\Propellerhead\Reason 8\Reason.exe =>.Propellerhead Software AB®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\Windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Bluetooth File Transfer Wizard.lnk . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\Windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\system32\mblctr.exe /open =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\Windows\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\Windows\system32\rundll32.exe %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\Windows\system32\perfmon.exe /res =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) C:\Windows\system32\taskschd.msc /s =>..Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\Windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\Windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Apple Software Update.lnk . (...) C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe =>.Apple Inc.
O4 - GS\ProgramsCommon [Public]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Program Files (x86)\Audacity\audacity.exe =>.The Audacity Team
O4 - GS\ProgramsCommon [Public]: GIMP 2.lnk . (.Spencer Kimball, Peter Mattis and the GIMP Developmen - GNU Image Manipulation Program.) C:\Program Files\GIMP 2\bin\gimp-2.8.exe =>.Jernej Simončič®
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: iLok License Manager.lnk . (.PACE Anti-Piracy, Inc. - iLok License Manager.) C:\Program Files (x86)\iLok License Manager\iLok License Manager.exe =>.PACE Anti-Piracy, Inc.®
O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files (x86)\Windows Sidebar\sidebar.exe /showgadgets =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Windows Anytime Upgrade User Interface.) C:\Windows\system32\WindowsAnytimeUpgradeUI.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\Windows\system32\xpsrchvw.exe =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (1) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\..\{71B88154-5A6B-457A-ADCF-3F33C69C7093}: NameServer = 8.8.8.8,75.114.81.2 =>.Google Inc

---\\ Extra protocols (23) - 0s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll =>.Microsoft Corporation®
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: skype4com [64Bits] - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype4COM.) -- C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll =>.Skype Software Sarl®
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL =>.Microsoft Corporation®

---\\ BootExecute (BEX) (1) - 0s
O34 - HKLM BootExecute: (PCloudBroom64.exe)

---\\ Software installed (73) - 7s
O42 - Logiciel: 9-lab Removal Tool - (..) [HKLM][64Bits] -- 9-lab Removal Tool =>.9-Lab®
O42 - Logiciel: Adobe Flash Player 24 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Flash Player 24 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Akai EIE Pro USB Audio driver - (..) [HKLM][64Bits] -- USB_AUDIO_DEusb-audio.deAkaiEIE {0100000000012D75EC58CD}
O42 - Logiciel: ALLDATA Repair - (.ALLDATA Corporation.) [HKLM][64Bits] -- {73090A5A-E0C0-4E0B-A320-E183877061A5}
O42 - Logiciel: AnyDVD - (.SlySoft.) [HKLM][64Bits] -- AnyDVD =>.SlySoft
O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM][64Bits] -- {29DB9165-5FC1-48F0-9188-26123F526848} =>.Apple Inc.
O42 - Logiciel: Apple Application Support (64-bit) - (.Apple Inc..) [HKLM][64Bits] -- {5905C8CF-1C88-4478-A48E-4E458AD1BC7E} =>.Apple Inc.
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {D4D86CB2-2370-4691-8272-3869EDED6C64} =>.Apple Inc.
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {56EC47AA-5813-4FF6-8E75-544026FBEA83} =>.Apple Inc.
O42 - Logiciel: Ashampoo Burning Studio FREE v.1.12.0 - (.Ashampoo GmbH & Co. KG.) [HKLM][64Bits] -- {91B33C97-91F8-FFB3-581B-BC952C901685}_is1 =>.Ashampoo GmbH & Co. KG®
O42 - Logiciel: ASIO4ALL - (.Michael Tippach.) [HKLM][64Bits] -- ASIO4ALL =>.Michael Tippach
O42 - Logiciel: Audacity 2.0.6 - (.Audacity Team.) [HKLM][64Bits] -- Audacity_is1 =>.Audacity Team
O42 - Logiciel: Audacity 2.1.2 - (.Audacity Team.) [HKLM][64Bits] -- Audacity®_is1 =>.Audacity Team
O42 - Logiciel: Authorizer 2.9.0d5 - (.Propellerhead Software AB.) [HKLM][64Bits] -- {F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1 =>.Propellerhead Software AB
O42 - Logiciel: Auto Clicker Typer 1.0 - (.A Software Plus.) [HKLM][64Bits] -- Auto Clicker Typer_is1 =>.A Software Plus
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] -- {56DDDFB8-7F79-4480-89D5-25E1F52AB28F} =>.Apple Inc.
O42 - Logiciel: BUFFALO NAS Navigator2 - (.Buffalo Inc..) [HKLM][64Bits] -- UN060501 {0385D431CBCF4DA93FE9B1D867931299} =>.BUFFALO INC.
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM][64Bits] -- DVD Shrink_is1 =>.DVD Shrink
O42 - Logiciel: File Writer output plugin for WinAMP 2 v1.17(c) (remove only) - (..) [HKLM][64Bits] -- File Writer output plugin
O42 - Logiciel: FNC 11 Installer - (.Acresso Software.) [HKLM][64Bits] -- {0FE07808-87DF-45A7-AEF8-97F3A60F4E00}
O42 - Logiciel: Foxit Reader - (.Foxit Software Inc..) [HKLM][64Bits] -- Foxit Reader_is1 =>.Foxit Software Incorporated®
O42 - Logiciel: GEAR driver installer for AMD64 and Intel EM64T - (.GEAR Software, Inc..) [HKLM][64Bits] -- {50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}
O42 - Logiciel: GIMP 2.8.18 - (.The GIMP Team.) [HKLM][64Bits] -- GIMP-2_is1 =>.Jernej Simončič®
O42 - Logiciel: GNS3 0.8.7 - (..) [HKLM][64Bits] -- GNS3
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation - pGFX®
O42 - Logiciel: IrfanView (remove only) - (.Irfan Skiljan.) [HKLM][64Bits] -- IrfanView =>.Irfan Skiljan®
O42 - Logiciel: IrfanView 64 (remove only) - (.Irfan Skiljan.) [HKLM][64Bits] -- IrfanView64 =>.Irfan Skiljan
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9} =>.Apple Inc.
O42 - Logiciel: Line 6 Uninstaller - (.Line 6.) [HKLM][64Bits] -- Line 6 Uninstaller =>.Line 6®
O42 - Logiciel: Logitech High Quality Video - (.Logitech, Inc..) [HKLM][64Bits] -- {281D28EC-1357-4778-B2D7-DEA56D70EF96} =>.Logitech, Inc.
O42 - Logiciel: Logitech Webcam Software Driver Package - (.Logitech Inc..) [HKLM][64Bits] -- lvdrivers_12.10 =>.Logitech Inc.
O42 - Logiciel: Macrium Reflect Free Edition - (.Paramount Software (UK) Ltd..) [HKLM][64Bits] -- {025386EB-9F99-4F98-AB2C-638A84F9203C} =>.Paramount Software (UK) Ltd.
O42 - Logiciel: Macrium Reflect Free Edition - (.Paramount Software (UK) Ltd..) [HKLM][64Bits] -- MacriumReflect =>.Paramount Software UK Ltd®
O42 - Logiciel: Media Player Classic - Home Cinema 1.6.1.4235 x64 - (.MPC-HC Team.) [HKLM][64Bits] -- {2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1 =>.MPC-HC Team
O42 - Logiciel: MediaMonkey 4.1 - (.Ventis Media Inc..) [HKLM][64Bits] -- MediaMonkey_is1 =>.Ventis Media Inc.
O42 - Logiciel: Mozilla Firefox 51.0.1 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 51.0.1 (x86 en-US) =>.Mozilla Corporation®
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: Neat Mobile Scanner Driver - (.The Neat Company.) [HKLM][64Bits] -- {7EA2D88A-C8B7-4102-8644-0A437B6FC143}
O42 - Logiciel: Notepad++ - (.Notepad++ Team.) [HKLM][64Bits] -- Notepad++ =>.Notepad++ Team
O42 - Logiciel: NVIDIA 3D Vision Controller Driver 340.50 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA 3D Vision Driver 341.44 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Control Panel 341.44 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA GeForce Experience 2.1.1 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Graphics Driver 341.44 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA LED Visualizer 1.0 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Network Service - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX System Software 9.16.0318 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA ShadowPlay 15.3.33 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo =>.NVIDIA Corporation®
O42 - Logiciel: NVIDIA Update 15.3.33 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Update Core - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Virtual Audio 1.2.23 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver =>.NVIDIA Corporation
O42 - Logiciel: PACE License Support Win64 - (.PACE Anti-Piracy, Inc..) [HKLM][64Bits] -- {72ad9d51-0903-4fe7-af5d-33b3185fa6e9} =>.PACE Anti-Piracy, Inc.
O42 - Logiciel: Password Safe - (..) [HKLM][64Bits] -- Password Safe
O42 - Logiciel: Python 2.7.10 (64-bit) - (.Python Software Foundation.) [HKLM][64Bits] -- {E2B51919-207A-43EB-AE78-733F9C6797C3} =>.Python Software Foundation
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM][64Bits] -- {57752979-A1C9-4C02-856B-FBB27AC4E02C} =>Riskware.QuickTime
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp.
O42 - Logiciel: Reason 8 8.3.2d7 - (.Propellerhead Software AB.) [HKLM][64Bits] -- Reason8.0Stable_64_is1 =>.Propellerhead Software AB
O42 - Logiciel: SHIELD Streaming - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv =>.NVIDIA Corporation
O42 - Logiciel: Skype™ 7.28 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {FC965A47-4839-40CA-B618-18F486F042C6} =>.Skype Technologies S.A.
O42 - Logiciel: Tag&Rename 3.7 - (.Softpointer Inc.) [HKLM][64Bits] -- Tag&Rename_is1 {009B5D9ACC30DA5DC1E782623935B1D9A5} =>.Softpointer Inc
O42 - Logiciel: Ventrilo Client - (.Flagship Industries, Inc..) [HKLM][64Bits] -- {789289CA-F73A-4A16-A331-54D498CE069F} =>.Flagship Industries, Inc.
O42 - Logiciel: Winamp (remove only) - (..) [HKLM][64Bits] -- Winamp
O42 - Logiciel: WinPcap 4.1.3 - (.Riverbed Technology, Inc..) [HKLM][64Bits] -- WinPcapInst =>.Riverbed Technology, Inc.
O42 - Logiciel: WinRAR 5.40 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver =>.win.rar GmbH®
O42 - Logiciel: WinRAR archiver - (.RarLab.) [HKLM][64Bits] -- WinRAR archiver =>.RarLab
O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM][64Bits] -- {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.®

---\\ HKCU & HKLM Software Keys (129) - 8s
HKLM\SOFTWARE\Wow6432Node\Adware Removal Tool by TSA =>.TSA Softwares
HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\Wow6432Node\ahead =>.Ahead
HKLM\SOFTWARE\Wow6432Node\Aladdin Knowledge Systems =>.Aladdin Knowledge Systems
HKLM\SOFTWARE\Wow6432Node\ALLDATA Corporation
HKLM\SOFTWARE\Wow6432Node\Apple Computer, Inc. =>.Apple Computer, Inc.
HKLM\SOFTWARE\Wow6432Node\Apple Inc. =>.Apple Inc.
HKLM\SOFTWARE\Wow6432Node\Ashampoo =>.Ashampoo
HKLM\SOFTWARE\Wow6432Node\ASIO =>.Steinberg Media Technologies
HKLM\SOFTWARE\Wow6432Node\ASIO4ALL =>.Michael Tippach
HKLM\SOFTWARE\Wow6432Node\AZCommercial
HKLM\SOFTWARE\Wow6432Node\Cygwin =>.Cygwin
HKLM\SOFTWARE\Wow6432Node\Extended Systems =>.iAnywhere Solutions, Inc.
HKLM\SOFTWARE\Wow6432Node\FlashIntegro
HKLM\SOFTWARE\Wow6432Node\Foxit Software =>.Foxit Software
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\IM Providers =>.IM Providers
HKLM\SOFTWARE\Wow6432Node\InstallShield =>.InstallShield
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\IrfanView =>.Irfan Skiljan
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Line 6 =>.Line 6
HKLM\SOFTWARE\Wow6432Node\macrium =>.Macrium
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware =>.Malwarebytes' Anti-Malware
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware (Trial) =>.Malwarebytes
HKLM\SOFTWARE\Wow6432Node\MicroWorld =>.MicroWorld Technologies Inc.
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\MSI =>.MSI
HKLM\SOFTWARE\Wow6432Node\Nero =>.Ahead Corporation
HKLM\SOFTWARE\Wow6432Node\Notepad++ =>.Don Ho
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\Panda Security =>.Panda Security
HKLM\SOFTWARE\Wow6432Node\Panda Software =>.Panda Software
HKLM\SOFTWARE\Wow6432Node\Propellerhead Software =>.Propellerhead Software
HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Redemption =>.Legitimate
HKLM\SOFTWARE\Wow6432Node\Research In Motion =>.Research In Motion
HKLM\SOFTWARE\Wow6432Node\Skype =>.Skype
HKLM\SOFTWARE\Wow6432Node\SlySoft =>.SlySoft
HKLM\SOFTWARE\Wow6432Node\SolarWinds
HKLM\SOFTWARE\Wow6432Node\The Neat Company
HKLM\SOFTWARE\Wow6432Node\Turbine =>.Turbine
HKLM\SOFTWARE\Wow6432Node\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\WinPcap =>.Riverbed Technology
HKLM\SOFTWARE\Wow6432Node\Wow6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\9-lab =>.9-lab
HKCU\SOFTWARE\Ahead =>.Ahead
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
HKCU\SOFTWARE\Ashampoo =>.Ashampoo
HKCU\SOFTWARE\ASIO4ALL v2 by Wuschel =>.Unknow
HKCU\SOFTWARE\Audacity =>.Audacity
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\Cygwin =>.Cygwin
HKCU\SOFTWARE\DivXNetworks =>.DivXNetworks
HKCU\SOFTWARE\Dropbox =>.Dropbox
HKCU\SOFTWARE\DropboxUpdate =>.Dropbox Inc.
HKCU\SOFTWARE\DVD Shrink =>.DVD Shrink
HKCU\SOFTWARE\Extended Systems =>.iAnywhere Solutions, Inc.
HKCU\SOFTWARE\FLEXnet =>.FlexNet
HKCU\SOFTWARE\Foxit Software =>.Foxit Software
HKCU\SOFTWARE\Gabest =>.Gabest
HKCU\SOFTWARE\geissplugin
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\Hewlett-Packard =>.Hewlett-Packard
HKCU\SOFTWARE\HHD Software =>.HHD Software
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\Infinity Software
HKCU\SOFTWARE\InstallShield =>.InstallShield
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\Lexmark =>.Lexmark
HKCU\SOFTWARE\LinuxLive =>.LinuxLive Team
HKCU\SOFTWARE\Logitech =>.Logitech
HKCU\SOFTWARE\Macrium =>.Macrium
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\MainConcept =>.MainConcept AG
HKCU\SOFTWARE\Malwarebytes' Anti-Malware =>.Malwarebytes' Anti-Malware
HKCU\SOFTWARE\McAfee =>.McAfee Inc.
HKCU\SOFTWARE\MediaLooks
HKCU\SOFTWARE\MediaMonkey
HKCU\SOFTWARE\MELCO INC =>.Melco Inc
HKCU\SOFTWARE\MicroWorld =>.MicroWorld Technologies Inc.
HKCU\SOFTWARE\MixMeister Technology
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\ORL
HKCU\SOFTWARE\PaceAP
HKCU\SOFTWARE\Paramount Software (UK) Ltd. =>.Paramount Software (UK) Ltd.
HKCU\SOFTWARE\Password Safe
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\Propellerhead Software =>.Propellerhead Software
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\Redemption =>.Legitimate
HKCU\SOFTWARE\Research In Motion =>.Research In Motion
HKCU\SOFTWARE\SimonTatham =>.Simon Tatham
HKCU\SOFTWARE\Skype =>.Skype
HKCU\SOFTWARE\SlySoft =>.SlySoft
HKCU\SOFTWARE\Softpointer =>.Softpointer
HKCU\SOFTWARE\SolarWinds
HKCU\SOFTWARE\TightVNC =>.TightVNC Project
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\Turbine =>.Turbine
HKCU\SOFTWARE\Unity =>.Unity
HKCU\SOFTWARE\Ventrilo
HKCU\SOFTWARE\Winamp =>.Nullsoft Inc.
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\Wintertree =>.Wintertree Software
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\Yahoo! Connector
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\AppDataLow\Software\UM
HKCU\SOFTWARE\AppDataLow\Software\Unity =>.Unity

