• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Closed/Inactive RAM running flat out! help please guys

Status
Not open for further replies.
S

Stee41

PCHF Member
Apr 13, 2017
35
5
63
#1
When I first run my PC its fine, using between 20 - 45% RAM after maybe 20 minutes it runs at 95%+ the PC runs slow and I can hear the PC making like a surging noise continuously, the PC is very well maintained, manually and with software but this started maybe 3 months ago, I have tried everything to no avail, any suggestions please? spec below..

Win 10 pro
8GB RAM
Intel i5 2500 64 BIT CPU 3.30Ghz
64 BIT Operating system
 
#2
Hi Stee41 and welcome to PCHF :)

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.

icon2-jpg.794


If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

frst-disclaimer-jpg.795

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"

frst-jpg.796


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

2016-08-12_152002-jpg.797


Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 
#4
Both scans run, results below, as a matter of course I swapped over the power supplies, the PC is still the same..running very slow and RAM is nearly flat out!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
Ran by scct (administrator) on DESKTOP-TN0A1RB (15-08-2017 12:43:09)
Running from C:\Users\scct\Desktop
Loaded Profiles: defaultuser0 & scct (Available Profiles: defaultuser0 & scct)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) D:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe
(Farbar) C:\Users\scct\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-06-28] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2184776 2017-06-15] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5779232 2017-07-18] (IObit)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-11-04] (Siber Systems)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Run: [Spybot-S&D Cleaning] => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3924256 2017-05-17] (IObit)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Run: [Spotify Web Helper] => C:\Users\scct\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-12] (Spotify Ltd)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1b30f767-49af-449e-bf96-8bca1f256d62}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{f567b79d-d877-4cd9-a354-819b58d9860e}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-251929532-3862799365-3943777-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={96C9F7D2-FD05-4335-A086-F681A63B6490}&mid=481aeb678e9747cfa66181ac0fa59744-669890c835fe003ea153188f0fb51fc7e00449c6&lang=en&ds=AVG&coid=avgtbavg&cmpid=0317tb&pr=fr&d=2016-10-22 19:33:45&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-06] (Microsoft Corporation)
BHO: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> No File
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll [2017-06-15] (AVG)
BHO: No Name -> {AF949550-9094-4807-95EC-D1C317803333} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-20] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-17] (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll [2017-06-15] (AVG)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-08-03] (IObit)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-20] (Microsoft Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
Toolbar: HKLM - No Name - {724d43a0-0d85-11d4-9908-00400523e39a} - No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: es7scrkr.default
FF ProfilePath: C:\Users\scct\AppData\Roaming\Mozilla\Firefox\Profiles\es7scrkr.default [2017-08-15]
FF user.js: detected! => C:\Users\scct\AppData\Roaming\Mozilla\Firefox\Profiles\es7scrkr.default\user.js [2017-07-31]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\scct\AppData\Roaming\Mozilla\Firefox\Profiles\es7scrkr.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2017-07-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-22] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-17] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-251929532-3862799365-3943777-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\scct\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-06-27] (Zoom Video Communications, Inc.)
StartMenuInternet: Firefox-260915DCF3A62DA7 - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.co.uk/
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-gb","hxxps://www.facebook.com/","hxxp://www.ebay.co.uk/","hxxp://www.skybet.com/","hxxp://www.bet365.com/","hxxp://www.google.co.uk/"
CHR NewTab: Default -> Not-active:"chrome-extension://ckjpdjdipipjlfindcnoihjhcghaknnf/newtab.html"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Profile: C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default [2017-08-15]
CHR Extension: (Google Slides) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-22]
CHR Extension: (Google Docs) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-22]
CHR Extension: (Google Drive) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-22]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-07-22]
CHR Extension: (YouTube) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-22]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-10-22]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-08-01]
CHR Extension: (Google Sheets) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-22]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2016-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-22]
CHR Extension: (Save to Facebook) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-07-26]
CHR Extension: (Search DW) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\loopfhhjebfdiedohdimifdjcdolcljm [2017-03-05]
CHR Extension: (ZIP Extractor) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2016-10-22]
CHR Extension: (Gmail) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-10-22]
CHR HKU\S-1-5-21-251929532-3862799365-3943777-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-10-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-24] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [312712 2017-07-24] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-24] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-08-01] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-30] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-08-10] (Dropbox, Inc.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1768736 2017-07-18] (IObit)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 SDScannerService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1354824 2017-06-15] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-06-15] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-07-24] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [313616 2017-07-24] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-07-24] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-07-24] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-07-24] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-07-24] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [139112 2017-08-09] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\WINDOWS\system32\drivers\avgNetSec.sys [546968 2017-07-24] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102792 2017-07-24] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-07-24] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1008288 2017-08-09] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [578048 2017-07-24] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [191208 2017-07-24] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [353744 2017-07-24] (AVG Technologies CZ, s.r.o.)
S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-02-17] (Cypress Semiconductor, Inc.) [File not signed]
S3 EtronHub3; C:\WINDOWS\System32\Drivers\EtronHub3.sys [65408 2015-04-17] (Etron Technology Inc) [File not signed]
S3 EtronSTOR; C:\WINDOWS\System32\Drivers\EtronSTOR.sys [39296 2015-04-17] (Etron Technology Inc) [File not signed]
S3 EtronXHCI; C:\WINDOWS\System32\Drivers\EtronXHCI.sys [94208 2015-04-17] (Etron Technology Inc) [File not signed]
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-04] (REALiX(tm))
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-06] (IObit.com)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-16] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34080 2017-06-18] (IObit.com)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-14] (Malwarebytes)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-16] (IObit.com)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-07-22] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 silabenm; C:\WINDOWS\System32\drivers\silabenm.sys [27336 2011-10-14] (Silicon Laboratories) [File not signed]