---\\ Contents of the Common Files folders (274) - 6s
O43 - CFD: 30/09/2016 - [] D -- C:\Program Files\9-lab =>.9-Lab®
O43 - CFD: 06/10/2016 - [] D -- C:\Program Files\Bonjour =>.Apple Inc.
O43 - CFD: 09/03/2015 - [] D -- C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 24/09/2016 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 19/06/2014 - [] D -- C:\Program Files\GIMP 2 =>.Jernej Simončič®
O43 - CFD: 09/03/2016 - [] D -- C:\Program Files\GNS3
O43 - CFD: 02/07/2015 - [] D -- C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 20/02/2017 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 06/10/2016 - [] D -- C:\Program Files\iPod =>.Apple Inc.®
O43 - CFD: 06/10/2016 - [] D -- C:\Program Files\IrfanView =>.Irfan skiljan
O43 - CFD: 06/10/2016 - [] D -- C:\Program Files\iTunes =>.Apple Inc.
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files\Macrium =>.Paramount Software UK Ltd®
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files\Media Player Classic - Home Cinema
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 18/09/2015 - [] D -- C:\Program Files\Mixxx
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 07/03/2015 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 08/05/2016 - [] D -- C:\Program Files\Propellerhead =>.Propellerhead Software AB®
O43 - CFD: 16/07/2013 - [] D -- C:\Program Files\Realtek =>.Realtek
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 24/09/2016 - [] D -- C:\Program Files\VcXsrv
O43 - CFD: 16/07/2013 - [] D -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 02/10/2016 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 20/11/2010 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 06/10/2016 - [] D -- C:\Program Files\WinRAR =>.win.rar GmbH®
O43 - CFD: 08/03/2016 - [] D -- C:\Program Files (x86)\Adware Removal Tool by TSA =>.TSA Softwares
O43 - CFD: 08/03/2016 - [] D -- C:\Program Files (x86)\AdwCleaner =>.xPlode
O43 - CFD: 06/10/2016 - [] D -- C:\Program Files (x86)\Apple Software Update =>.Apple Inc.
O43 - CFD: 15/02/2014 - [] D -- C:\Program Files (x86)\Ashampoo =>.Ashampoo GmbH
O43 - CFD: 09/03/2015 - [] D -- C:\Program Files (x86)\ASIO4ALL v2 =>.Michael Tippach
O43 - CFD: 10/10/2016 - [] D -- C:\Program Files (x86)\Audacity =>.Audacity
O43 - CFD: 19/09/2015 - [] D -- C:\Program Files (x86)\Auto Clicker Typer
O43 - CFD: 06/10/2016 - [] D -- C:\Program Files (x86)\Bonjour =>.Apple Inc.
O43 - CFD: 22/09/2014 - [] D -- C:\Program Files (x86)\BUFFALO =>.Buffalo Technology
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 15/02/2014 - [] D -- C:\Program Files (x86)\DVD Shrink =>.DVD Shrink
O43 - CFD: 09/03/2015 - [] D -- C:\Program Files (x86)\energyXT2
O43 - CFD: 19/01/2016 - [] D -- C:\Program Files (x86)\Foxit Software =>.Foxit Software
O43 - CFD: 05/02/2016 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 11/09/2015 - [] D -- C:\Program Files (x86)\iLok License Manager =>.PACE Anti-Piracy, Inc.®
O43 - CFD: 09/03/2015 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 02/07/2015 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 20/02/2017 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files (x86)\IrfanView =>.Irfan skiljan
O43 - CFD: 08/06/2014 - [] D -- C:\Program Files (x86)\MediaMonkey
O43 - CFD: 23/07/2013 - [] D -- C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio =>.Microsoft Corporation
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files (x86)\Microsoft Works =>.Microsoft Corporation
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 29/01/2017 - [] D -- C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
O43 - CFD: 07/10/2016 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 14/03/2015 - [] D -- C:\Program Files (x86)\MSECache =>.Microsoft Corporation
O43 - CFD: 15/02/2014 - [] D -- C:\Program Files (x86)\Nero =>.Ahead Corporation
O43 - CFD: 06/10/2016 - [] D -- C:\Program Files (x86)\Notepad++ =>.Don Ho
O43 - CFD: 29/07/2014 - [] D -- C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 24/09/2016 - [] D -- C:\Program Files (x86)\Panda Security =>.Panda Security
O43 - CFD: 26/05/2016 - [] D -- C:\Program Files (x86)\Password Safe
O43 - CFD: 11/03/2017 - [] D -- C:\Program Files (x86)\Propellerhead =>.Propellerhead
O43 - CFD: 08/10/2014 - [] D -- C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] RD -- C:\Program Files (x86)\Skype =>.Skype
O43 - CFD: 14/02/2014 - [] D -- C:\Program Files (x86)\SlySoft =>.SlySoft
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files (x86)\TagRename {009B5D9ACC30DA5DC1E782623935B1D9A5}
O43 - CFD: 16/07/2013 - [] D -- C:\Program Files (x86)\Turbine =>.Turbine
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files (x86)\Ventrilo
O43 - CFD: 17/02/2014 - [] D -- C:\Program Files (x86)\Winamp =>.Winamp
O43 - CFD: 16/07/2013 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 02/10/2016 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 20/11/2010 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 09/03/2016 - [] D -- C:\Program Files (x86)\WinPcap =>.Riverbed Technology
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files (x86)\WinRAR =>.WinRAR
O43 - CFD: 08/02/2017 - [] D -- C:\Program Files (x86)\Zemana AntiMalware =>.Zemana
O43 - CFD: 30/09/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
O43 - CFD: 27/03/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 16/07/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 08/02/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AKAI PROFESSIONAL =>.Akai Professional
O43 - CFD: 12/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLDATA
O43 - CFD: 15/02/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo =>.Ashampoo GmbH
O43 - CFD: 19/09/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker Typer
O43 - CFD: 22/09/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BUFFALO =>.Buffalo Technology
O43 - CFD: 09/03/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 15/02/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink =>.DVD Shrink
O43 - CFD: 03/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader =>.Foxit Corporation
O43 - CFD: 16/01/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 09/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNS3
O43 - CFD: 17/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView =>.Irfan skiljan
O43 - CFD: 06/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes =>.Apple Inc.
O43 - CFD: 08/05/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Line 6 =>.Line 6
O43 - CFD: 20/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium =>.Macrium
O43 - CFD: 13/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 17/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64
O43 - CFD: 08/06/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
O43 - CFD: 11/03/2017 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft GIF Animator =>.Microsoft Corporation
O43 - CFD: 24/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 17/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox =>.Mozilla
O43 - CFD: 03/03/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ =>.Don Ho
O43 - CFD: 09/07/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 11/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead =>.Propellerhead
O43 - CFD: 27/01/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 =>.Python
O43 - CFD: 25/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
O43 - CFD: 14/02/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft =>.SlySoft
O43 - CFD: 24/09/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 17/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename =>.Evgeny S. Efimov
O43 - CFD: 17/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
O43 - CFD: 23/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp =>.Winamp
O43 - CFD: 09/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap =>.Riverbed Technology
O43 - CFD: 06/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 30/09/2016 - [] D -- C:\ProgramData\9-lab =>.9-lab
O43 - CFD: 06/10/2016 - [] D -- C:\ProgramData\Apple =>.Apple Inc.
O43 - CFD: 26/07/2013 - [] D -- C:\ProgramData\Apple Computer =>.Apple Inc.
O43 - CFD: 14/07/2009 - [] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 15/02/2014 - [] D -- C:\ProgramData\Ashampoo =>.Ashampoo GmbH
O43 - CFD: 14/07/2009 - [] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 03/10/2015 - [] D -- C:\ProgramData\Dropbox =>.Dropbox
O43 - CFD: 12/10/2016 - [0] D -- C:\ProgramData\DVD Shrink =>.DVD Shrink
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 04/01/2014 - [] D -- C:\ProgramData\FLEXnet =>.Flexera Software
O43 - CFD: 06/10/2016 - [] D -- C:\ProgramData\Foxit ContentPlatform =>.Foxit Corporation
O43 - CFD: 11/03/2017 - [] D -- C:\ProgramData\Foxit Software =>.Foxit Software
O43 - CFD: 21/04/2014 - [] D -- C:\ProgramData\FreeRIP MP3 Converter
O43 - CFD: 08/05/2016 - [] D -- C:\ProgramData\Line 6 =>.Line 6
O43 - CFD: 20/10/2015 - [] D -- C:\ProgramData\Macrium =>.Macrium
O43 - CFD: 15/02/2014 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 18/07/2013 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 08/06/2014 - [] D -- C:\ProgramData\MediaMonkey
O43 - CFD: 11/12/2014 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 16/11/2016 - [] D -- C:\ProgramData\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 08/03/2016 - [] D -- C:\ProgramData\MicroWorld =>.MicroWorld Technologies Inc.
O43 - CFD: 17/07/2013 - [] D -- C:\ProgramData\Mozilla =>.Mozilla Corporation
O43 - CFD: 11/03/2017 - [] D -- C:\ProgramData\NVIDIA =>.nVidia Corporation
O43 - CFD: 07/03/2015 - [] D -- C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 22/02/2015 - [] D -- C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 11/03/2017 - [] AD -- C:\ProgramData\PACE
O43 - CFD: 24/09/2016 - [] D -- C:\ProgramData\Panda Security =>.Panda Security
O43 - CFD: 08/05/2016 - [] D -- C:\ProgramData\Propellerhead Software =>.Propellerhead Software AB
O43 - CFD: 25/05/2014 - [] D -- C:\ProgramData\Research In Motion =>.Research In Motion
O43 - CFD: 11/03/2017 - [] D -- C:\ProgramData\RogueKiller =>.Adlice
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Skype =>.Skype
O43 - CFD: 14/02/2014 - [] D -- C:\ProgramData\SlySoft =>.SlySoft
O43 - CFD: 09/03/2016 - [] D -- C:\ProgramData\Solarwinds
O43 - CFD: 14/07/2009 - [] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 18/07/2013 - [] D -- C:\ProgramData\Sun =>.Oracle
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 15/02/2014 - [] D -- C:\Program Files (x86)\Common Files\Ahead =>.Ahead Software
O43 - CFD: 04/01/2014 - [] D -- C:\Program Files (x86)\Common Files\Aladdin Shared =>.Aladdin Knowledge Systems
O43 - CFD: 04/01/2014 - [] D -- C:\Program Files (x86)\Common Files\ALLDATA Shared
O43 - CFD: 26/07/2013 - [] D -- C:\Program Files (x86)\Common Files\Apple =>.Apple Inc.
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files (x86)\Common Files\DESIGNER =>.Designer
O43 - CFD: 15/02/2014 - [] D -- C:\Program Files (x86)\Common Files\FlashIntegro =>.Flash-Integro LLC
O43 - CFD: 12/09/2015 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 02/07/2015 - [] D -- C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation
O43 - CFD: 18/07/2013 - [] D -- C:\Program Files (x86)\Common Files\LogiShrd =>.Logitech Inc.
O43 - CFD: 26/01/2014 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 11/09/2015 - [] D -- C:\Program Files (x86)\Common Files\PACE
O43 - CFD: 24/09/2016 - [] D -- C:\Program Files (x86)\Common Files\Research in Motion =>.Research In Motion
O43 - CFD: 13/07/2009 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files (x86)\Common Files\Skype =>.Skype
O43 - CFD: 13/07/2009 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 17/07/2013 - [] D -- C:\Program Files (x86)\Common Files\Wise Installation Wizard =>.Seagate
O43 - CFD: 30/09/2016 - [] D -- C:\Users\******\AppData\Roaming\9-lab =>.9-lab
O43 - CFD: 16/07/2013 - [] D -- C:\Users\******\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 15/02/2014 - [] D -- C:\Users\******\AppData\Roaming\Ahead =>.Ahead Software
O43 - CFD: 06/10/2016 - [] D -- C:\Users\******\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 15/02/2014 - [] D -- C:\Users\******\AppData\Roaming\Ashampoo =>.Ashampoo GmbH
O43 - CFD: 02/03/2017 - [] D -- C:\Users\******\AppData\Roaming\Audacity =>.Audacity
O43 - CFD: 11/03/2017 - [] D -- C:\Users\******\AppData\Roaming\BitTorrent
O43 - CFD: 25/05/2014 - [] D -- C:\Users\******\AppData\Roaming\Blackberry Desktop =>.Research In Motion Ltd
O43 - CFD: 24/09/2016 - [] D -- C:\Users\******\AppData\Roaming\Dropbox =>.Dropbox
O43 - CFD: 04/01/2014 - [] D -- C:\Users\******\AppData\Roaming\FLEXnet =>.Flexera Software
O43 - CFD: 07/10/2016 - [] D -- C:\Users\******\AppData\Roaming\Foxit Software =>.Foxit Software
O43 - CFD: 16/07/2013 - [] D -- C:\Users\******\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 13/08/2016 - [] D -- C:\Users\******\AppData\Roaming\IrfanView =>.Irfan skiljan
O43 - CFD: 08/05/2016 - [] D -- C:\Users\******\AppData\Roaming\Line 6 =>.Line 6
O43 - CFD: 17/07/2013 - [] D -- C:\Users\******\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 15/02/2014 - [] D -- C:\Users\******\AppData\Roaming\Malwarebytes =>.Malwarebytes
O43 - CFD: 12/04/2011 - [0] D -- C:\Users\******\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 11/03/2017 - [0] D -- C:\Users\******\AppData\Roaming\Media Player Classic =>.Microsoft Corporation
O43 - CFD: 26/02/2017 - [] D -- C:\Users\******\AppData\Roaming\MediaMonkey
O43 - CFD: 25/04/2016 - [] SD -- C:\Users\******\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/09/2015 - [] D -- C:\Users\******\AppData\Roaming\MixMeister Technology
O43 - CFD: 17/07/2013 - [] D -- C:\Users\******\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 22/09/2014 - [] D -- C:\Users\******\AppData\Roaming\NASNaviator2 =>.Apple Inc.
O43 - CFD: 30/10/2016 - [] D -- C:\Users\******\AppData\Roaming\Notepad++ =>.Don Ho
O43 - CFD: 11/09/2015 - [] D -- C:\Users\******\AppData\Roaming\NVIDIA =>.nVidia Corporation
O43 - CFD: 15/05/2014 - [] D -- C:\Users\******\AppData\Roaming\Oracle =>.Oracle
O43 - CFD: 08/05/2016 - [] D -- C:\Users\******\AppData\Roaming\Propellerhead Software =>.Propellerhead Software AB
O43 - CFD: 26/05/2014 - [] D -- C:\Users\******\AppData\Roaming\Research In Motion =>.Research In Motion
O43 - CFD: 01/10/2016 - [] D -- C:\Users\******\AppData\Roaming\Skype =>.Skype
O43 - CFD: 11/10/2014 - [] D -- C:\Users\******\AppData\Roaming\Unity =>.Unity
O43 - CFD: 09/03/2015 - [] D -- C:\Users\******\AppData\Roaming\Ventrilo
O43 - CFD: 14/02/2014 - [] D -- C:\Users\******\AppData\Roaming\VideoEditor =>.Oposoft.com
O43 - CFD: 19/10/2016 - [] D -- C:\Users\******\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 11/03/2017 - [] D -- C:\Users\******\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 20/02/2017 - [0] D -- C:\Users\******\AppData\Local\Adobe =>.Adobe
O43 - CFD: 15/02/2014 - [] D -- C:\Users\******\AppData\Local\Ahead =>.Ahead Software
O43 - CFD: 17/07/2013 - [] D -- C:\Users\******\AppData\Local\Apple =>.Apple Inc.
O43 - CFD: 17/07/2013 - [] D -- C:\Users\******\AppData\Local\Apple Computer =>.Apple Inc.
O43 - CFD: 16/07/2013 - [] SHD -- C:\Users\******\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 16/01/2015 - [] D -- C:\Users\******\AppData\Local\ApplicationHistory =>.Microsoft Corporation
O43 - CFD: 15/02/2014 - [] D -- C:\Users\******\AppData\Local\ashampoo =>.Ashampoo GmbH
O43 - CFD: 10/10/2016 - [] D -- C:\Users\******\AppData\Local\Audacity =>.Audacity
O43 - CFD: 16/07/2013 - [] D -- C:\Users\******\AppData\Local\Chromium =>.Chromium
O43 - CFD: 28/08/2016 - [0] D -- C:\Users\******\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 20/12/2014 - [] D -- C:\Users\******\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 24/09/2016 - [] D -- C:\Users\******\AppData\Local\Dropbox =>.Dropbox
O43 - CFD: 12/10/2016 - [0] D -- C:\Users\******\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 19/06/2014 - [] D -- C:\Users\******\AppData\Local\fontconfig =>.Portable Apps
O43 - CFD: 19/06/2014 - [] D -- C:\Users\******\AppData\Local\gegl-0.2 =>.Portable Apps
O43 - CFD: 30/10/2016 - [] D -- C:\Users\******\AppData\Local\Google =>.Google
O43 - CFD: 22/06/2014 - [] D -- C:\Users\******\AppData\Local\gtk-2.0 =>.GTK Project
O43 - CFD: 10/06/2015 - [] D -- C:\Users\******\AppData\Local\GWX =>.GWX
O43 - CFD: 16/07/2013 - [0] SHD -- C:\Users\******\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 17/07/2013 - [] D -- C:\Users\******\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 08/06/2014 - [] D -- C:\Users\******\AppData\Local\MediaMonkey
O43 - CFD: 30/09/2015 - [] D -- C:\Users\******\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/01/2015 - [] D -- C:\Users\******\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 11/09/2015 - [] D -- C:\Users\******\AppData\Local\Mixxx
O43 - CFD: 01/10/2013 - [] D -- C:\Users\******\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 09/02/2014 - [] D -- C:\Users\******\AppData\Local\NVIDIA =>.nVidia Corporation
O43 - CFD: 29/07/2014 - [] D -- C:\Users\******\AppData\Local\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 29/05/2016 - [] D -- C:\Users\******\AppData\Local\PasswordSafe =>.PasswordSafe
O43 - CFD: 26/08/2013 - [] D -- C:\Users\******\AppData\Local\PluginCompendium
O43 - CFD: 17/07/2013 - [] D -- C:\Users\******\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 20/12/2014 - [] D -- C:\Users\******\AppData\Local\Research In Motion =>.Research In Motion
O43 - CFD: 14/10/2014 - [] D -- C:\Users\******\AppData\Local\SolarWinds
O43 - CFD: 11/03/2017 - [] D -- C:\Users\******\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 16/07/2013 - [] SHD -- C:\Users\******\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 16/01/2015 - [] D -- C:\Users\******\AppData\Local\The Lord of the Rings Online
O43 - CFD: 16/01/2015 - [] D -- C:\Users\******\AppData\Local\Turbine =>.Turbine
O43 - CFD: 14/02/2014 - [] D -- C:\Users\******\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 24/09/2016 - [] D -- C:\Users\******\AppData\Local\Zemana =>.Zemana
O43 - CFD: 17/07/2013 - [0] D -- C:\Users\******\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [] RD -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 02/10/2016 - [] RD -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 09/03/2015 - [] D -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 =>.Michael Tippach
O43 - CFD: 11/10/2016 - [] D -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
O43 - CFD: 13/07/2009 - [] RD -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 26/05/2016 - [] D -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe
O43 - CFD: 11/03/2017 - [] RD -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 16/07/2013 - [0] D -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp =>.Winamp
O43 - CFD: 06/10/2016 - [] D -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 24/09/2016 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 24/09/2016 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 12/09/2015 - [0] -- C:\Windows\System32\Config\systemprofile\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 12/09/2015 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 12/09/2015 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 12/09/2015 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 12/09/2015 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 25/09/2016 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Local\Zemana =>.Zemana
O43 - CFD: 17/07/2013 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 03/03/2017 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Foxit Software =>.Foxit Software
O43 - CFD: 12/09/2015 - [] SD -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 08/08/2013 - [0] -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\TightVNC =>.TightVNC Project