S3 TMUSB; C:\WINDOWS\System32\drivers\TMUSB64.SYS [63096 2012-12-05] (Seiko Epson Corporation) [File not signed]
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
R3 vl810filter; C:\WINDOWS\system32\DRIVERS\vl810filter.sys [17008 2011-11-17] (VIA Labs, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-15 12:43 - 2017-08-15 12:45 - 000025410 _____ C:\Users\scct\Desktop\FRST.txt
2017-08-15 12:42 - 2017-08-15 12:43 - 000000000 ____D C:\FRST
2017-08-15 12:39 - 2017-08-15 12:40 - 002395648 _____ (Farbar) C:\Users\scct\Desktop\FRST64 (1).exe
2017-08-15 11:07 - 2017-07-23 22:21 - 000454214 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170815-110708.backup
2017-08-15 08:23 - 2017-08-15 08:23 - 000003034 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (scct)
2017-08-14 12:58 - 2017-08-15 12:37 - 000000000 ____D C:\Users\scct\Desktop\Pics, music, work backups etc
2017-08-14 12:46 - 2017-08-14 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-13 20:49 - 2017-08-13 20:49 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-13 20:48 - 2017-08-13 20:48 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-12 14:11 - 2017-08-12 14:11 - 081719720 _____ (Dropbox, Inc.) C:\Users\scct\Desktop\Dropbox 32.4.23 Offline Installer.exe
2017-08-11 16:33 - 2017-08-12 14:47 - 000000000 ____D C:\Users\scct\Desktop\New folder
2017-08-10 18:03 - 2017-08-10 18:03 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-08-10 18:03 - 2017-08-10 18:03 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-08-10 18:03 - 2017-08-10 18:03 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-08-10 18:03 - 2017-08-10 18:03 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-08-09 22:01 - 2017-08-09 22:01 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsnx.sys
2017-08-09 22:01 - 2017-08-09 22:01 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmonflt.sys
2017-08-09 18:58 - 2017-08-14 19:42 - 000032768 _____ C:\WINDOWS\system32\config\SAM
2017-08-09 18:58 - 2017-08-14 14:54 - 113770496 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-09 18:58 - 2017-08-14 14:54 - 005242880 _____ C:\WINDOWS\system32\config\DEFAULT
2017-08-09 18:58 - 2017-08-14 14:54 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2017-08-09 18:55 - 2017-07-31 16:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-09 18:55 - 2017-07-31 16:15 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 15:56 - 2014-10-16 10:27 - 000027424 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe
2017-08-09 15:50 - 2017-08-09 15:50 - 000002902 _____ C:\WINDOWS\System32\Tasks\ASC10_SkipUac_scct
2017-08-09 13:56 - 2017-08-01 03:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 13:56 - 2017-08-01 03:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 13:56 - 2017-08-01 03:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 13:56 - 2017-08-01 03:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 13:56 - 2017-08-01 03:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 13:56 - 2017-08-01 03:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 13:56 - 2017-08-01 03:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 13:56 - 2017-08-01 03:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 13:56 - 2017-08-01 03:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 13:56 - 2017-08-01 03:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 13:56 - 2017-08-01 03:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 13:56 - 2017-08-01 03:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 13:56 - 2017-08-01 03:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 13:56 - 2017-08-01 03:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 13:56 - 2017-08-01 03:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 13:56 - 2017-08-01 03:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 13:56 - 2017-08-01 03:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 13:56 - 2017-08-01 03:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 13:56 - 2017-08-01 03:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 13:56 - 2017-08-01 03:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 13:56 - 2017-08-01 03:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 13:56 - 2017-08-01 03:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 13:56 - 2017-08-01 03:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 13:56 - 2017-08-01 03:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 13:56 - 2017-08-01 03:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 13:56 - 2017-08-01 03:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 13:56 - 2017-08-01 03:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 13:56 - 2017-08-01 03:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 13:56 - 2017-08-01 03:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 13:56 - 2017-08-01 03:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 13:56 - 2017-08-01 03:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 13:56 - 2017-08-01 03:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 13:56 - 2017-08-01 03:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 13:56 - 2017-08-01 03:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 13:56 - 2017-08-01 03:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 13:56 - 2017-08-01 03:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 13:56 - 2017-08-01 03:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 13:56 - 2017-08-01 03:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 13:56 - 2017-08-01 03:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 13:56 - 2017-08-01 03:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 13:56 - 2017-08-01 03:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 13:56 - 2017-08-01 03:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 13:56 - 2017-08-01 03:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 13:56 - 2017-08-01 03:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 13:56 - 2017-08-01 03:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 13:56 - 2017-08-01 03:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 13:56 - 2017-08-01 03:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 13:56 - 2017-08-01 02:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 13:56 - 2017-08-01 02:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 13:56 - 2017-08-01 02:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 13:56 - 2017-08-01 02:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 13:56 - 2017-08-01 02:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 13:56 - 2017-08-01 02:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 13:56 - 2017-08-01 02:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 13:56 - 2017-08-01 02:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 13:56 - 2017-08-01 02:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 13:56 - 2017-08-01 02:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 13:56 - 2017-08-01 02:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 13:56 - 2017-08-01 02:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 13:56 - 2017-08-01 02:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 13:56 - 2017-08-01 02:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 13:56 - 2017-08-01 02:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 13:56 - 2017-08-01 02:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 13:56 - 2017-08-01 02:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 13:56 - 2017-08-01 02:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 13:56 - 2017-08-01 02:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 13:56 - 2017-08-01 02:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 13:56 - 2017-08-01 02:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 13:56 - 2017-08-01 02:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 13:56 - 2017-08-01 02:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 13:56 - 2017-08-01 02:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 13:56 - 2017-08-01 02:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 13:56 - 2017-08-01 02:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 13:56 - 2017-08-01 02:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 13:56 - 2017-08-01 02:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 13:56 - 2017-08-01 02:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 13:56 - 2017-08-01 02:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 13:56 - 2017-08-01 02:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 13:56 - 2017-08-01 02:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 13:56 - 2017-08-01 02:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 13:56 - 2017-08-01 02:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 13:56 - 2017-08-01 02:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 13:56 - 2017-08-01 02:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 13:56 - 2017-08-01 02:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 13:56 - 2017-08-01 02:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 13:56 - 2017-08-01 02:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 13:56 - 2017-08-01 02:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-07 18:24 - 2017-08-09 19:00 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-08-07 18:24 - 2017-08-09 18:59 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-08-07 18:00 - 2017-08-09 19:00 - 000000000 ____D C:\ProgramData\McAfee