---\\ ShellIconOverlayIdentifiers (SIOI) (2) - 0s
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

---\\ System Drivers List (77) - 2s
O58 - SDL:2009/07/13 20:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [324224] =>.Microsoft Windows®
O58 - SDL:2011/09/22 15:12:20 A . (.Numark - Numark USB Audio WDM Driver.) -- C:\Windows\System32\drivers\akaieiea.sys [324224] {0100000000012D75EC58CD} =>.Numark
O58 - SDL:2011/09/22 15:12:18 A . (.Numark - Numark WDM MIDI Driver.) -- C:\Windows\System32\drivers\akaieiem.sys [324224] {0100000000012D75EC58CD} =>.Numark
O58 - SDL:2011/09/22 15:12:22 A . (.Ploytec GmbH - Ploytec USB Audio driver.) -- C:\Windows\System32\drivers\akaieieu.sys [324224] {0100000000012D75EC58CD} =>.Ploytec GmbH
O58 - SDL:2009/08/26 07:48:44 A . (.Aladdin Knowledge Systems Ltd. - Aladdin Knowledge Systems Data Filter Drive.) -- C:\Windows\System32\drivers\aksdf.sys [324224] =>.Aladdin Knowledge Systems Ltd.
O58 - SDL:2009/01/08 11:55:04 A . (.Aladdin Knowledge Systems Ltd. - Ancillary Function Driver.) -- C:\Windows\System32\drivers\aksfridge.sys [324224] =>.Aladdin Knowledge Systems Ltd.
O58 - SDL:2009/07/13 20:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [324224] =>.Microsoft Windows®
O58 - SDL:2011/03/11 01:41:12 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [324224] =>.Microsoft Windows®
O58 - SDL:2011/03/11 01:41:12 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/01/29 18:02:44 A . (.SlySoft, Inc. - AnyDVD Filter Driver.) -- C:\Windows\System32\drivers\AnyDVD.sys [324224] {0100000000011690704DC6} =>.SlySoft, Inc.
O58 - SDL:2009/07/13 20:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/06/10 15:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [324224] =>.Broadcom Corporation
O58 - SDL:2009/06/10 15:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [324224] =>.Brother Industries, Ltd.
O58 - SDL:2009/06/10 15:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [324224] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/13 20:19:07 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [324224] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 15:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [324224] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 15:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [324224] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 15:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [324224] =>.Brother Industries Ltd.
O58 - SDL:2009/12/21 09:43:36 A . (.CSR, plc - Bluetooth Hands-free Audio Device Driver.) -- C:\Windows\System32\drivers\BthAudioHF.sys [324224] =>.CSR, plc
O58 - SDL:2009/06/10 15:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [324224] =>.Broadcom Corporation
O58 - SDL:2009/07/13 20:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/01/29 17:58:03 A . (.Elaborate Bytes AG - ElbyCD Windows x64 I/O driver.) -- C:\Windows\System32\drivers\ElbyCDIO.sys [324224] =>.Elaborate Bytes AG®
O58 - SDL:2009/07/13 20:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/06/10 15:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [324224] =>.Broadcom Corporation
O58 - SDL:2012/08/21 12:01:20 A . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys [324224] =>.GEAR Software Inc.®
O58 - SDL:2009/03/13 11:55:38 A . (.Aladdin Knowledge Systems Ltd. - Hardlock Device Driver for Windows x64.) -- C:\Windows\System32\drivers\hardlock.sys [324224] =>.Aladdin Knowledge Systems Ltd.
O58 - SDL:2009/06/10 15:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [324224] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2012/07/17 17:12:08 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\drivers\HECIx64.sys [324224] =>.Intel Corporation®
O58 - SDL:2010/11/20 22:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [324224] =>.Microsoft Windows®
O58 - SDL:2011/03/11 01:41:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [324224] =>.Microsoft Windows®
O58 - SDL:2014/10/01 18:54:16 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd64.sys [324224] =>.Intel Corporation - pGFX®
O58 - SDL:2009/07/13 20:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [324224] =>.Microsoft Windows®
O58 - SDL:2013/04/11 13:09:20 A . (.Authors - iLok Kernel Driver File.) -- C:\Windows\System32\drivers\iLokDrvr.sys [324224] =>.PACE Anti-Piracy, Inc.®
O58 - SDL:2013/01/18 23:52:08 A . (.Authors - Intel(R) Smart Connect Technology Device Dr.) -- C:\Windows\System32\drivers\ISCTD64.sys [324224] =>.Intel(R) Smart Connect software®
O58 - SDL:2010/07/28 23:25:10 A . (.Initio Corporation - Initio Default Vendor Specific Device Drive.) -- C:\Windows\System32\drivers\ivusb.sys [324224] =>.Initio Corporation®
O58 - SDL:2009/07/13 20:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/04/30 17:55:46 A . (.Logitech Inc. - Audio filter for Express Plus.) -- C:\Windows\System32\drivers\lv302a64.sys [324224] =>.Logitech Inc®
O58 - SDL:2009/04/30 17:55:56 A . (.Logitech Inc. - Logitech Webcam Software Driver.) -- C:\Windows\System32\drivers\LV302V64.SYS [324224] =>.Logitech Inc®
O58 - SDL:2009/04/30 18:01:34 A . (.Logitech Inc. - Logitech Kernel Audio Improvement Filter Dr.) -- C:\Windows\System32\drivers\lvrs64.sys [324224] =>.Logitech Inc®
O58 - SDL:2008/07/26 14:26:34 A . (.Logitech Inc. - USB Statistic Driver.) -- C:\Windows\System32\drivers\LVUSBS64.sys [324224] =>.Logitech Inc®
O58 - SDL:2009/07/13 20:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [324224] =>.Microsoft Windows®
O58 - SDL:2013/02/28 20:49:12 A . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\drivers\npf.sys [324224] =>.Riverbed Technology, Inc.®
O58 - SDL:2015/02/03 22:56:28 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\System32\drivers\nvlddmkm.sys [324224] =>.NVIDIA Corporation®
O58 - SDL:2011/03/11 01:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [324224] =>.Microsoft Windows®
O58 - SDL:2011/03/11 01:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [324224] =>.Microsoft Windows®
O58 - SDL:2014/03/31 11:42:44 A . (.NVIDIA Corporation - NVIDIA Virtual Audio Driver.) -- C:\Windows\System32\drivers\nvvad64v.sys [324224] =>.NVIDIA Corporation®
O58 - SDL:2015/10/12 14:39:20 A . (.Windows (R) Win 7 DDK provider - Paramount Software Image Mounting Driver.) -- C:\Windows\System32\drivers\psmounterex.sys [324224] =>.Paramount Software UK Ltd®
O58 - SDL:2014/07/21 11:36:48 A . (.Paramount Software UK Ltd - Volume Access driver.) -- C:\Windows\System32\drivers\PSVolAcc.sys [324224] =>.Paramount Software UK Ltd®
O58 - SDL:2009/07/13 20:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [324224] =>.Microsoft Windows®
O58 - SDL:2007/02/15 19:56:51 A . (.Elaborate Bytes AG - Elby Delay Lower Filter Driver.) -- C:\Windows\System32\drivers\RegKill.sys [324224] =>.Elaborate Bytes AG®
O58 - SDL:2012/12/10 14:48:02 A . (.Research in Motion Ltd - RIM Virtual Serial Driver.) -- C:\Windows\System32\drivers\RimSerial_AMD64.sys [324224] =>.Research in Motion Ltd
O58 - SDL:2014/05/06 09:21:02 A . (.BlackBerry Limited - BlackBerry Device Driver.) -- C:\Windows\System32\drivers\RimUsb_AMD64.sys [324224] =>.BlackBerry Limited
O58 - SDL:2014/05/07 11:41:04 A . (.Research in Motion Limited - RIM Tunnel Driver.) -- C:\Windows\System32\drivers\rimvndis6_AMD64.sys [324224] =>.Research In Motion Limited
O58 - SDL:2014/07/16 10:06:16 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Dri.) -- C:\Windows\System32\drivers\Rt64win7.sys [324224] =>.Realtek Semiconductor Corp®
O58 - SDL:2013/01/15 12:03:06 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RTKVHD64.sys [324224] =>.Realtek Semiconductor Corp®
O58 - SDL:2009/06/10 15:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [324224] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/13 19:00:40 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\serial.sys [324224] =>.Brother Industries Ltd.
O58 - SDL:2009/07/13 20:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [324224] =>.Microsoft Windows®
O58 - SDL:2013/04/11 13:08:40 A . (.PACE Anti-Piracy, Inc. - 64bit Tpkd Device Driver.) -- C:\Windows\System32\drivers\Tpkd.sys [324224] =>.PACE Anti-Piracy, Inc.®
O58 - SDL:2017/03/11 19:46:47 A . (.Authors - .) -- C:\Windows\System32\drivers\TrueSight.sys [324224] =>.Adlice®
O58 - SDL:2016/03/28 11:41:34 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\drivers\usbaapl64.sys [324224] =>.Apple, Inc.
O58 - SDL:2009/07/13 20:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [324224] =>.Microsoft Windows®
O58 - SDL:2009/07/13 20:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/09/25 06:53:00 A . (.Zemana Ltd. - ZAM.) -- C:\Windows\System32\drivers\zam64.sys [324224] =>.Zemana Ltd.®
O58 - SDL:2016/09/25 06:52:55 A . (.Zemana Ltd. - ZAM.) -- C:\Windows\System32\drivers\zamguard64.sys [324224] =>.Zemana Ltd.®

---\\ Last modified or created user files (1) - 54s
O61 - LFC: 2017/03/10 09:00:06 A . (..) -- C:\Users\******\AppData\Local\NVIDIA\NvBackend\UMDShim\nvcoproc.bin [7798027] =>.NVIDIA Corporation

---\\ File Associations Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

---\\ Search Browser Infection (5) - 6s
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} [DefaultScope] - (Google) - http://www.google.com/ =>.Google Inc.

---\\ Search Svchost Services (32) - 0s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\system32\srvsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\system32\iscsiexe.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\system32\mmcss.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\system32\schedsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\system32\kmsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\system32\themeservice.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [324224] =>.Microsoft Corporation

---\\ Firewall Active Exception List (6) - 2s
O87 - FAEL: "TCP Query User{AD67C483-AC60-41BB-AA6A-6F29AFB8D06A}D:\lotro 1\lotroclient.exe" [In-None-P6-TRUE] .(...) -- D:\lotro 1\lotroclient.exe (.not file.)
O87 - FAEL: "UDP Query User{C02AF7DB-64DC-464A-A265-114A4DE86935}D:\lotro 1\lotroclient.exe" [In-None-P17-TRUE] .(...) -- D:\lotro 1\lotroclient.exe (.not file.)
O87 - FAEL: "TCP Query User{44466AEE-8566-4572-BDEF-DE303D8AE807}D:\lotro 1\lotroclient.exe" [In-None-P6-TRUE] .(...) -- D:\lotro 1\lotroclient.exe (.not file.)
O87 - FAEL: "UDP Query User{DCD31EE1-4676-4A86-8ABB-39D2EDB735E1}D:\lotro 1\lotroclient.exe" [In-None-P17-TRUE] .(...) -- D:\lotro 1\lotroclient.exe (.not file.)
O87 - FAEL: "TCP Query User{A5268866-D16A-4EC6-9440-D886DD5182E8}C:\program files\gns3\dynamips.exe" [In-None-P6-TRUE] .(...) -- C:\program files\gns3\dynamips.exe
O87 - FAEL: "UDP Query User{18A19F28-115E-47B2-A1C9-28C16A276AEA}C:\program files\gns3\dynamips.exe" [In-None-P17-TRUE] .(...) -- C:\program files\gns3\dynamips.exe

---\\ Additional Scan (O88) (2) - 15s
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57752979-A1C9-4C02-856B-FBB27AC4E02C} =>Riskware.QuickTime
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57752979-A1C9-4C02-856B-FBB27AC4E02C} =>Riskware.QuickTime

---\\ Summary of the elements found (2) - 0s
https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/ =>.Superfluous.CloudfrontNet
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/ =>Riskware.QuickTime

~ Unselected Options: O82,
~ End of the scan, 49913 items in 04mn18s (1070)(0)
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Malware Teacher
Jul 22, 2016
2,797
491
#6
ZHP Fix

  • Disable your antivirus prior to this fix!
  • Download ZHP-Fix from here.
  • Install it.
  • Click Suivant 5 Times.
  • Then Installer.
  • Then Terminer.
  • Then right clcick the ZHP Fix icon Run as admin.
  • Copy the entire content of the code box below, the next step will grab it from your clipboard.
  • Then click on import.
  • Then click GO.
  • Allow completion.
  • A log file will appear on your desktop.
  • Post it here in your next reply.