2017-08-07 18:00 - 2017-08-07 18:00 - 000000000 ____D C:\Users\scct\AppData\LocalLow\Adobe
2017-08-07 17:58 - 2017-08-07 18:03 - 000000000 ____D C:\ProgramData\Adobe
2017-08-07 17:58 - 2017-08-07 17:58 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-08-05 07:46 - 2017-08-06 05:57 - 000000000 ____D C:\Program Files (x86)\RAMRush
2017-08-05 07:46 - 2017-08-05 12:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMRush
2017-08-04 23:23 - 2017-08-04 23:23 - 000000106 _____ C:\WINDOWS\SysWOW64\SoftwareCache.ini
2017-08-04 09:10 - 2017-08-03 15:51 - 000395232 __RSH C:\bootmgr
2017-08-04 09:10 - 2017-03-18 21:57 - 000000001 ___SH C:\BOOTNXT
2017-08-03 15:52 - 2017-08-03 15:52 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-03 15:52 - 2017-08-03 15:52 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-03 15:52 - 2017-08-03 15:52 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-03 15:51 - 2017-08-03 15:51 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-03 15:51 - 2017-08-03 15:51 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-07-27 19:32 - 2017-08-03 12:25 - 000000000 ____D C:\Users\scct\AppData\LocalLow\Mozilla
2017-07-27 19:31 - 2017-07-27 19:36 - 000000000 ____D C:\Users\scct\AppData\Local\Mozilla
2017-07-27 19:31 - 2017-07-27 19:32 - 000000000 ____D C:\Users\scct\AppData\Roaming\Mozilla
2017-07-27 19:31 - 2017-07-27 19:31 - 000000887 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-27 19:31 - 2017-07-27 19:31 - 000000887 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-27 19:31 - 2017-07-27 19:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-27 07:57 - 2017-07-27 07:57 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-07-24 21:03 - 2017-08-09 18:58 - 005169152 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2017-07-24 21:03 - 2017-08-09 18:58 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2017-07-24 21:03 - 2017-08-09 18:58 - 000032768 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2017-07-24 21:02 - 2017-08-09 18:58 - 113487872 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2017-07-24 21:02 - 2017-08-09 18:58 - 006369280 _____ C:\WINDOWS\system32\config\DRIVERS.iodefrag.bak
2017-07-24 21:02 - 2017-08-04 09:07 - 047132672 _____ C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
2017-07-24 10:47 - 2017-07-24 10:47 - 044146688 _____ C:\WINDOWS\system32\config\COMPONENTS.iobit
2017-07-24 10:01 - 2017-08-14 12:14 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-07-24 10:01 - 2017-07-24 10:01 - 000578048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-07-24 10:01 - 2017-07-24 10:01 - 000401584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-07-24 10:01 - 2017-07-24 10:01 - 000353744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-07-24 10:01 - 2017-07-24 10:01 - 000191208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-07-24 10:01 - 2017-07-24 10:01 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmonflt.sys.150088689757801
2017-07-24 10:01 - 2017-07-24 10:01 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-07-24 10:01 - 2017-07-24 10:01 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-07-24 10:01 - 2017-07-24 10:01 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-07-24 10:01 - 2017-07-24 10:00 - 000546968 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetSec.sys
2017-07-24 10:01 - 2017-07-24 10:00 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-07-24 10:01 - 2017-07-24 10:00 - 000313616 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-07-24 10:01 - 2017-07-24 10:00 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-07-24 10:01 - 2017-07-24 10:00 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-07-24 10:01 - 2017-07-24 10:00 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-07-23 22:21 - 2017-07-06 19:21 - 000454214 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170723-222143.backup
2017-07-22 17:06 - 2017-07-22 17:06 - 000984032 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-07-20 15:29 - 2016-04-21 10:10 - 000027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2017-07-20 14:09 - 2017-07-20 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-15 12:36 - 2016-10-22 20:32 - 000000000 ___RD C:\Users\scct\Desktop\PC Progs
2017-08-15 12:28 - 2016-11-04 08:52 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-15 11:57 - 2017-06-20 19:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-15 08:21 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-14 18:03 - 2016-10-31 21:31 - 000000000 ____D C:\Users\scct\AppData\Roaming\Spotify
2017-08-14 18:03 - 2016-10-31 21:31 - 000000000 ____D C:\Users\scct\AppData\Local\Spotify
2017-08-14 14:57 - 2017-03-05 01:52 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-14 14:56 - 2017-06-20 19:37 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-14 14:55 - 2017-06-20 20:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-14 14:54 - 2017-03-18 12:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-14 13:57 - 2017-06-20 20:10 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-08-14 13:09 - 2017-06-28 20:33 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-14 12:46 - 2017-01-30 23:45 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-14 08:21 - 2016-10-22 21:08 - 000000000 ____D C:\ProgramData\ProductData
2017-08-13 01:12 - 2017-06-20 19:39 - 000000000 ____D C:\Users\scct
2017-08-12 14:41 - 2017-01-30 23:48 - 000000000 ___RD C:\Users\scct\Dropbox
2017-08-12 13:54 - 2017-06-20 19:39 - 000000000 ____D C:\Users\defaultuser0
2017-08-11 21:17 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-11 20:28 - 2016-10-22 21:25 - 000000000 ____D C:\Users\scct\AppData\Roaming\vlc
2017-08-11 15:28 - 2016-12-04 14:12 - 000000000 ____D C:\Users\scct\AppData\Roaming\dvdcss
2017-08-11 14:53 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-10 04:38 - 2016-10-22 18:48 - 000000000 ____D C:\Users\scct\AppData\Local\Comms
2017-08-09 19:01 - 2017-06-20 19:30 - 000380296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 19:01 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-09 15:50 - 2017-06-24 05:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-08-09 14:02 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 14:00 - 2016-10-22 19:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 13:57 - 2016-10-22 19:07 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 20:25 - 2016-10-22 18:46 - 000000000 ____D C:\Users\scct\AppData\Local\Packages
2017-08-08 12:10 - 2017-06-20 20:10 - 000004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-08 12:10 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 12:10 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 00:20 - 2016-10-22 20:04 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-08 00:20 - 2016-10-22 20:04 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-07 18:08 - 2017-04-13 02:44 - 000000000 ____D C:\Users\scct\AppData\Local\Adobe
2017-08-07 18:00 - 2016-10-22 18:46 - 000000000 ____D C:\Users\scct\AppData\Roaming\Adobe
2017-08-06 16:02 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-04 15:29 - 2016-10-22 21:08 - 000000000 ____D C:\Users\scct\AppData\LocalLow\IObit
2017-08-04 15:19 - 2016-10-22 21:07 - 000000000 ____D C:\ProgramData\IObit
2017-08-04 09:34 - 2016-10-22 18:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-04 09:16 - 2017-06-20 19:56 - 000956190 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-28 09:21 - 2016-11-27 09:18 - 000000000 ____D C:\Program Files\Microsoft Office
2017-07-27 19:31 - 2016-10-22 20:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-27 07:59 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-27 07:57 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-26 13:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-07-23 20:56 - 2017-04-13 04:45 - 000002423 _____ C:\WINDOWS\wininit.ini
2017-07-17 15:52 - 2017-05-03 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-07-17 10:40 - 2017-01-30 23:45 - 000000000 ____D C:\Users\scct\AppData\Local\Dropbox