Note: You have to replace ****** with your user name in order for the fix to work.


Code:
Script ZhpFix
SysRestore
SS - Demand [20/02/2017] [ 270936] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SS - Demand [22/09/2016] [ 172488] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
[MD5.89ECFB35517F62C3802B227F288B750E] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [324224] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.23985274780D27117C470AA259B79B30] [APT] [Apple\AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [324224] (.Activate.) =>.Apple Inc.®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [324224] =>.Adobe Systems Incorporated®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [324224] =>.Adobe Systems Incorporated®
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ajax.googleapis.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d31qbv1cthcecs.cloudfront.net =>.Superfluous.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d5nxst8fruw4z.cloudfront.net =>.Superfluous.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
P2 - FPN: [HKLM] [@RIM.com/WebSLLauncher,version=1.0] - (.Research In Motion.) -- C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll =>.Research In Motion
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com =>.Google Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKEY_USERS\S-1-5-21-3113485377-2953679804-1031508582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/ =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\MicroWorld =>.MicroWorld Technologies Inc.
HKLM\SOFTWARE\Wow6432Node\Panda Security =>.Panda Security
HKLM\SOFTWARE\Wow6432Node\Panda Software =>.Panda Software
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\McAfee =>.McAfee Inc.
HKCU\SOFTWARE\MicroWorld =>.MicroWorld Technologies Inc.
O43 - CFD: 08/03/2016 - [] D -- C:\Program Files (x86)\Adware Removal Tool by TSA =>.TSA Softwares
O43 - CFD: 08/03/2016 - [] D -- C:\Program Files (x86)\AdwCleaner =>.xPlode
O43 - CFD: 07/10/2016 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla
O43 - CFD: 24/09/2016 - [] D -- C:\Program Files (x86)\Panda Security =>.Panda Security
O43 - CFD: 18/07/2013 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 08/03/2016 - [] D -- C:\ProgramData\MicroWorld =>.MicroWorld Technologies Inc.
O43 - CFD: 24/09/2016 - [] D -- C:\ProgramData\Panda Security =>.Panda Security
O43 - CFD: 11/03/2017 - [] D -- C:\Users\******\AppData\Roaming\BitTorrent
O43 - CFD: 16/07/2013 - [] D -- C:\Users\******\AppData\Local\Chromium =>.Chromium
O43 - CFD: 10/06/2015 - [] D -- C:\Users\******\AppData\Local\GWX =>.GWX
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O87 - FAEL: "TCP Query User{AD67C483-AC60-41BB-AA6A-6F29AFB8D06A}D:\lotro 1\lotroclient.exe" [In-None-P6-TRUE] .(...) -- D:\lotro 1\lotroclient.exe (.not file.)
O87 - FAEL: "UDP Query User{C02AF7DB-64DC-464A-A265-114A4DE86935}D:\lotro 1\lotroclient.exe" [In-None-P17-TRUE] .(...) -- D:\lotro 1\lotroclient.exe (.not file.)
O87 - FAEL: "TCP Query User{44466AEE-8566-4572-BDEF-DE303D8AE807}D:\lotro 1\lotroclient.exe" [In-None-P6-TRUE] .(...) -- D:\lotro 1\lotroclient.exe (.not file.)
O87 - FAEL: "UDP Query User{DCD31EE1-4676-4A86-8ABB-39D2EDB735E1}D:\lotro 1\lotroclient.exe" [In-None-P17-TRUE] .(...) -- D:\lotro 1\lotroclient.exe (.not file.)
EmptyFlash
ProxyFix
EmptyCLSID
EmptyTemp
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Malware Teacher
Jul 22, 2016
2,797
491
#7
Let's have a fresh look at your system after the above scans please.

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked, as well as Shortcut.txt
  • Press Scan button and wait.
  • The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt
Please Copy & Paste them into your next reply. But attach Shortcut.txt
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
28
4
43
#8
Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by ****** at 3/12/2017 8:07:33 AM
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (05mn AMs)

========== Software ==========
ABSENT Uninstall Process: c:\program files (x86)\mozilla maintenance service\uninstall.exe

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
REMOVES: HKLM\SOFTWARE\Wow6432Node\MicroWorld
REMOVES: HKLM\SOFTWARE\Wow6432Node\Panda Security
REMOVES: HKLM\SOFTWARE\Wow6432Node\Panda Software
REMOVES: HKCU\SOFTWARE\BitTorrent
REMOVES: HKCU\SOFTWARE\McAfee
REMOVES: HKCU\SOFTWARE\MicroWorld
REMOVES: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

========== Registry values ==========
REMOVES RunValue: Sidebar
REMOVES: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
REMOVES: TCP Query User{AD67C483-AC60-41BB-AA6A-6F29AFB8D06A}D:\lotro 1\lotroclient.exe
REMOVES: UDP Query User{C02AF7DB-64DC-464A-A265-114A4DE86935}D:\lotro 1\lotroclient.exe
REMOVES: TCP Query User{44466AEE-8566-4572-BDEF-DE303D8AE807}D:\lotro 1\lotroclient.exe
REMOVES: UDP Query User{DCD31EE1-4676-4A86-8ABB-39D2EDB735E1}D:\lotro 1\lotroclient.exe
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Elements of the registry data ==========
REMOVES: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R1 Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
REMOVES: R1 Search Page = http://search.msn.com/spbasic.htm
REMOVES: R1 Search Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
REMOVES: R1 Search Page = about:NoAdd-ons
REMOVES: R1 Search Page = about:SecurityRisk
REMOVES: R1 Search Page = *.local;<local>
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1
REMOVES: R5 AutoConfigProxy = wininet.dll
ERROR R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1
ERROR R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1

========== Preferences browser ==========
NOW Chrome File: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Preferences
REMOVES Chrome Site: http://ajax.googleapis.com
NOW Chrome File: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://apis.google.com
NOW Chrome File: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://d31qbv1cthcecs.cloudfront.net
NOW Chrome File: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://d5nxst8fruw4z.cloudfront.net
NOW Chrome File: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Preferences
REMOVES Chrome Site: http://www.google-analytics.com
REMOVES Chrome Site: http://www.google-analytics.com
REMOVES Chrome Site: http://www.google-analytics.com
REMOVES Chrome Site: http://www.google-analytics.com
REMOVES Chrome Site: http://www.google-analytics.com

========== Folders ==========
No folders empty CLSID Local user
Deletes temporary Windows (27)

========== Files ==========
REMOVES: c:\program files\windows sidebar\sidebar.exe
REMOVES: c:\program files (x86)\common files\research in motion\bbwebsllauncher\npwebsllauncher.dll
REMOVES Flash Cookies (0) (0 octets)
Deletes temporary Windows (247) (16,671,133 octets)

========== Scheduled task ==========
REMOVES: Adobe Flash Player Updater

========== System restore ==========
The system successfully created restore point

========== Other ==========
NON-TREATY R1 - HKUS\S-1-5-21-3113485377-2953679804-1031508582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar
NON-TREATY R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies []


========== Summary ==========
8 : Registry keys
12 : Registry values
16 : Elements of the registry data
2 : Folders
4 : Files
1 : Software
14 : Preferences browser
1 : Scheduled task
1 : System restore
2 : Other


End of clean in 58mn AMs

========== Path to file report ==========
C:\Users\******\AppData\Roaming\ZHP\ZHPFix[R1].txt - 3/12/2017 8:07:39 AM [4902]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by ****** (administrator) on ******-PC (12-03-2017 08:09:40)
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available Profiles: ******)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United

States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-

recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will

not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader

\FoxitConnectedPDFService.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared

\VS7DEBUG\mdm.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService

\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv

\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services

\LicenseServices\LDSvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core

\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF

\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv

\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update

\1.3.32.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to

default or removed. The file will not be moved.)

BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot

\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed

or restored to default.)

Tcpip\..\Interfaces\{71B88154-5A6B-457A-ADCF-3F33C69C7093}: [NameServer]

8.8.8.8,75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =

hxxp://google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =

hxxp://google.com
URLSearchHook: [S-1-5-21-3113485377-2953679804-1031508582-1000] ATTENTION =>

Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000 -> DefaultScope

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000 -> {012E1000-F331

-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files

(x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles

\o3pp8go9.default-1457451338863 [2017-03-12]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863

-> Google
FF Homepage: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 ->

hxxp://www.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 ->

backup.ftp", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 ->

backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 ->

backup.socks", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 ->

backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 ->

backup.ssl", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 ->

backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ftp",

"192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 ->

ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 ->

share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> socks",

"192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 ->

socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ssl",

"192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 ->

ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> type",

0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash

\NPSWF64_24_0_0_221.dll [2017-02-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_24_0_0_221.dll [2017-02-20] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf

-> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins

\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader

Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software

\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader

Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software

\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader

Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software

\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D

Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA

Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common

Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files

(x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files

(x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default [2017-

03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\******\AppData\Local\Google

\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\******\AppData\Local\Google\Chrome

\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The

file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In

Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader

\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-

01] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

[335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11

-21] (BUFFALO INC.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService

\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

[18956064 2014-07-25] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432

2015-10-12] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed

Technology, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27]

(Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The

file will not be moved unless listed separately.)

S3 AKAI_EIE_PRO_MIDI; C:\Windows\System32\drivers\akaieiem.sys [31984 2011-09-22]

(Numark)
S3 AKAI_EIE_PRO_USB; C:\Windows\System32\Drivers\akaieieu.sys [424176 2011-09-22]

(Ploytec GmbH)
S3 AKAI_EIE_WDM; C:\Windows\System32\drivers\akaieiea.sys [54000 2011-09-22]

(Numark)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft,

Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft,

Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed

Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys

[20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-

31] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06]

(BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07]

(Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10]

(Research in Motion Ltd)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-25] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-25]

(Zemana Ltd.)
S3 BEHRINGER_2902; System32\Drivers\BUSB2902.sys [X]
S3 BUSB_AUDIO_WDM; system32\drivers\busbwdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The

file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 08:09 - 2017-03-12 08:09 - 00011845 _____ C:\Users\******\Desktop

\FRST.txt
2017-03-12 08:07 - 2017-03-12 08:07 - 00004983 _____ C:\Users\******\Desktop

\ZHPFixReport.txt
2017-03-12 08:03 - 2017-03-12 08:03 - 00000000 ____D C:\Users\******\AppData\Local

\CrashDumps
2017-03-12 08:02 - 2017-03-12 08:03 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2017-03-12 08:02 - 2017-03-12 08:02 - 00000000 ____D C:\ProgramData\Microsoft

\Windows\Start Menu\Programs\ZHP
2017-03-11 21:14 - 2017-03-11 21:26 - 00000000 ____D C:\AdwCleaner
2017-03-11 20:46 - 2017-03-11 21:08 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-11 20:46 - 2017-03-11 20:46 - 00028272 _____ C:\Windows\system32\Drivers

\TrueSight.sys
2017-03-11 20:21 - 2017-03-12 08:07 - 00000000 ____D C:\Users\******\AppData

\Roaming\ZHP
2017-03-11 20:18 - 2017-03-11 20:18 - 00000000 ____D C:\Windows\pss
2017-03-11 16:10 - 2017-03-12 08:09 - 00000000 ____D C:\FRST
2017-03-11 16:09 - 2017-03-11 16:09 - 02424320 _____ (Farbar) C:\Users\******

\Desktop\FRST64.exe
2017-03-11 15:50 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:

\Windows\system32\CompatTelRunner.exe
2017-03-11 15:50 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:

\Windows\system32\aeinv.dll
2017-03-11 15:50 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:

\Windows\system32\appraiser.dll
2017-03-11 15:50 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:

\Windows\system32\generaltel.dll
2017-03-11 15:50 - 2016-12-31 11:36 - 00556544 _____ (Microsoft Corporation) C:

\Windows\system32\devinv.dll
2017-03-11 15:50 - 2016-12-31 11:36 - 00335360 _____ (Microsoft Corporation) C:

\Windows\system32\invagent.dll
2017-03-11 15:50 - 2016-12-31 11:36 - 00293376 _____ (Microsoft Corporation) C:

\Windows\system32\centel.dll
2017-03-11 15:50 - 2016-12-31 11:36 - 00233984 _____ (Microsoft Corporation) C:

\Windows\system32\aepic.dll
2017-03-11 15:50 - 2016-12-31 11:36 - 00133632 _____ (Microsoft Corporation) C:

\Windows\system32\acmigration.dll
2017-03-11 15:48 - 2017-03-11 20:19 - 00002792 _____ C:\Windows\System32\Tasks

\CCleanerSkipUAC
2017-03-11 13:28 - 2017-03-11 13:28 - 15038328 _____ (Balsamiq ) C:\Users\******

\Desktop\Balsamiq_Mockups_3.5.8.exe
2017-03-04 00:23 - 2017-03-04 00:54 - 00040448 _____ C:\Users\******\Desktop\Cisco

Options.xls
2017-03-04 00:23 - 2017-03-04 00:23 - 00001355 _____ C:\Users\Public\Desktop\Foxit

Reader.lnk
2017-03-04 00:23 - 2017-03-04 00:23 - 00001355 _____ C:\ProgramData\Desktop\Foxit

Reader.lnk
2017-03-04 00:23 - 2017-03-04 00:23 - 00000000 ____D C:\ProgramData\Microsoft

\Windows\Start Menu\Programs\Foxit Reader
2017-03-01 20:18 - 2017-03-01 20:26 - 63333188 _____ C:\Users\******\Desktop\04 -

Plorp (2017-03-01).wav
2017-02-25 17:33 - 2017-02-25 17:35 - 1113651520 _____ C:\Users\******\Desktop\Greg

Wilson - What We Actually Know About Software Development.mp4
2017-02-20 07:32 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:

\Windows\system32\poqexec.exe
2017-02-20 07:32 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\poqexec.exe
2017-02-20 07:07 - 2017-01-05 14:55 - 00154856 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\ksecpkg.sys
2017-02-20 07:07 - 2017-01-05 14:55 - 00095464 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\ksecdd.sys
2017-02-20 07:07 - 2017-01-05 14:52 - 01460736 _____ (Microsoft Corporation) C:

\Windows\system32\lsasrv.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 01212928 _____ (Microsoft Corporation) C:

\Windows\system32\rpcrt4.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00730624 _____ (Microsoft Corporation) C:

\Windows\system32\kerberos.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00690688 _____ (Microsoft Corporation) C:

\Windows\system32\adtschema.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00463872 _____ (Microsoft Corporation) C:

\Windows\system32\certcli.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00345600 _____ (Microsoft Corporation) C:

\Windows\system32\schannel.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00316928 _____ (Microsoft Corporation) C:

\Windows\system32\msv1_0.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00312320 _____ (Microsoft Corporation) C:

\Windows\system32\ncrypt.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00210432 _____ (Microsoft Corporation) C:

\Windows\system32\wdigest.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00190464 _____ (Microsoft Corporation) C:

\Windows\system32\rpchttp.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00146432 _____ (Microsoft Corporation) C:

\Windows\system32\msaudite.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00135680 _____ (Microsoft Corporation) C:

\Windows\system32\sspicli.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00123904 _____ (Microsoft Corporation) C:

\Windows\system32\bcrypt.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00086528 _____ (Microsoft Corporation) C:

\Windows\system32\TSpkg.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00060416 _____ (Microsoft Corporation) C:

\Windows\system32\msobjs.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00043520 _____ (Microsoft Corporation) C:

\Windows\system32\cryptbase.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00028672 _____ (Microsoft Corporation) C:

\Windows\system32\sspisrv.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00028160 _____ (Microsoft Corporation) C:

\Windows\system32\secur32.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00022016 _____ (Microsoft Corporation) C:

\Windows\system32\credssp.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00666112 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\rpcrt4.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00553472 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\kerberos.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00342528 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\certcli.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00261120 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msv1_0.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00254464 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\schannel.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00223232 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\ncrypt.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00172032 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wdigest.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00146432 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msaudite.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00141312 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\rpchttp.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00096768 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\sspicli.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00082944 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\bcrypt.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00065536 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\TSpkg.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00060416 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msobjs.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00022016 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\secur32.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00017408 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\credssp.dll
2017-02-20 07:07 - 2017-01-05 13:42 - 00690688 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\adtschema.dll
2017-02-20 07:07 - 2017-01-05 13:32 - 00064000 _____ (Microsoft Corporation) C:

\Windows\system32\auditpol.exe
2017-02-20 07:07 - 2017-01-05 13:25 - 00159744 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\mrxsmb.sys
2017-02-20 07:07 - 2017-01-05 13:24 - 00291328 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\mrxsmb10.sys
2017-02-20 07:07 - 2017-01-05 13:24 - 00129536 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\mrxsmb20.sys
2017-02-20 07:07 - 2017-01-05 13:24 - 00030720 _____ (Microsoft Corporation) C:

\Windows\system32\lsass.exe
2017-02-20 07:07 - 2017-01-05 13:23 - 00050176 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\auditpol.exe
2017-02-20 07:07 - 2017-01-05 13:19 - 00036352 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\cryptbase.dll
2017-02-20 07:07 - 2016-11-21 14:12 - 00109568 _____ (Microsoft Corporation) C:

\Windows\system32\hlink.dll
2017-02-20 07:07 - 2016-11-20 12:19 - 00084992 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\hlink.dll
2017-02-20 07:07 - 2016-11-20 10:07 - 00467392 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\cng.sys
2017-02-20 07:07 - 2016-11-17 12:41 - 00370920 _____ (Microsoft Corporation) C:

\Windows\system32\clfs.sys
2017-02-20 07:07 - 2016-11-14 19:27 - 00394448 _____ (Microsoft Corporation) C:

\Windows\system32\iedkcs32.dll
2017-02-20 07:07 - 2016-11-14 18:39 - 00346320 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\iedkcs32.dll
2017-02-20 07:07 - 2016-11-12 15:48 - 02724864 _____ (Microsoft Corporation) C:

\Windows\system32\mshtml.tlb
2017-02-20 07:07 - 2016-11-12 15:48 - 00004096 _____ (Microsoft Corporation) C:

\Windows\system32\ieetwcollectorres.dll
2017-02-20 07:07 - 2016-11-12 15:28 - 00066560 _____ (Microsoft Corporation) C:

\Windows\system32\iesetup.dll
2017-02-20 07:07 - 2016-11-12 15:26 - 00417792 _____ (Microsoft Corporation) C:

\Windows\system32\html.iec
2017-02-20 07:07 - 2016-11-12 15:26 - 00048640 _____ (Microsoft Corporation) C:

\Windows\system32\ieetwproxystub.dll
2017-02-20 07:07 - 2016-11-12 15:25 - 00576000 _____ (Microsoft Corporation) C:

\Windows\system32\vbscript.dll
2017-02-20 07:07 - 2016-11-12 15:25 - 00088064 _____ (Microsoft Corporation) C:

\Windows\system32\MshtmlDac.dll
2017-02-20 07:07 - 2016-11-12 15:21 - 02896384 _____ (Microsoft Corporation) C:

\Windows\system32\iertutil.dll
2017-02-20 07:07 - 2016-11-12 15:15 - 00054784 _____ (Microsoft Corporation) C:

\Windows\system32\jsproxy.dll
2017-02-20 07:07 - 2016-11-12 15:14 - 00034304 _____ (Microsoft Corporation) C:

\Windows\system32\iernonce.dll
2017-02-20 07:07 - 2016-11-12 15:09 - 00615936 _____ (Microsoft Corporation) C:

\Windows\system32\ieui.dll
2017-02-20 07:07 - 2016-11-12 15:08 - 25759744 _____ (Microsoft Corporation) C:

\Windows\system32\mshtml.dll
2017-02-20 07:07 - 2016-11-12 15:08 - 00144384 _____ (Microsoft Corporation) C:

\Windows\system32\ieUnatt.exe
2017-02-20 07:07 - 2016-11-12 15:08 - 00114688 _____ (Microsoft Corporation) C:

\Windows\system32\ieetwcollector.exe
2017-02-20 07:07 - 2016-11-12 15:07 - 00817664 _____ (Microsoft Corporation) C:

\Windows\system32\jscript.dll
2017-02-20 07:07 - 2016-11-12 15:07 - 00814080 _____ (Microsoft Corporation) C:

\Windows\system32\jscript9diag.dll
2017-02-20 07:07 - 2016-11-12 14:56 - 00968704 _____ (Microsoft Corporation) C:

\Windows\system32\MsSpellCheckingFacility.exe
2017-02-20 07:07 - 2016-11-12 14:53 - 06049280 _____ (Microsoft Corporation) C:

\Windows\system32\jscript9.dll
2017-02-20 07:07 - 2016-11-12 14:52 - 00489984 _____ (Microsoft Corporation) C:

\Windows\system32\dxtmsft.dll
2017-02-20 07:07 - 2016-11-12 14:47 - 02724864 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\mshtml.tlb
2017-02-20 07:07 - 2016-11-12 14:41 - 00077824 _____ (Microsoft Corporation) C:

\Windows\system32\JavaScriptCollectionAgent.dll
2017-02-20 07:07 - 2016-11-12 14:40 - 00107520 _____ (Microsoft Corporation) C:

\Windows\system32\inseng.dll
2017-02-20 07:07 - 2016-11-12 14:35 - 00199680 _____ (Microsoft Corporation) C:

\Windows\system32\msrating.dll
2017-02-20 07:07 - 2016-11-12 14:34 - 00092160 _____ (Microsoft Corporation) C:

\Windows\system32\mshtmled.dll
2017-02-20 07:07 - 2016-11-12 14:31 - 00315392 _____ (Microsoft Corporation) C:

\Windows\system32\dxtrans.dll
2017-02-20 07:07 - 2016-11-12 14:30 - 00062464 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\iesetup.dll
2017-02-20 07:07 - 2016-11-12 14:29 - 00498688 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\vbscript.dll
2017-02-20 07:07 - 2016-11-12 14:29 - 00341504 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\html.iec
2017-02-20 07:07 - 2016-11-12 14:29 - 00047616 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\ieetwproxystub.dll
2017-02-20 07:07 - 2016-11-12 14:28 - 00152064 _____ (Microsoft Corporation) C:

\Windows\system32\occache.dll
2017-02-20 07:07 - 2016-11-12 14:27 - 00064000 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\MshtmlDac.dll
2017-02-20 07:07 - 2016-11-12 14:20 - 02287616 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\iertutil.dll
2017-02-20 07:07 - 2016-11-12 14:20 - 00047104 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\jsproxy.dll
2017-02-20 07:07 - 2016-11-12 14:19 - 00030720 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\iernonce.dll
2017-02-20 07:07 - 2016-11-12 14:17 - 20302848 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\mshtml.dll
2017-02-20 07:07 - 2016-11-12 14:15 - 00476160 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\ieui.dll
2017-02-20 07:07 - 2016-11-12 14:14 - 00663552 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\jscript.dll
2017-02-20 07:07 - 2016-11-12 14:14 - 00620032 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\jscript9diag.dll
2017-02-20 07:07 - 2016-11-12 14:14 - 00262144 _____ (Microsoft Corporation) C:

\Windows\system32\webcheck.dll
2017-02-20 07:07 - 2016-11-12 14:14 - 00115712 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\ieUnatt.exe
2017-02-20 07:07 - 2016-11-12 14:11 - 00725504 _____ (Microsoft Corporation) C:

\Windows\system32\ie4uinit.exe
2017-02-20 07:07 - 2016-11-12 14:10 - 00806912 _____ (Microsoft Corporation) C:

\Windows\system32\msfeeds.dll
2017-02-20 07:07 - 2016-11-12 14:08 - 02131456 _____ (Microsoft Corporation) C:

\Windows\system32\inetcpl.cpl
2017-02-20 07:07 - 2016-11-12 14:08 - 01359360 _____ (Microsoft Corporation) C:

\Windows\system32\mshtmlmedia.dll
2017-02-20 07:07 - 2016-11-12 14:03 - 00416256 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\dxtmsft.dll
2017-02-20 07:07 - 2016-11-12 13:57 - 00060416 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-02-20 07:07 - 2016-11-12 13:56 - 00091136 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\inseng.dll
2017-02-20 07:07 - 2016-11-12 13:52 - 00168960 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msrating.dll
2017-02-20 07:07 - 2016-11-12 13:51 - 00076288 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\mshtmled.dll
2017-02-20 07:07 - 2016-11-12 13:49 - 00279040 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\dxtrans.dll
2017-02-20 07:07 - 2016-11-12 13:47 - 00130048 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\occache.dll
2017-02-20 07:07 - 2016-11-12 13:41 - 15257088 _____ (Microsoft Corporation) C:

\Windows\system32\ieframe.dll
2017-02-20 07:07 - 2016-11-12 13:40 - 00230400 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\webcheck.dll
2017-02-20 07:07 - 2016-11-12 13:38 - 00693248 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msfeeds.dll
2017-02-20 07:07 - 2016-11-12 13:37 - 04608000 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\jscript9.dll
2017-02-20 07:07 - 2016-11-12 13:36 - 02055680 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\inetcpl.cpl
2017-02-20 07:07 - 2016-11-12 13:36 - 01155072 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\mshtmlmedia.dll
2017-02-20 07:07 - 2016-11-12 13:35 - 02920960 _____ (Microsoft Corporation) C:

\Windows\system32\wininet.dll
2017-02-20 07:07 - 2016-11-12 13:21 - 13653504 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\ieframe.dll
2017-02-20 07:07 - 2016-11-12 13:20 - 01543680 _____ (Microsoft Corporation) C:

\Windows\system32\urlmon.dll
2017-02-20 07:07 - 2016-11-12 13:11 - 00800768 _____ (Microsoft Corporation) C:

\Windows\system32\ieapfltr.dll
2017-02-20 07:07 - 2016-11-12 13:05 - 02444800 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wininet.dll
2017-02-20 07:07 - 2016-11-12 13:02 - 01312256 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\urlmon.dll
2017-02-20 07:07 - 2016-11-12 13:02 - 00710144 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\ieapfltr.dll
2017-02-20 07:07 - 2016-11-10 12:32 - 01009152 _____ (Microsoft Corporation) C:

\Windows\system32\user32.dll
2017-02-20 07:07 - 2016-11-10 12:19 - 00833024 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\user32.dll
2017-02-20 07:07 - 2016-11-09 12:41 - 00114408 _____ (Microsoft Corporation) C:

\Windows\system32\consent.exe
2017-02-20 07:07 - 2016-11-09 12:33 - 03244032 _____ (Microsoft Corporation) C:

\Windows\system32\msi.dll
2017-02-20 07:07 - 2016-11-09 12:33 - 01941504 _____ (Microsoft Corporation) C:

\Windows\system32\authui.dll
2017-02-20 07:07 - 2016-11-09 12:33 - 00504320 _____ (Microsoft Corporation) C:

\Windows\system32\msihnd.dll
2017-02-20 07:07 - 2016-11-09 12:33 - 00070144 _____ (Microsoft Corporation) C:

\Windows\system32\appinfo.dll
2017-02-20 07:07 - 2016-11-09 12:33 - 00025088 _____ (Microsoft Corporation) C:

\Windows\system32\msimsg.dll
2017-02-20 07:07 - 2016-11-09 12:33 - 00002048 _____ (Microsoft Corporation) C:

\Windows\system32\tzres.dll
2017-02-20 07:07 - 2016-11-09 12:17 - 02365440 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msi.dll
2017-02-20 07:07 - 2016-11-09 12:17 - 01806848 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\authui.dll
2017-02-20 07:07 - 2016-11-09 12:17 - 00337408 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msihnd.dll
2017-02-20 07:07 - 2016-11-09 12:17 - 00025088 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msimsg.dll
2017-02-20 07:07 - 2016-11-09 12:17 - 00002048 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\tzres.dll
2017-02-20 07:07 - 2016-11-09 12:02 - 00128512 _____ (Microsoft Corporation) C:

\Windows\system32\msiexec.exe
2017-02-20 07:07 - 2016-11-09 11:55 - 00073216 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msiexec.exe
2017-02-20 07:07 - 2016-11-06 12:33 - 00404992 _____ (Microsoft Corporation) C:

\Windows\system32\gdi32.dll
2017-02-20 07:07 - 2016-11-06 12:16 - 00312832 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\gdi32.dll
2017-02-20 07:07 - 2016-11-06 12:01 - 03219456 _____ (Microsoft Corporation) C:

\Windows\system32\win32k.sys
2017-02-20 07:07 - 2016-11-02 11:36 - 00382696 _____ (Adobe Systems Incorporated)

C:\Windows\system32\atmfd.dll
2017-02-20 07:07 - 2016-11-02 11:32 - 00100864 _____ (Microsoft Corporation) C:

\Windows\system32\fontsub.dll
2017-02-20 07:07 - 2016-11-02 11:32 - 00046080 _____ (Adobe Systems) C:\Windows

\system32\atmlib.dll
2017-02-20 07:07 - 2016-11-02 11:32 - 00041472 _____ (Microsoft Corporation) C:

\Windows\system32\lpk.dll
2017-02-20 07:07 - 2016-11-02 11:32 - 00014336 _____ (Microsoft Corporation) C:

\Windows\system32\dciman32.dll
2017-02-20 07:07 - 2016-11-02 11:22 - 00308456 _____ (Adobe Systems Incorporated)

C:\Windows\SysWOW64\atmfd.dll
2017-02-20 07:07 - 2016-11-02 11:16 - 00070656 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\fontsub.dll
2017-02-20 07:07 - 2016-11-02 11:16 - 00025600 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\lpk.dll
2017-02-20 07:07 - 2016-11-02 11:16 - 00010240 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\dciman32.dll
2017-02-20 07:07 - 2016-11-02 10:53 - 00034304 _____ (Adobe Systems) C:\Windows

\SysWOW64\atmlib.dll
2017-02-20 07:07 - 2016-10-27 11:33 - 00802304 _____ (Microsoft Corporation) C:

\Windows\system32\usp10.dll
2017-02-20 07:07 - 2016-10-27 11:20 - 00627712 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\usp10.dll
2017-02-20 07:07 - 2016-10-15 11:31 - 00976896 _____ (Microsoft Corporation) C:

\Windows\system32\inetcomm.dll
2017-02-20 07:07 - 2016-10-15 11:31 - 00084480 _____ (Microsoft Corporation) C:

\Windows\system32\INETRES.dll
2017-02-20 07:07 - 2016-10-15 11:13 - 00741888 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\inetcomm.dll
2017-02-20 07:07 - 2016-10-15 11:13 - 00084480 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\INETRES.dll
2017-02-20 07:07 - 2016-10-11 11:40 - 00631176 _____ (Microsoft Corporation) C:

\Windows\system32\winresume.efi
2017-02-20 07:07 - 2016-10-11 11:37 - 05547752 _____ (Microsoft Corporation) C:

\Windows\system32\ntoskrnl.exe
2017-02-20 07:07 - 2016-10-11 11:37 - 00706792 _____ (Microsoft Corporation) C:

\Windows\system32\winload.efi
2017-02-20 07:07 - 2016-10-11 11:34 - 01732864 _____ (Microsoft Corporation) C:

\Windows\system32\ntdll.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00503808 _____ (Microsoft Corporation) C:

\Windows\system32\srcore.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00362496 _____ (Microsoft Corporation) C:

\Windows\system32\wow64win.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00243712 _____ (Microsoft Corporation) C:

\Windows\system32\wow64.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00215552 _____ (Microsoft Corporation) C:

\Windows\system32\winsrv.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00069120 _____ (Microsoft Corporation) C:

\Windows\system32\nlsbres.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00063488 _____ (Microsoft Corporation) C:

\Windows\system32\setbcdlocale.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00050176 _____ (Microsoft Corporation) C:

\Windows\system32\srclient.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00016384 _____ (Microsoft Corporation) C:

\Windows\system32\ntvdm64.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00013312 _____ (Microsoft Corporation) C:

\Windows\system32\wow64cpu.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 01163264 _____ (Microsoft Corporation) C:

\Windows\system32\kernel32.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 01148416 _____ (Microsoft Corporation) C:

\Windows\system32\IMJP10.IME
2017-02-20 07:07 - 2016-10-11 11:31 - 01068544 _____ (Microsoft Corporation) C:

\Windows\system32\msctf.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00880640 _____ (Microsoft Corporation) C:

\Windows\system32\advapi32.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00878080 _____ (Microsoft Corporation) C:

\Windows\system32\IMJP10K.DLL
2017-02-20 07:07 - 2016-10-11 11:31 - 00457216 _____ (Microsoft Corporation) C:

\Windows\system32\imkr80.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00419840 _____ (Microsoft Corporation) C:

\Windows\system32\KernelBase.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00246784 _____ (Microsoft Corporation) C:

\Windows\system32\input.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00176128 _____ (Microsoft Corporation) C:

\Windows\system32\tintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:

\Windows\system32\quick.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:

\Windows\system32\qintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:

\Windows\system32\phon.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:

\Windows\system32\cintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:

\Windows\system32\chajei.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00132608 _____ (Microsoft Corporation) C:

\Windows\system32\pintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00059904 _____ (Microsoft Corporation) C:

\Windows\system32\appidapi.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00044032 _____ (Microsoft Corporation) C:

\Windows\system32\csrsrv.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00034816 _____ (Microsoft Corporation) C:

\Windows\system32\appidsvc.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00006656 _____ (Microsoft Corporation) C:

\Windows\system32\apisetschema.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00006144 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00005120 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004608 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004608 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004096 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004096 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004096 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004096 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:

\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:24 - 04000488 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\ntkrnlpa.exe
2017-02-20 07:07 - 2016-10-11 11:24 - 03944680 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\ntoskrnl.exe
2017-02-20 07:07 - 2016-10-11 11:21 - 01314112 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\ntdll.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 01114112 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\kernel32.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 01027584 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\IMJP10.IME
2017-02-20 07:07 - 2016-10-11 11:18 - 00829952 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\msctf.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00701440 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\IMJP10K.DLL
2017-02-20 07:07 - 2016-10-11 11:18 - 00644096 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\advapi32.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00430080 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\imkr80.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00275456 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\KernelBase.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00202240 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\input.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00126976 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\tintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\quick.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\qintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\phon.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\cintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\chajei.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00090112 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\pintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00069120 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\nlsbres.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00050688 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\appidapi.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00043008 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\srclient.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00006656 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\apisetschema.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00005120 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00005120 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wow32.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004608 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004096 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004096 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004096 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004096 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004096 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:03 - 00148480 _____ (Microsoft Corporation) C:

\Windows\system32\appidpolicyconverter.exe
2017-02-20 07:07 - 2016-10-11 11:03 - 00062464 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\appid.sys
2017-02-20 07:07 - 2016-10-11 11:03 - 00017920 _____ (Microsoft Corporation) C:

\Windows\system32\appidcertstorecheck.exe
2017-02-20 07:07 - 2016-10-11 10:59 - 00338432 _____ (Microsoft Corporation) C:

\Windows\system32\conhost.exe
2017-02-20 07:07 - 2016-10-11 10:59 - 00296960 _____ (Microsoft Corporation) C:

\Windows\system32\rstrui.exe
2017-02-20 07:07 - 2016-10-11 10:55 - 00346112 _____ (Microsoft Corporation) C:

\Windows\system32\bcdedit.exe
2017-02-20 07:07 - 2016-10-11 10:55 - 00112640 _____ (Microsoft Corporation) C:

\Windows\system32\smss.exe
2017-02-20 07:07 - 2016-10-11 10:51 - 00025600 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\setup16.exe
2017-02-20 07:07 - 2016-10-11 10:51 - 00014336 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\ntvdm64.dll
2017-02-20 07:07 - 2016-10-11 10:51 - 00007680 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\instnm.exe
2017-02-20 07:07 - 2016-10-11 10:51 - 00002048 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\user.exe
2017-02-20 07:07 - 2016-10-11 10:50 - 00006144 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 10:50 - 00004608 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 10:50 - 00003584 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 10:50 - 00003072 ____H (Microsoft Corporation) C:

\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 09:33 - 00187392 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\UIAnimation.dll
2017-02-20 07:07 - 2016-10-11 09:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-02-20 07:07 - 2016-10-11 09:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-02-20 07:07 - 2016-10-11 09:06 - 00221184 _____ (Microsoft Corporation) C:

\Windows\system32\UIAnimation.dll
2017-02-20 07:07 - 2016-10-08 09:06 - 00633296 _____ (Microsoft Corporation) C:

\Windows\system32\winload.exe
2017-02-20 07:07 - 2016-10-07 11:32 - 03649536 _____ (Microsoft Corporation) C:

\Windows\system32\MSVidCtl.dll
2017-02-20 07:07 - 2016-10-07 11:32 - 00877056 _____ (Microsoft Corporation) C:

\Windows\system32\oleaut32.dll
2017-02-20 07:07 - 2016-10-07 11:32 - 00084992 _____ (Microsoft Corporation) C:

\Windows\system32\asycfilt.dll
2017-02-20 07:07 - 2016-10-07 11:12 - 02291712 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\MSVidCtl.dll
2017-02-20 07:07 - 2016-10-07 11:12 - 00581632 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\oleaut32.dll
2017-02-20 07:07 - 2016-10-07 11:12 - 00067584 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\asycfilt.dll
2017-02-20 07:07 - 2016-10-05 10:54 - 00090112 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\bowser.sys
2017-02-20 07:07 - 2016-10-04 11:31 - 01483264 _____ (Microsoft Corporation) C:

\Windows\system32\crypt32.dll
2017-02-20 07:07 - 2016-10-04 11:31 - 00229376 _____ (Microsoft Corporation) C:

\Windows\system32\wintrust.dll
2017-02-20 07:07 - 2016-10-04 11:31 - 00190976 _____ (Microsoft Corporation) C:

\Windows\system32\cryptsvc.dll
2017-02-20 07:07 - 2016-10-04 11:31 - 00141824 _____ (Microsoft Corporation) C:

\Windows\system32\cryptnet.dll
2017-02-20 07:07 - 2016-10-04 11:13 - 01176064 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\crypt32.dll
2017-02-20 07:07 - 2016-10-04 11:13 - 00179200 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\wintrust.dll
2017-02-20 07:07 - 2016-10-04 11:13 - 00145920 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\cryptsvc.dll
2017-02-20 07:07 - 2016-10-04 11:13 - 00106496 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\cryptnet.dll
2017-02-20 07:07 - 2016-09-15 10:56 - 00041984 _____ (Microsoft Corporation) C:

\Windows\system32\UtcResources.dll
2017-02-20 07:07 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:

\Windows\system32\adsmsext.dll
2017-02-20 07:07 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\adsmsext.dll
2017-02-20 07:07 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\DWrite.dll
2017-02-20 07:07 - 2016-09-12 14:43 - 01648128 _____ (Microsoft Corporation) C:

\Windows\system32\DWrite.dll
2017-02-20 07:07 - 2016-09-12 14:43 - 01180160 _____ (Microsoft Corporation) C:

\Windows\system32\FntCache.dll
2017-02-20 07:07 - 2016-09-09 14:20 - 00756736 _____ (Microsoft Corporation) C:

\Windows\system32\win32spl.dll
2017-02-20 07:07 - 2016-09-09 14:00 - 00497152 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\win32spl.dll
2017-02-20 07:07 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:

\Windows\system32\WebClnt.dll
2017-02-20 07:07 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\WebClnt.dll
2017-02-20 07:07 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:

\Windows\system32\davclnt.dll
2017-02-20 07:07 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:

\Windows\SysWOW64\davclnt.dll
2017-02-20 07:07 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\mrxdav.sys
2017-02-20 07:07 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:

\Windows\system32\Drivers\dfsc.sys
2017-02-20 07:07 - 2016-08-22 12:19 - 01386496 _____ (Microsoft Corporation) C:

\Windows\system32\diagtrack.dll
2017-02-20 06:59 - 2017-02-20 06:59 - 00000000 ____D C:\Users\******\AppData\Local

\Adobe
2017-02-17 10:41 - 2017-02-17 10:44 - 00000000 ____D C:\Users\******\Desktop

\The.Naked.Gun.From.the.Files.of.Police.Squad.1988.720p.BluRay.x264.AAC-ETRG
2017-02-17 10:40 - 2017-02-17 10:40 - 00000000 ____D C:\Users\******\Desktop

\Airplane! (1980) [1080p] x264 - Jalucian
2017-02-17 00:30 - 2017-02-26 22:30 - 00000000 ____D C:\Users\******\Desktop\The

Naked Gun Trilogy (1988-1994)
2017-02-17 00:27 - 2017-03-11 15:48 - 00000000 ____D C:\Users\******\AppData

\Roaming\BitTorrent
2017-02-17 00:27 - 2017-02-17 00:27 - 02241224 _____ (BitTorrent Inc.) C:\Users

\******\Desktop\BitTorrent.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 08:09 - 2016-09-25 07:53 - 00098350 _____ C:\Windows\ZAM.krnl.trace
2017-03-12 08:09 - 2016-09-25 07:53 - 00073433 _____ C:\Windows

\ZAM_Guard.krnl.trace
2017-03-12 08:09 - 2016-03-08 09:17 - 00000000 ____D C:\Users\******\Desktop\Virus

Stuff
2017-03-12 08:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows

Sidebar
2017-03-12 04:23 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-12 04:23 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-12 02:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-11 22:14 - 2016-11-24 14:44 - 00000000 ____D C:\Users\******\AppData

\LocalLow\Mozilla
2017-03-11 21:59 - 2016-10-15 10:24 - 00000600 _____ C:\Users\******\AppData\Local

\PUTTY.RND
2017-03-11 21:22 - 2009-07-14 01:13 - 00799970 _____ C:\Windows

\system32\PerfStringBackup.INI
2017-03-11 21:17 - 2015-09-12 00:53 - 00000000 ____D C:\ProgramData\PACE
2017-03-11 21:16 - 2013-07-16 20:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-11 21:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 20:19 - 2016-12-16 19:33 - 00003332 _____ C:\Windows\System32\Tasks

\GoogleUpdateTaskMachineUA
2017-03-11 20:19 - 2016-12-16 19:33 - 00003204 _____ C:\Windows\System32\Tasks

\GoogleUpdateTaskMachineCore
2017-03-11 15:53 - 2014-12-11 08:40 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-11 15:53 - 2014-05-06 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-11 15:52 - 2013-07-16 21:44 - 00000000 ____D C:\Windows\system32\MRT
2017-03-11 15:50 - 2013-07-16 20:29 - 138020592 ____C (Microsoft Corporation) C:

\Windows\system32\MRT.exe
2017-03-11 15:48 - 2016-10-06 22:13 - 00000000 ____D C:\ProgramData\Foxit Software
2017-03-11 15:48 - 2016-10-01 10:07 - 00000000 ____D C:\Users\******\AppData

\Roaming\Media Player Classic
2017-03-11 15:48 - 2014-08-15 02:21 - 00000000 ____D C:\Windows\Minidump
2017-03-11 15:45 - 2015-07-10 00:21 - 00000000 ____D C:\ProgramData\Microsoft

\Windows\Start Menu\Programs\Propellerhead
2017-03-11 15:45 - 2015-07-10 00:21 - 00000000 ____D C:\Program Files

(x86)\Propellerhead
2017-03-11 15:44 - 2015-10-17 02:14 - 00000000 ____D C:\ProgramData\Microsoft

\Windows\Start Menu\Programs\Microsoft GIF Animator
2017-03-11 15:44 - 2015-10-17 02:14 - 00000000 ____D C:\Multimedia Files
2017-03-08 22:18 - 2017-01-21 21:47 - 00082432 _____ C:\Users\******\Desktop

\AstroFlux Stuff.xls
2017-03-02 08:08 - 2015-03-09 18:39 - 00000000 ____D C:\Users\******\AppData

\Roaming\Audacity
2017-02-26 22:19 - 2014-06-08 16:43 - 00000000 ____D C:\Users\******\AppData

\Roaming\MediaMonkey
2017-02-20 09:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-02-20 07:18 - 2016-10-22 13:58 - 00413000 _____ C:\Windows

\system32\FNTCACHE.DAT
2017-02-20 07:12 - 2013-07-16 16:13 - 00792092 _____ C:\Windows

\SysWOW64\PerfStringBackup.INI
2017-02-20 06:59 - 2013-07-17 18:30 - 00802904 _____ (Adobe Systems Incorporated)

C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-20 06:59 - 2013-07-17 18:30 - 00144472 _____ (Adobe Systems Incorporated)

C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-20 06:59 - 2013-07-17 18:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-20 06:59 - 2013-07-17 18:30 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2016-10-15 10:24 - 2017-03-11 21:59 - 0000600 _____ () C:\Users\******\AppData

\Local\PUTTY.RND

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 02:22

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Ran by ****** (12-03-2017 08:10:01)
Running from C:\Users\******\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-07-17 03:55:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3113485377-2953679804-1031508582-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3113485377-2953679804-1031508582-1004 - Limited - Enabled)
Guest (S-1-5-21-3113485377-2953679804-1031508582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3113485377-2953679804-1031508582-1002 - Limited - Enabled)
****** (S-1-5-21-3113485377-2953679804-1031508582-1000 - Administrator - Enabled) => C:\Users\******