==================== Files in the root of some directories =======

2016-11-02 21:37 - 2016-12-29 14:15 - 000016896 _____ () C:\Users\scct\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-22 20:54 - 2017-06-17 09:32 - 000007597 _____ () C:\Users\scct\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-11 21:18

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by scct (15-08-2017 12:47:21)
Running from C:\Users\scct\Desktop
Windows 10 Pro Version 1703 (X64) (2017-06-20 19:20:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-251929532-3862799365-3943777-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-251929532-3862799365-3943777-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-251929532-3862799365-3943777-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-251929532-3862799365-3943777-501 - Limited - Disabled)
scct (S-1-5-21-251929532-3862799365-3943777-1001 - Administrator - Enabled) => C:\Users\scct

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Antivirus (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.5.0 - IObit)
AVG (HKLM\...\{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3022 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
FMW 1 (HKLM\...\{1DA9CD4A-687F-4075-A828-0A3ACB901438}) (Version: 1.222.1 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
IL-2 Sturmovik: Forgotten Battles (HKLM-x32\...\{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}) (Version: 1.00.0000 - Ubi Soft) Hidden
IncrediMail (HKLM-x32\...\{35505AE1-27E2-4206-B3BF-58771803B8D0}) (Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Pop-Up Blocker Full (HKLM-x32\...\{F0DEA93A-EADB-4D7C-AA2B-DFB356DA886A}) (Version: 1.0.0.0 - )
RamBooster (HKLM-x32\...\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}) (Version: 2.0 - RamBooster) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
RoboForm 7-9-22-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-22-2 - Siber Systems)
Sky Go Download Player (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\814376323.go.sky.com) (Version: - go.sky.com)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.6.0 - IObit)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.1.201701041432 - Sony Mobile Communications Inc.)
Spotify (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
USB3 Hub FW Upgrade Tool version 0.44 (HKLM-x32\...\USB3 Hub FW Upgrade Tool_is1) (Version: 0.44 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-24] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-24] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0145679D-9AA8-4E16-8D14-D986C9DDF0BA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-28] (Microsoft Corporation)
Task: {34E06F26-D38C-4F71-BA31-61F0F181D081} - System32\Tasks\Driver Booster SkipUAC (scct) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe [2017-05-03] (IObit)
Task: {3E21BDE0-5068-4D71-8565-6D8E5317EEA1} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION
Task: {4AA3BF5A-5860-4096-9AFF-D186CF83355C} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {7D416D6A-C385-4326-A8D1-FEE075196547} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-05] (Piriform Ltd)
Task: {8101CD07-B24E-4813-B865-76110A9B007D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {82EAC355-1270-41EB-8789-122DCB52A061} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-28] (Microsoft Corporation)
Task: {83A609F9-9422-4139-BC7E-67E55250B4D1} - System32\Tasks\SmartDefrag_AutoAnalyze => D:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {872D6EF5-57A1-42F1-9079-61E482B5C863} - System32\Tasks\ASC10_SkipUac_scct => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-08-07] (IObit)
Task: {8DB6C15F-0DE7-4C8E-AE34-AA0C0BB27C11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9033A23B-5929-4CED-8B67-655B4C1D6F7F} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-07-24] (AVG Technologies CZ, s.r.o.)
Task: {944D5A4C-4954-490D-8F21-288870F264D0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {95C83638-AA11-4E2D-A791-E622C05D719D} - System32\Tasks\SmartDefrag_Startup => D:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-05-31] (IObit)
Task: {9C5CC7B9-5884-486F-A621-94DA9CEFD3B6} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {9D021D72-0FB0-4A1B-A725-C1ED6F2E9DA3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A0824A72-8FC5-4AA0-9352-542264FE4FDB} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\Scheduler.exe [2017-03-28] (IObit)
Task: {A1AAE106-E0D2-49F0-91F1-31A7B3C94E3C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {A65F6FBC-913B-427F-B573-1D1F8F590029} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-11-04] (Siber Systems)
Task: {B0CE170A-79B1-4D8E-91F0-4DD5BA7768A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-22] (Google Inc.)
Task: {B9871CD5-4537-49BA-99FE-8342CB687A49} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {BA9E66AF-A86E-4071-B1D9-88C6CCE65F4F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {C1D2EDB8-3103-4473-A10A-888BC7BD5512} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {C73B0EC2-D490-4FF8-974D-B1A487012014} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-30] (Dropbox, Inc.)
Task: {D050A326-A00B-4629-A193-BCFAB4CCD555} - System32\Tasks\Uninstaller_SkipUac_scct => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit)
Task: {D19A4733-CC73-4F77-8120-8AE5F745A51D} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMJMJHMLMHMKJOJNMCNNJNJOMLJCNLMHMPMNMCNOJOMGMNMCNPMOMIMJMLJHMKMKJPMMMOMJMJNJICMIMCNGMCNNMNMFMOMOMCNMMNMOMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMPMFMMJBJKJLIMJFMOMNMJNHICMMJBJKJLIMJJNBJCMMIMJMJLIJNKJCMJNNICMJNDJCMKJBJJNMJCM (the data entry has 45 more characters).
Task: {D9B5AFCB-A3D2-4DEF-9D20-DC70DF973889} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-22] (Google Inc.)
Task: {DE8D5559-1A95-4FB3-A6BF-D8970AE0426E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-30] (Dropbox, Inc.)
Task: {E73B086F-D70C-4FD4-BD2D-A447181F7559} - System32\Tasks\SmartDefrag_Update => D:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-05-25] (IObit)
Task: {E7404690-4C79-4BAC-973E-74A6515B7028} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {F39AA20F-16A9-4596-A498-2F016D9A9241} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_scct.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-06-15 18:48 - 2017-06-15 18:48 - 000981576 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2017-06-20 19:36 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-06 21:16 - 2017-07-06 21:16 - 008932040 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-03-18 21:59 - 2017-03-19 03:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-03 22:00 - 2017-06-15 18:48 - 002184776 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2017-07-15 12:57 - 2017-07-15 12:58 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-15 12:57 - 2017-07-15 12:58 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-15 12:57 - 2017-07-15 12:58 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-15 12:57 - 2017-07-15 12:58 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-08 19:58 - 2017-06-08 19:59 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-08-01 05:53 - 2017-08-01 05:54 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-28 09:08 - 2017-08-01 05:54 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-08-08 00:18 - 2017-08-08 00:18 - 000019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-08-08 00:18 - 2017-08-08 00:18 - 028986880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-08 00:18 - 2017-08-08 00:18 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-08 00:18 - 2017-08-08 00:18 - 020510208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-08 00:18 - 2017-08-08 00:18 - 002339328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-08-08 00:18 - 2017-08-08 00:18 - 003041792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-08 19:58 - 2017-06-08 19:59 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-15 18:07 - 2017-06-15 18:07 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-08 00:18 - 2017-08-08 00:18 - 001361920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-08-08 00:20 - 2017-08-02 08:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-08 00:20 - 2017-08-02 08:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
2017-08-09 15:49 - 2016-08-03 17:16 - 001307560 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe
2017-04-13 03:43 - 2014-05-13 12:04 - 000109400 _____ () D:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-04-13 03:43 - 2014-05-13 12:04 - 000167768 _____ () D:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-04-13 03:43 - 2014-05-13 12:04 - 000416600 _____ () D:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-01-26 10:41 - 2016-06-21 20:30 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-01-26 10:41 - 2016-06-21 20:29 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-01-26 10:41 - 2016-06-21 20:29 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-08-09 15:49 - 2016-08-18 18:43 - 000442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2017-08-09 15:49 - 2016-08-18 18:43 - 000210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2017-08-09 15:49 - 2016-08-18 18:43 - 000059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2017-08-09 15:49 - 2016-11-01 10:11 - 000078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2017-07-03 08:03 - 2016-01-11 17:03 - 000899872 _____ () D:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2017-07-03 08:03 - 2016-01-11 17:02 - 000630048 _____ () D:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2016-12-02 16:57 - 2016-12-02 16:56 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-05-21 08:37 - 2017-05-21 08:37 - 000171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-07-24 10:01 - 2017-07-24 10:01 - 001067056 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
2017-07-05 10:44 - 2017-07-05 10:44 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-07-05 10:44 - 2017-07-05 10:44 - 000193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-07-05 10:44 - 2017-07-05 10:44 - 000225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-07-05 10:44 - 2017-07-05 10:44 - 000690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-08-09 15:49 - 2015-12-28 13:50 - 000899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2017-08-09 15:49 - 2017-05-17 13:45 - 000631584 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2017-07-20 14:09 - 2016-08-10 17:13 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
2017-07-20 14:09 - 2016-08-10 17:13 - 000188704 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2017-07-20 14:09 - 2016-08-10 17:13 - 000151840 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2017-07-20 14:09 - 2017-05-09 10:59 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2017-07-20 14:09 - 2016-12-12 16:52 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2017-07-20 14:09 - 2016-12-12 16:52 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2017-07-20 14:09 - 2016-12-12 16:52 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2017-01-26 10:41 - 2015-12-28 14:50 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-01-26 10:41 - 2016-09-26 14:59 - 000631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-08-09 15:49 - 2017-07-24 15:34 - 001364256 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\Scan.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1000\...\100888290cs.com -> mir.100888290cs.com