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version: - )
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Akai EIE Pro USB Audio driver (HKLM\...\USB_AUDIO_DEusb-audio.deAkaiEIE) (Version: - )
ALLDATA Repair (HKLM-x32\...\{73090A5A-E0C0-4E0B-A320-E183877061A5}) (Version: 10.51.1000.101 - ALLDATA Corporation)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.12.0 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Auto Clicker Typer 1.0 (HKLM-x32\...\Auto Clicker Typer_is1) (Version: - A Software Plus)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.76 - Buffalo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
File Writer output plugin for WinAMP 2 v1.17(c) (remove only) (HKLM-x32\...\File Writer output plugin) (Version: - )
FNC 11 Installer (x32 Version: 11.06.0000 - Acresso Software) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
GNS3 0.8.7 (HKLM-x32\...\GNS3) (Version: 0.8.7 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.879 - Paramount Software (UK) Ltd.) Hidden
Media Player Classic - Home Cinema 1.6.1.4235 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.1.4235 - MPC-HC Team)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
PACE License Support Win64 (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6823 - Realtek Semiconductor Corp.)
Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Tag&Rename 3.7 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7 - Softpointer Inc)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.576 - Zemana Ltd.)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1126644A-5791-46EF-B388-FCCC99455443} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {776A026D-36F9-4340-8DA2-E3F99BBEDB5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-05] (Google Inc.)
Task: {C6D2E45F-78CC-41FD-81B6-59599E2EB142} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D0CF7A3C-6632-45F8-89E9-8BB37CAD5D7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-07 17:15 - 2015-02-03 22:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-21 16:16 - 2016-09-21 16:16 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-25 07:53 - 2017-01-24 07:51 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-02-06 18:40 - 2017-02-01 05:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 18:40 - 2017-02-01 05:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\PACE:BAE58937CBFFCB07 [1]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-07-24 10:57 - 2016-10-07 07:07 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\Control Panel\Desktop\\Wallpaper -> Ïöu
DNS Servers: 8.8.8.8 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Outlook 2007.lnk => C:\Windows\pss\Microsoft Office Outlook 2007.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1F3499E8-655E-432D-8E46-DB2E4C4AF239}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{E20751D3-ACF2-479E-92E5-F3A406C8CF05}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{A1EA805D-A3B5-4079-B33A-FD26FEBAB8D4}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{37F3B9E2-EB1E-4AE1-BE6B-CEF37EC496E7}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{2EE99B42-3919-4534-B710-EB69610D46AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{032587B6-A885-462D-B804-927DA9D1AD55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{077FACB6-55AC-4832-9097-C85A5D7D026C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4F5B9F22-C33A-4D83-9053-5482949DD1E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{51B26A99-E019-494B-95B0-1500FED4E4EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7408BE0-4307-42A0-8356-93EAE9B2CCBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{113F6EB5-3276-4474-861E-6E442A9A1347}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{EFA9DFE5-0481-4F1F-9A7D-A49258143EA7}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{2E973914-B053-4AE4-9C96-6F5982475618}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{7E4431AB-1944-4EF8-B85A-D6A0946732F9}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{9DD1246B-EB22-44D9-9D35-898337EC5652}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [TCP Query User{A5268866-D16A-4EC6-9440-D886DD5182E8}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [UDP Query User{18A19F28-115E-47B2-A1C9-28C16A276AEA}C:\program files\gns3\dynamips.exe] => (Allow) C:\program files\gns3\dynamips.exe
FirewallRules: [{83C19C54-7633-4BDB-99BC-BF5545CD7B49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF1B2D19-10C9-40B6-97A7-3941A6B4E33C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AA1814B4-675B-4A51-B85A-3409C5F0E60F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{95C89ED3-AB41-4B3B-BA3B-FDDFEB705E13}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AA1DB257-7E9F-4A58-AD69-209215D58549}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{70B7B4D9-1F62-4550-B771-B1C8D0150210}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A2830A0B-6DF1-48E6-A6ED-26392C03B918}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E1A6CE9-9055-4B96-9D21-764265CC8AEA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D29E484-46F0-4FF0-98E5-53E0E649FB8C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2FE6BBA8-5B29-400D-A0A5-CBF2F5B545C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F7C3E5EE-BED6-47B0-8C82-4999A0F5C7A4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2224901B-FE9E-4976-8B10-DC4BB4794154}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E179A782-F107-440A-8575-4931144BE997}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-02-2017 04:05:57 Windows Update
28-02-2017 04:06:33 Windows Update
07-03-2017 09:24:13 Windows Update
11-03-2017 15:50:16 Windows Update
11-03-2017 21:08:34 JRT Pre-Junkware Removal
12-03-2017 08:03:45 ZHPFix Restore System Point

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2017 08:03:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x10a8
Faulting application start time: 0x01d29ad9d9e0d6d9
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: ef0eaecb-071b-11e7-a4b4-d43d7eb196c8

Error: (03/11/2017 09:18:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/11/2017 09:17:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Faulting module name: igfxCUIService.exe, version: 6.15.10.3958, time stamp: 0x54256c7d
Exception code: 0xc0000005
Fault offset: 0x000000000001133c
Faulting process id: 0x474
Faulting application start time: 0x01d29ace533c907a
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: a62a5c0d-06c1-11e7-a4b4-d43d7eb196c8

Error: (03/11/2017 08:41:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/11/2017 08:40:52 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 08:40:52 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 08:40:52 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 08:40:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/11/2017 08:40:38 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/11/2017 08:40:36 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (03/11/2017 09:17:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
Unspecified error

Error: (03/11/2017 09:15:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/11/2017 09:15:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/11/2017 09:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Macrium Reflect Image Mounting Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 09:15:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PACE License Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (03/11/2017 09:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 09:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NAS PM Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 09:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 09:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Foxit Reader Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 09:15:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 22%
Total physical RAM: 8122.92 MB
Available physical RAM: 6287.59 MB
Total Virtual: 16244.02 MB
Available Virtual: 14392.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:179.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5390540C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Attachments

Malnutrition

Malnurished Mod
Moderator
Security Team
Malware Teacher
Jul 22, 2016
2,797
491
#10
ESET Online Scanner

Important note:
This scan may take an extended amount of time, make certain your machine does not go to sleep.


  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
28
4
43
#12
So ... the same browser hijack happened again. Either we haven't cleaned it off yet or it came back. Here's the FRST log, I'll upload one from ESET when it's done.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by ****** (administrator) on ******-PC (12-03-2017 08:09:40)
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available Profiles: ******)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{71B88154-5A6B-457A-ADCF-3F33C69C7093}: [NameServer] 8.8.8.8,75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.com
URLSearchHook: [S-1-5-21-3113485377-2953679804-1031508582-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 [2017-03-12]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> Google
FF Homepage: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> hxxp://www.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ftp", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.socks", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ssl", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ftp", "192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> socks", "192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ssl", "192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-20] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default [2017-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11-21] (BUFFALO INC.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AKAI_EIE_PRO_MIDI; C:\Windows\System32\drivers\akaieiem.sys [31984 2011-09-22] (Numark)
S3 AKAI_EIE_PRO_USB; C:\Windows\System32\Drivers\akaieieu.sys [424176 2011-09-22] (Ploytec GmbH)
S3 AKAI_EIE_WDM; C:\Windows\System32\drivers\akaieiea.sys [54000 2011-09-22] (Numark)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [120256 2009-01-29] (SlySoft, Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-25] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-25] (Zemana Ltd.)
S3 BEHRINGER_2902; System32\Drivers\BUSB2902.sys [X]
S3 BUSB_AUDIO_WDM; system32\drivers\busbwdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 08:09 - 2017-03-12 08:09 - 00011845 _____ C:\Users\******\Desktop\FRST.txt
2017-03-12 08:07 - 2017-03-12 08:07 - 00004983 _____ C:\Users\******\Desktop\ZHPFixReport.txt
2017-03-12 08:03 - 2017-03-12 08:03 - 00000000 ____D C:\Users\******\AppData\Local\CrashDumps
2017-03-12 08:02 - 2017-03-12 08:03 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2017-03-12 08:02 - 2017-03-12 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2017-03-11 21:14 - 2017-03-11 21:26 - 00000000 ____D C:\AdwCleaner
2017-03-11 20:46 - 2017-03-11 21:08 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-11 20:46 - 2017-03-11 20:46 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-11 20:21 - 2017-03-12 08:07 - 00000000 ____D C:\Users\******\AppData\Roaming\ZHP
2017-03-11 20:18 - 2017-03-11 20:18 - 00000000 ____D C:\Windows\pss
2017-03-11 16:10 - 2017-03-12 08:09 - 00000000 ____D C:\FRST
2017-03-11 16:09 - 2017-03-11 16:09 - 02424320 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2017-03-11 15:50 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-11 15:50 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-11 15:50 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-11 15:50 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-11 15:50 - 2016-12-31 11:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-11 15:50 - 2016-12-31 11:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-11 15:50 - 2016-12-31 11:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-11 15:50 - 2016-12-31 11:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-11 15:50 - 2016-12-31 11:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-11 15:48 - 2017-03-11 20:19 - 00002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-11 13:28 - 2017-03-11 13:28 - 15038328 _____ (Balsamiq ) C:\Users\******\Desktop\Balsamiq_Mockups_3.5.8.exe
2017-03-04 00:23 - 2017-03-04 00:54 - 00040448 _____ C:\Users\******\Desktop\Cisco Options.xls
2017-03-04 00:23 - 2017-03-04 00:23 - 00001355 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-03-04 00:23 - 2017-03-04 00:23 - 00001355 _____ C:\ProgramData\Desktop\Foxit Reader.lnk
2017-03-04 00:23 - 2017-03-04 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-03-01 20:18 - 2017-03-01 20:26 - 63333188 _____ C:\Users\******\Desktop\04 - Plorp (2017-03-01).wav
2017-02-25 17:33 - 2017-02-25 17:35 - 1113651520 _____ C:\Users\******\Desktop\Greg Wilson - What We Actually Know About Software Development.mp4
2017-02-20 07:32 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-02-20 07:32 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-02-20 07:07 - 2017-01-05 14:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-20 07:07 - 2017-01-05 14:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-20 07:07 - 2017-01-05 14:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-20 07:07 - 2017-01-05 14:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-02-20 07:07 - 2017-01-05 13:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-20 07:07 - 2017-01-05 13:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-02-20 07:07 - 2017-01-05 13:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-20 07:07 - 2017-01-05 13:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-20 07:07 - 2017-01-05 13:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-20 07:07 - 2017-01-05 13:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-20 07:07 - 2017-01-05 13:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-20 07:07 - 2017-01-05 13:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-02-20 07:07 - 2017-01-05 13:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-02-20 07:07 - 2016-11-21 14:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-02-20 07:07 - 2016-11-20 12:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-02-20 07:07 - 2016-11-20 10:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-20 07:07 - 2016-11-17 12:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-02-20 07:07 - 2016-11-14 19:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-02-20 07:07 - 2016-11-14 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-02-20 07:07 - 2016-11-12 15:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-02-20 07:07 - 2016-11-12 15:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-02-20 07:07 - 2016-11-12 15:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-02-20 07:07 - 2016-11-12 15:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-02-20 07:07 - 2016-11-12 15:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-02-20 07:07 - 2016-11-12 15:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-20 07:07 - 2016-11-12 15:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-02-20 07:07 - 2016-11-12 15:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-02-20 07:07 - 2016-11-12 15:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-02-20 07:07 - 2016-11-12 15:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-02-20 07:07 - 2016-11-12 15:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-02-20 07:07 - 2016-11-12 15:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-20 07:07 - 2016-11-12 15:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-02-20 07:07 - 2016-11-12 15:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-02-20 07:07 - 2016-11-12 15:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-20 07:07 - 2016-11-12 15:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-02-20 07:07 - 2016-11-12 14:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-02-20 07:07 - 2016-11-12 14:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-20 07:07 - 2016-11-12 14:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-02-20 07:07 - 2016-11-12 14:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-02-20 07:07 - 2016-11-12 14:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-02-20 07:07 - 2016-11-12 14:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-02-20 07:07 - 2016-11-12 14:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-02-20 07:07 - 2016-11-12 14:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-02-20 07:07 - 2016-11-12 14:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-02-20 07:07 - 2016-11-12 14:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-02-20 07:07 - 2016-11-12 14:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-20 07:07 - 2016-11-12 14:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-02-20 07:07 - 2016-11-12 14:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-02-20 07:07 - 2016-11-12 14:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-02-20 07:07 - 2016-11-12 14:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-02-20 07:07 - 2016-11-12 14:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-02-20 07:07 - 2016-11-12 14:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-02-20 07:07 - 2016-11-12 14:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-02-20 07:07 - 2016-11-12 14:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-20 07:07 - 2016-11-12 14:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-02-20 07:07 - 2016-11-12 14:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-20 07:07 - 2016-11-12 14:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-02-20 07:07 - 2016-11-12 14:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-02-20 07:07 - 2016-11-12 14:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-02-20 07:07 - 2016-11-12 14:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-20 07:07 - 2016-11-12 14:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-20 07:07 - 2016-11-12 14:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-02-20 07:07 - 2016-11-12 14:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-02-20 07:07 - 2016-11-12 14:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-02-20 07:07 - 2016-11-12 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-02-20 07:07 - 2016-11-12 13:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-02-20 07:07 - 2016-11-12 13:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-02-20 07:07 - 2016-11-12 13:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-02-20 07:07 - 2016-11-12 13:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-02-20 07:07 - 2016-11-12 13:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-02-20 07:07 - 2016-11-12 13:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-20 07:07 - 2016-11-12 13:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-02-20 07:07 - 2016-11-12 13:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-20 07:07 - 2016-11-12 13:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-20 07:07 - 2016-11-12 13:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-02-20 07:07 - 2016-11-12 13:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-02-20 07:07 - 2016-11-12 13:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-20 07:07 - 2016-11-12 13:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-20 07:07 - 2016-11-12 13:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-20 07:07 - 2016-11-12 13:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-20 07:07 - 2016-11-12 13:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-20 07:07 - 2016-11-12 13:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-20 07:07 - 2016-11-12 13:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-02-20 07:07 - 2016-11-10 12:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-20 07:07 - 2016-11-10 12:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-20 07:07 - 2016-11-09 12:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-02-20 07:07 - 2016-11-09 12:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-20 07:07 - 2016-11-09 12:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-20 07:07 - 2016-11-09 12:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-02-20 07:07 - 2016-11-09 12:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-02-20 07:07 - 2016-11-09 12:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-02-20 07:07 - 2016-11-09 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-02-20 07:07 - 2016-11-09 12:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-02-20 07:07 - 2016-11-09 12:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-02-20 07:07 - 2016-11-09 12:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-02-20 07:07 - 2016-11-09 12:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-02-20 07:07 - 2016-11-09 12:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-02-20 07:07 - 2016-11-09 12:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-02-20 07:07 - 2016-11-09 11:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-02-20 07:07 - 2016-11-06 12:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-20 07:07 - 2016-11-06 12:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-02-20 07:07 - 2016-11-06 12:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-20 07:07 - 2016-11-02 11:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-02-20 07:07 - 2016-11-02 11:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-02-20 07:07 - 2016-11-02 11:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-02-20 07:07 - 2016-11-02 11:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-02-20 07:07 - 2016-11-02 11:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-02-20 07:07 - 2016-11-02 11:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-02-20 07:07 - 2016-11-02 11:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-02-20 07:07 - 2016-11-02 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-02-20 07:07 - 2016-11-02 11:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-02-20 07:07 - 2016-11-02 10:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-02-20 07:07 - 2016-10-27 11:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-02-20 07:07 - 2016-10-27 11:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-02-20 07:07 - 2016-10-15 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-20 07:07 - 2016-10-15 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-02-20 07:07 - 2016-10-15 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-20 07:07 - 2016-10-15 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-02-20 07:07 - 2016-10-11 11:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-02-20 07:07 - 2016-10-11 11:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-20 07:07 - 2016-10-11 11:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-02-20 07:07 - 2016-10-11 11:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-02-20 07:07 - 2016-10-11 11:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-02-20 07:07 - 2016-10-11 11:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-02-20 07:07 - 2016-10-11 11:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-02-20 07:07 - 2016-10-11 11:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-02-20 07:07 - 2016-10-11 11:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-02-20 07:07 - 2016-10-11 11:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-02-20 07:07 - 2016-10-11 11:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-02-20 07:07 - 2016-10-11 11:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 11:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-02-20 07:07 - 2016-10-11 11:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-02-20 07:07 - 2016-10-11 11:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-02-20 07:07 - 2016-10-11 10:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-02-20 07:07 - 2016-10-11 10:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-02-20 07:07 - 2016-10-11 10:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-02-20 07:07 - 2016-10-11 10:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-02-20 07:07 - 2016-10-11 10:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-02-20 07:07 - 2016-10-11 10:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-02-20 07:07 - 2016-10-11 10:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-02-20 07:07 - 2016-10-11 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-02-20 07:07 - 2016-10-11 10:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 10:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 10:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 10:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-02-20 07:07 - 2016-10-11 09:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-02-20 07:07 - 2016-10-11 09:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-02-20 07:07 - 2016-10-11 09:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-02-20 07:07 - 2016-10-11 09:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-02-20 07:07 - 2016-10-08 09:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-02-20 07:07 - 2016-10-07 11:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-02-20 07:07 - 2016-10-07 11:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-02-20 07:07 - 2016-10-07 11:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-02-20 07:07 - 2016-10-07 11:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-02-20 07:07 - 2016-10-07 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-02-20 07:07 - 2016-10-07 11:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-02-20 07:07 - 2016-10-05 10:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-02-20 07:07 - 2016-10-04 11:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-02-20 07:07 - 2016-10-04 11:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-02-20 07:07 - 2016-10-04 11:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-02-20 07:07 - 2016-10-04 11:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-02-20 07:07 - 2016-10-04 11:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-02-20 07:07 - 2016-10-04 11:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-02-20 07:07 - 2016-10-04 11:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-02-20 07:07 - 2016-10-04 11:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-02-20 07:07 - 2016-09-15 10:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-02-20 07:07 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-02-20 07:07 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-02-20 07:07 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-02-20 07:07 - 2016-09-12 14:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-02-20 07:07 - 2016-09-12 14:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-02-20 07:07 - 2016-09-09 14:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-02-20 07:07 - 2016-09-09 14:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-02-20 07:07 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-02-20 07:07 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-02-20 07:07 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-02-20 07:07 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-02-20 07:07 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-02-20 07:07 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-02-20 07:07 - 2016-08-22 12:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-02-20 06:59 - 2017-02-20 06:59 - 00000000 ____D C:\Users\******\AppData\Local\Adobe
2017-02-17 10:41 - 2017-02-17 10:44 - 00000000 ____D C:\Users\******\Desktop\The.Naked.Gun.From.the.Files.of.Police.Squad.1988.720p.BluRay.x264.AAC-ETRG
2017-02-17 10:40 - 2017-02-17 10:40 - 00000000 ____D C:\Users\******\Desktop\Airplane! (1980) [1080p] x264 - Jalucian
2017-02-17 00:30 - 2017-02-26 22:30 - 00000000 ____D C:\Users\******\Desktop\The Naked Gun Trilogy (1988-1994)
2017-02-17 00:27 - 2017-03-11 15:48 - 00000000 ____D C:\Users\******\AppData\Roaming\BitTorrent
2017-02-17 00:27 - 2017-02-17 00:27 - 02241224 _____ (BitTorrent Inc.) C:\Users\******\Desktop\BitTorrent.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 08:09 - 2016-09-25 07:53 - 00098350 _____ C:\Windows\ZAM.krnl.trace
2017-03-12 08:09 - 2016-09-25 07:53 - 00073433 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-12 08:09 - 2016-03-08 09:17 - 00000000 ____D C:\Users\******\Desktop\Virus Stuff
2017-03-12 08:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-03-12 04:23 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-12 04:23 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-12 02:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-11 22:14 - 2016-11-24 14:44 - 00000000 ____D C:\Users\******\AppData\LocalLow\Mozilla
2017-03-11 21:59 - 2016-10-15 10:24 - 00000600 _____ C:\Users\******\AppData\Local\PUTTY.RND
2017-03-11 21:22 - 2009-07-14 01:13 - 00799970 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-11 21:17 - 2015-09-12 00:53 - 00000000 ____D C:\ProgramData\PACE
2017-03-11 21:16 - 2013-07-16 20:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-11 21:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 20:19 - 2016-12-16 19:33 - 00003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-11 20:19 - 2016-12-16 19:33 - 00003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-11 15:53 - 2014-12-11 08:40 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-11 15:53 - 2014-05-06 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-11 15:52 - 2013-07-16 21:44 - 00000000 ____D C:\Windows\system32\MRT
2017-03-11 15:50 - 2013-07-16 20:29 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-11 15:48 - 2016-10-06 22:13 - 00000000 ____D C:\ProgramData\Foxit Software
2017-03-11 15:48 - 2016-10-01 10:07 - 00000000 ____D C:\Users\******\AppData\Roaming\Media Player Classic
2017-03-11 15:48 - 2014-08-15 02:21 - 00000000 ____D C:\Windows\Minidump
2017-03-11 15:45 - 2015-07-10 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2017-03-11 15:45 - 2015-07-10 00:21 - 00000000 ____D C:\Program Files (x86)\Propellerhead
2017-03-11 15:44 - 2015-10-17 02:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft GIF Animator
2017-03-11 15:44 - 2015-10-17 02:14 - 00000000 ____D C:\Multimedia Files
2017-03-08 22:18 - 2017-01-21 21:47 - 00082432 _____ C:\Users\******\Desktop\AstroFlux Stuff.xls
2017-03-02 08:08 - 2015-03-09 18:39 - 00000000 ____D C:\Users\******\AppData\Roaming\Audacity
2017-02-26 22:19 - 2014-06-08 16:43 - 00000000 ____D C:\Users\******\AppData\Roaming\MediaMonkey
2017-02-20 09:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-02-20 07:18 - 2016-10-22 13:58 - 00413000 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-20 07:12 - 2013-07-16 16:13 - 00792092 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-20 06:59 - 2013-07-17 18:30 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-20 06:59 - 2013-07-17 18:30 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-20 06:59 - 2013-07-17 18:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-20 06:59 - 2013-07-17 18:30 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2016-10-15 10:24 - 2017-03-11 21:59 - 0000600 _____ () C:\Users\******\AppData\Local\PUTTY.RND