There are 7933 more sites.

IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0scan.com -> www.0scan.com

There are 11470 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-10-23 02:57 - 2017-08-15 11:07 - 000454214 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15590 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-251929532-3862799365-3943777-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-251929532-3862799365-3943777-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\scct\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{a537a898-3a69-439c-ac72-623b522d78d7}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "XperiaCompanionAgent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E17F5913-AABE-4327-85E5-2265E41979EA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{49CC0FE3-BED7-46BA-8E3B-2167ABED34B7}] => (Block) LPort=445
FirewallRules: [{1BED697B-BDF3-4B59-8B62-714427700AB2}] => (Block) LPort=445
FirewallRules: [{33FC856C-C136-4157-B0F2-941A6B8F9C5E}] => (Allow) LPort=8090
FirewallRules: [{0703A21C-DC0B-4885-9152-07F289122039}] => (Allow) LPort=20443
FirewallRules: [{5BCB1036-DB15-450B-ABCC-D5733C89152F}] => (Allow) LPort=33333
FirewallRules: [{460100F9-333D-4942-834F-30AE8F56DDA5}] => (Allow) LPort=6881
FirewallRules: [{D76F917C-823D-4271-8D78-C8C833FF655C}] => (Allow) LPort=27022
FirewallRules: [{C6FAF27C-D1AA-49FB-A237-76964E8708C3}] => (Allow) LPort=7853
FirewallRules: [{8E0C34D9-66A9-4E28-B7CF-7D4208E5CA8A}] => (Allow) LPort=7852
FirewallRules: [{5103E3A3-5C0E-46FB-8D1F-937D60779909}] => (Allow) LPort=7850
FirewallRules: [{35D41E76-A7F3-45B8-988F-8F8FAD2A3372}] => (Allow) LPort=3478
FirewallRules: [{C0C7AC54-4FB7-4254-B242-90DFD65F9959}] => (Allow) LPort=20010
FirewallRules: [{B885F4F4-1455-4D39-BE3F-DCA9BA2A3999}] => (Allow) LPort=443
FirewallRules: [{1DF7E839-AD39-43BE-9F85-469DD97EC780}] => (Allow) LPort=80
FirewallRules: [{88247542-1FB1-45C6-9B4E-F736B7C71849}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4CFF625F-FFBD-4D81-964B-4FD7280F4067}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D2764F67-B080-4F71-95ED-BA8B1B567DDC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D084AF1F-952B-46A5-8C2D-CF6FB9A3141B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{543C5C0E-820C-484D-B852-CEFE4570264E}C:\users\scct\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\scct\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{157F6E67-BF63-4650-A67E-0CAE7336E2CF}C:\users\scct\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\scct\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EB238818-733E-4E77-8431-ED7ED046C20B}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{4A54D986-D19C-4C70-85AB-F73459D868E4}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{B0EA40B0-FC11-47A3-AD1D-11B53AC07B80}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{51DB5652-1954-4BF0-9F44-D9A5FD03D485}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{EA8A5679-384F-4BD6-A26F-FCFFABE44A6B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{A6307A34-5600-467D-93B6-F0339538B203}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{F80E3892-FCF3-4587-952E-65C650F62303}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{EA57F5BB-CD43-4D36-BDDF-3B8A567F941D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{ED8F5F67-AAF9-4A6A-8563-03C5E91A87BE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{879C97A2-F774-4C24-88F9-113CC1F74237}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{FB874E3C-B27B-45DB-BFBC-C1A76CE735C1}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{30ECF9AE-4089-4FF8-B30D-3AF820AF63F2}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{BEE9D51F-3F46-4FC4-86E1-53BAD4BBCB8E}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{1E24612D-A7C1-430E-85B9-9A61D4D3A3D1}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{ACDE6B02-87CD-4B24-9E87-EE18ED7DB1EC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{DCE5668A-B9E3-455F-890F-FD5DBFF3CD45}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{60E9FB87-F345-4FB0-A5E0-4C0279320668}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{C0426B94-63B7-49E7-A378-CFC66263EE33}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{AFED6AAB-C7F0-414E-9E00-C32053613B4C}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4DA7B6CE-53DA-49C7-B920-97BAD3DAB4B4}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E39E5A70-F7AE-445D-927C-C1DB0CECBEFB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1659B00F-112C-4014-8FD7-4882F2DBAF07}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-08-2017 10:32:32 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2017 12:59:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/15/2017 12:59:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/15/2017 12:59:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/15/2017 12:51:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-TN0A1RB)
Description: Package Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (08/15/2017 12:50:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/15/2017 12:50:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/15/2017 12:41:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/15/2017 12:40:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/15/2017 12:39:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/15/2017 12:39:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/14/2017 02:56:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ClickToRunSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/14/2017 02:56:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ClickToRunSvc service to connect.

Error: (08/14/2017 02:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDScannerService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/14/2017 02:56:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SDScannerService service to connect.

Error: (08/14/2017 02:56:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/14/2017 02:09:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/14/2017 01:17:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service did not respond on starting.

Error: (08/14/2017 01:12:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/14/2017 12:06:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/14/2017 12:06:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:40:49 AM on ‎8/‎14/‎2017 was unexpected.


CodeIntegrity:
===================================
Date: 2017-08-15 10:01:36.646
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-15 10:01:36.643
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-15 10:01:36.640
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-15 10:01:36.636
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.860
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.830
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.785
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 92%
Total physical RAM: 8109.11 MB
Available physical RAM: 648.44 MB
Total Virtual: 13385.07 MB
Available Virtual: 3768.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.61 GB) (Free:23.13 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1652.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 616D7DD0)
Partition 1: (Active) - (Size=148.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 1140E1A1)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#6
Thank you for the logs :) Your machine is very "dirty" per-say and needs to be cleaned :)

Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

ZHP Diag Scan


Download ZHP Diag to your desktop.


1. Right Click Run as Admin.

2. Click the Options button.

Click on Check All
Then Click Validate
Then click close.

upload_2017-4-26_17-16-39-png.2074





2. Click the Scanner button.

upload_2017-2-23_3-32-26-png.1647



When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.
 
#7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by scct (Administrator) on 15/08/2017 at 14:08:17.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Failed to delete: C:\Program Files (x86)\Common Files\avg secure search\vtoolbarupdater (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\scct\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\driver booster.lnk (Shortcut)
Successfully deleted: C:\Users\scct\AppData\Roaming\Mozilla\Firefox\Profiles\es7scrkr.default\user.js (File)
Successfully deleted: C:\Users\scct\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (scct) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SmartDefrag_Startup (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_scct (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_scct.job (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)



Registry: 6

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\vToolbarUpdater40.3.8 (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/08/2017 at 14:15:21.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ ZHPDiag v2017.8.15.140 By Nicolas Coolman (2017/08/15)
~ Run by scct (Administrator) (2017/08/15 14:25:39)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Certificate ZHPDiag: Legal
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\scct\Desktop\ZHPDiag.txt
~ Report: C:\Users\scct\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 15063) =>.Microsoft Corporation

---\\ Internet Browsers (4) - 0s
~ GCIE: Google Chrome v60.0.3112.90
~ MFIE: Mozilla Firefox 54.0.1 (x86 en-US)
~ MSIE: Microsoft Edge v40
~ MSIE: Internet Explorer v11.540.15063.0

---\\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK

---\\ System protection software (1) - 17s
Windows Defender (Deactivate)

---\\ System protection software (Superfluous) (1) - 17s
~ Spybot - Search & Destroy v2.4.40 (Superfluous)

---\\ Surveillance software (2) - 17s
~ Adobe Flash Player 26 PPAPI (Surveillance)
~ Adobe Acrobat Reader DC (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 8303.732 MB (5% free) : ATTENTION =>Warning RAM
System Restore: Activé (Enable)
System drive C: has 23 GB (15%) free of 152 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: DESKTOP-TN0A1RB
~ User Name: scct
~ Logged in as Administrator

---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 23 GB free of 152 GB (System)
~ Drive D: has 1692 GB free of 1907 GB