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 02:22

==================== End of FRST.txt ============================
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
28
4
43
#13
Here's what ESET found:


C:\Users\Steve\Desktop\Brighthouse Docs\Programs\TFTP Server and Client (tftpd32.335).zip a variant of Win32/TFTPD32.B potentially unsafe application deleted
C:\Users\Steve\Desktop\Brighthouse Docs\zz - Emergency Docs\Programs\TFTP Server and Client (tftpd32.335).zip a variant of Win32/TFTPD32.B potentially unsafe application deleted
C:\Users\Steve\Desktop\Virus Stuff\ccsetup527.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Malware Teacher
Jul 22, 2016
2,797
491
#14
ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Shortcut.txt made with FRST earlier.
As per picture.
A report on the work as a file ClearLNK- <date> .log
Will be produced, post that log.



FRST Fix.

Click Here To Download Fixlist.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Zemana Deep Scan

    • Right click on Zemana and run as admin.
    • Click the Cog/Sproket Wheel, at the top right of Zemana
    • Select Advanced - I have read the warning and wish to proceed.
    • Place a tick next to Detect Suspicious (Root CA) Certificates.
    • Then click the house icon in Zemana.
    • Then hit your start button at the lower left hand corner of your desktop.
    • Then left click on Computer.
    • Drag Local Disk C: or whichever drive you decide to check first.

    • Into the area of Zemana that reads Drag and drop files here to scan them.
    • Once the scan has completed click graph icon on the top right of the programs User interface.
    • Double click to open the latest log-file.
    • Copy it to your clipboard.
    • Post the log here in your next reply.
 

Attachments

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
28
4
43
#15
Running FRST required me to reboot, which caused me to lose ClearLNK's log file location. If you'll tell me where that is I can upload it.

Also, I'm unable to run Zamana. I ran it a few months ago as a result of my other thread here, and now the license has expired. Do I need to purchase a license or is there another tool you'd like me to use?

Here is the FRST log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by ****** (18-03-2017 14:32:10) Run:1
Running from C:\Users\******\Desktop\Virus Stuff
Loaded Profiles: ****** (Available Profiles: ******)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
URLSearchHook: [S-1-5-21-3113485377-2953679804-1031508582-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-3113485377-2953679804-1031508582-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ftp", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.socks", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ssl", "192.168.0.202"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ftp", "192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> socks", "192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ssl", "192.168.0.221"
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> type", 0
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [No File]
S3 BEHRINGER_2902; System32\Drivers\BUSB2902.sys [X]
S3 BUSB_AUDIO_WDM; system32\drivers\busbwdm.sys [X]
2017-02-17 00:27 - 2017-03-11 15:48 - 00000000 ____D C:\Users\******\AppData\Roaming\BitTorrent
2017-02-17 00:27 - 2017-02-17 00:27 - 02241224 _____ (BitTorrent Inc.) C:\Users\******\Desktop\BitTorrent.exe
AlternateDataStreams: C:\ProgramData\PACE:BAE58937CBFFCB07 [1]
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
C:\windows\system32\Drivers\etc\hosts
Hosts:
DeleteQuarantine:
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
Could not restore Default URLSearchHook.
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Firefox Proxy settings were reset.
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ftp_port", 3128 => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.socks", "192.168.0.202" => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.socks_port", 3128 => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ssl", "192.168.0.202" => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> backup.ssl_port", 3128 => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ftp", "192.168.0.221" => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ftp_port", 3128 => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> share_proxy_settings", true => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> socks", "192.168.0.221" => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> socks_port", 3128 => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ssl", "192.168.0.221" => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> ssl_port", 3128 => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\o3pp8go9.default-1457451338863 -> type", 0 => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0 => key removed successfully
HKLM\System\CurrentControlSet\Services\BEHRINGER_2902 => key removed successfully
BEHRINGER_2902 => service removed successfully
HKLM\System\CurrentControlSet\Services\BUSB_AUDIO_WDM => key removed successfully
BUSB_AUDIO_WDM => service removed successfully
"C:\Users\******\AppData\Roaming\BitTorrent" => not found.
"C:\Users\******\Desktop\BitTorrent.exe" => not found.
C:\ProgramData\PACE => ":BAE58937CBFFCB07" ADS removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3113485377-2953679804-1031508582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\windows\system32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"C:\FRST\Quarantine" => removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20519194 B
Java, Flash, Steam htmlcache => 3651 B
Windows/system/drivers => 10782 B
Edge => 0 B
Chrome => 911257516 B
Firefox => 392032933 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 4824 B
****** => 12682268 B
UpdatusUser => 0 B

RecycleBin => 2975000 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:32:55 ====
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Malware Teacher
Jul 22, 2016
2,797
491
#16
which caused me to lose ClearLNK's log file location.
Should be located on the desktop if instructions were followed..

Also, I'm unable to run Zamana. I ran it a few months ago as a result of my other thread here, and now the license has expired. Do I need to purchase a license or is there another tool you'd like me to use?

You should still be able to run the tool, it reverts to the free version after the license expires.

If you are unable to run it then uninstall it with Geek Uninstaller, then reboot the machine and grab the free version and run it.
 

Fla_Panther

PCHF Member
PCHF Member
Sep 19, 2016
28
4
43
#20
Re: ClearLNK log: I've been trying to clean up my desktop and moved some files into folders, I may have moved it. What was the file name supposed to be?
Re: Zamana: Yeah, had to use that uninstall tool before it would let me scan. Decided to also scan my NAS, looks like there were a few archived files over there that is didn't like as well.

Zemana AntiMalware 2.72.2.324 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/3/26
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 1273F17A3C8C26D2AE6262
Scan Type : Custom Scan
Duration : 116m 34s
Scanned Objects : 260468
Detected Objects : 0
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

No threats detected


Zemana AntiMalware 2.72.2.324 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/3/26
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 1273F17A3C8C26D2AE6262
Scan Type : Custom Scan
Duration : 176m 38s
Scanned Objects : 180481
Detected Objects : 12
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

l5m-usjobsearch-dtx.exe
Status : Scanned
Object : Z:\30 - Cate's Docs\Downloads\l5m-usjobsearch-dtx.exe
MD5 : BB288096343B531FDB50869D7FF0EDC6
Publisher : Zugo Ltd
Size : 273904
Version : 1.0.0.0
Detection : Adware:Win32/ZugoToolbar!Ep
Cleaning Action : Quarantine
Related Objects :
File - Z:\30 - Cate's Docs\Downloads\l5m-usjobsearch-dtx.exe

3d_traceroute.exe
Status : Scanned
Object : Z:\02 - Other Files to Sort\Dad's CDs\3d_traceroute.exe
MD5 : FE58872A50511E9429AC9753C182F8A0
Publisher : -
Size : 996352
Version : 1.6.46.94
Detection : Malware:Win32/Tamaca!Tltr
Cleaning Action : Quarantine
Related Objects :
File - Z:\02 - Other Files to Sort\Dad's CDs\3d_traceroute.exe

Toolbar.exe
Status : Scanned
Object : Z:\Zip Files\Music Programs\Nero\Nero 10\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
MD5 : BEEB17823615681A860770CC33544ADC
Publisher : Ask.com
Size : 2131336
Version : 15.0.0.498
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\Music Programs\Nero\Nero 10\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe

XvidSetup.exe
Status : Scanned
Object : Z:\Zip Files\00 - Baseline Programs\Codecs\XvidSetup.exe
MD5 : D0822F4FD3DA5DAA242F60EDBC96E3C5
Publisher : appbundler.com
Size : 236208
Version : 2.0.359.0
Detection : Adware:Win32/BundleGen!Ep
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\00 - Baseline Programs\Codecs\XvidSetup.exe

VirtumundoBeGone.exe
Status : Scanned
Object : Z:\Zip Files\PC Repair Tools\Virus Removal Folder\Vundo\VirtumundoBeGone.exe
MD5 : 6395649F5B3C3F2F1A110F445D1980AD
Publisher : -
Size : 96978
Version : 1.5.0.0
Detection : Malware:Win32/Multi.Generic!Amtt
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\PC Repair Tools\Virus Removal Folder\Vundo\VirtumundoBeGone.exe

SmitfraudFix.exe
Status : Scanned
Object : Z:\Zip Files\PC Repair Tools\Virus Removal Folder\SmitfraudFix.exe
MD5 : 798C8317E52FAE3A28ECA79570D753F5
Publisher : -
Size : 1660532
Version : -
Detection : Adware:Win32/Tamaca!Eetr
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\PC Repair Tools\Virus Removal Folder\SmitfraudFix.exe

AutoClickerTyperSetup.exe
Status : Scanned
Object : Z:\Zip Files\AutoClickerTyperSetup.exe
MD5 : 6450D82FC65E963C42E2D3B11449937D
Publisher : -
Size : 2130746
Version : 1.0.0.0
Detection : Malware:Win32/Tamaca!Iraa
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\AutoClickerTyperSetup.exe

Converter - Setup_FreeConverter.exe
Status : Scanned
Object : Z:\Zip Files\Converter - Setup_FreeConverter.exe
MD5 : 64B5D9C107DA53999D7EFA3EEB04091F
Publisher : -
Size : 6383608
Version : 1.91.0.0
Detection : Adware:Win32/BrowserHijack.Gen
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\Converter - Setup_FreeConverter.exe

keygen.exe
Status : Scanned
Object : Z:\Zip Files\keygen.exe
MD5 : A0537FCADD2C4C2CF8F4AD6E2E58C6C2
Publisher : -
Size : 77312
Version : -
Detection : PUA:Win32/SoftCrack.Gen
Cleaning Action : Quarantine
Related Objects :
File - Z:\Zip Files\keygen.exe

winscp428setup.exe
Status : Scanned
Object : Z:\My Documents\Business Stuff\Brighthouse Docs (2015-01)\zz - Emergency Docs\Programs\winscp428setup.exe
MD5 : 8752C3AB19C1145022F3FF45268EB45B
Publisher : -
Size : 3140130
Version : 4.2.8.818
Detection : Adware:Win32/OpenCandy
Cleaning Action : Quarantine
Related Objects :
File - Z:\My Documents\Business Stuff\Brighthouse Docs (2015-01)\zz - Emergency Docs\Programs\winscp428setup.exe

winscp428setup.exe
Status : Scanned
Object : Z:\My Documents\Business Stuff\Brighthouse Docs (2015-01)\Programs\winscp428setup.exe
MD5 : 8752C3AB19C1145022F3FF45268EB45B
Publisher : -
Size : 3140130
Version : 4.2.8.818
Detection : Adware:Win32/OpenCandy
Cleaning Action : Quarantine
Related Objects :
File - Z:\My Documents\Business Stuff\Brighthouse Docs (2015-01)\Programs\winscp428setup.exe

winscp428setup.exe
Status : Scanned
Object : Z:\My Documents\$RECYCLE.BIN\$RNFEUYJ\Programs\winscp428setup.exe
MD5 : 8752C3AB19C1145022F3FF45268EB45B
Publisher : -
Size : 3140130
Version : 4.2.8.818
Detection : Adware:Win32/OpenCandy
Cleaning Action : Quarantine
Related Objects :
File - Z:\My Documents\$RECYCLE.BIN\$RNFEUYJ\Programs\winscp428setup.exe


Cleaning Result
-------------------------------------------------------
Cleaned : 12
Reported as safe : 0
Failed : 0
 
Status
Not open for further replies.