---\\ State of the Windows Security Center (7) - 0s
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM64\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (24) - 3s
[MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - 20/06/2017 - (.Microsoft Corporation - Windows Explorer.) -- C:\WINDOWS\Explorer.exe [4847424] =>.Microsoft Windows®
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - 18/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [68608] =>.Microsoft Corporation
[MD5.0242626678C83AE788C655C1990A3CC3] - 03/08/2017 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\WINDOWS\System32\Wininit.exe [318232] =>.Microsoft Windows Publisher®
[MD5.BC776B6B434641AF71ED0CC00BC859AA] - 07/07/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\WINDOWS\System32\wininet.dll [3307008] =>.Microsoft Corporation
[MD5.31E3287EF6D97C5864A301CEA75BBBA1] - 07/07/2017 - (.Microsoft Corporation - Windows Log-on Application.) -- C:\WINDOWS\System32\Winlogon.exe [706560] =>.Microsoft Corporation
[MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 18/03/2017 - (.Microsoft Corporation - Software Licensing Library.) -- C:\WINDOWS\System32\sppcomapi.dll [414208] =>.Microsoft Corporation
[MD5.0F9FA6A2D4EAE50393DCE473759A9845] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\System32\dnsapi.dll [661224] =>.Microsoft Windows®
[MD5.3F969D5ADEAB3284ABD500B37D74A8F8] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\Syswow64\dnsapi.dll [508344] =>.Microsoft Windows®
[MD5.AC1928C2F7505BD556C552F153B062AB] - 18/03/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys [610712] =>.Microsoft Windows®
[MD5.01733BEEE02E51F712330D5909BD701C] - 18/03/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [29088] =>.Microsoft Windows®
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 18/03/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [93184] =>.Microsoft Corporation
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 18/03/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [160256] =>.Microsoft Corporation
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - 18/03/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [150528] =>.Microsoft Corporation
[MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - 20/06/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys [86528] =>.Microsoft Corporation
[MD5.C6C8315E3262FAE460529C6DA2951682] - 18/03/2017 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [115200] =>.Microsoft Corporation
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - 18/03/2017 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 18/03/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [467352] =>.Microsoft Windows®
[MD5.30C2F67EC84EB11B22011620107E0325] - 18/03/2017 - (.Microsoft Corporation - MBT Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [305152] =>.Microsoft Corporation
[MD5.075F8C81457804BB79DD33FE69A96C57] - 03/08/2017 - (.Microsoft Corporation - NT File System Driver.) -- C:\WINDOWS\System32\drivers\ntfs.sys [2327456] =>.Microsoft Windows®
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - 18/03/2017 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\WINDOWS\System32\drivers\Parport.sys [97792] =>.Microsoft Corporation
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 18/03/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008] =>.Microsoft Corporation
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 19/03/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [183296] =>.Microsoft Corporation
[MD5.D74756DD1518D28A09CDA99696273FA4] - 01/08/2017 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [119712] =>.Microsoft Windows®
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 18/03/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [397216] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (16) - 5s
O23 - Service: Advanced SystemCare Service 10 (AdvancedSystemCareService10) . (.IObit - Advanced SystemCare Service.) - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe =>.IObit Information Technology®
O23 - Service: AVG Antivirus (AVG Antivirus) . (.AVG Technologies CZ, s.r.o. - AVG Service.) - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: AVG Firewall Service (AVG Firewall) . (.AVG Technologies CZ, s.r.o. - AVG firewall service.) - C:\Program Files (x86)\AVG\Antivirus\afwServ.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: AVG Service (avgsvc) . (.AVG Technologies CZ, s.r.o. - AVG Service Process.) - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) . (.Dropbox, Inc. - Dropbox Update.) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe =>.Dropbox, Inc®
O23 - Service: DbxSvc (DbxSvc) . (.Dropbox, Inc. - Dropbox Service.) - C:\WINDOWS\system32\DbxSvc.exe =>.Dropbox, Inc.
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: IMF Service (IMFservice) . (.IObit - IObit Malware Fighter Service.) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe =>.IObit Information Technology®
O23 - Service: IObit Uninstaller Service (IObitUnSvr) . (.IObit - Uninstall Programs.) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe =>.IObit Information Technology®
O23 - Service: Malwarebytes Service (MBAMService) . (.Malwarebytes - Malwarebytes Service.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 342.0.) - C:\WINDOWS\system32\nvvsvc.exe =>.NVIDIA Corporation
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe =>.Safer Networking Ltd.®
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe =>.Safer Networking Ltd.®
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe =>.Safer Networking Ltd.®
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®
O23 - Service: WtuSystemSupport (WtuSystemSupport) . (.Copyright (C) 2015 - WtuSyste Application.) - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe =>.AVG Technologies CZ, s.r.o.®

---\\ Services not Microsoft (SR=Run, SS=Stop) (24) - 113s
SS - Demand [19/07/2017] [ 83032] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SS - Demand [08/08/2017] [ 272384] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SR - Auto [21/03/2017] [ 462624] Advanced SystemCare Service 10 (AdvancedSystemCareService10) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe =>.IObit Information Technology®
SR - Auto [24/07/2017] [ 264432] AVG Antivirus (AVG Antivirus) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [24/07/2017] [ 312712] AVG Firewall Service (AVG Firewall) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Antivirus\afwServ.exe =>.AVG Technologies CZ, s.r.o.®
SS - Demand [24/07/2017] [ 7481648] avgbIDSAgent (avgbIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [01/08/2017] [ 1428656] AVG Service (avgsvc) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe =>.AVG Technologies CZ, s.r.o.®
SS - Demand [09/03/2017] [ 300128] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWOW64\IntelCpHeciSvc.exe =>.Intel(R) pGFX®
SS - Auto [30/01/2017] [ 143144] Dropbox Update Service (dbupdate) (dbupdate) . (.Dropbox, Inc..) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe =>.Dropbox, Inc®
SS - Demand [30/01/2017] [ 143144] Dropbox Update Service (dbupdatem) (dbupdatem) . (.Dropbox, Inc..) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe =>.Dropbox, Inc®
SR - Auto [10/08/2017] [ 49992] DbxSvc (DbxSvc) . (.Dropbox, Inc..) - C:\WINDOWS\system32\DbxSvc.exe =>.Dropbox, Inc®
SS - Auto [22/10/2016] [ 153752] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [22/10/2016] [ 153752] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SR - Auto [18/07/2017] [ 1768736] IMF Service (IMFservice) . (.IObit.) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe =>.IObit Information Technology®
SR - Auto [28/10/2016] [ 360736] IObit Uninstaller Service (IObitUnSvr) . (.IObit.) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe =>.IObit Information Technology®
SS - Demand [02/07/2015] [ 356808] Logitech Bluetooth Service (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe =>.Logitech®
SS - Auto [09/05/2017] [ 4470736] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
SS - Demand [28/06/2017] [ 175560] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
SS - Auto [14/11/2016] [ 932728] NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe =>.NVIDIA Corporation®
SS - Auto [24/06/2014] [ 1738168] Spybot-S&D 2 Scanner Service (SDScannerService) . (.Safer-Networking Ltd..) - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe =>.Safer Networking Ltd.®
SR - Auto [27/06/2014] [ 2088408] Spybot-S&D 2 Updating Service (SDUpdateService) . (.Safer-Networking Ltd..) - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe =>.Safer Networking Ltd.®
SR - Auto [25/04/2014] [ 171928] Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd..) - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe =>.Safer Networking Ltd.®
SR - Auto [14/11/2016] [ 426040] NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®
SR - Auto [15/06/2017] [ 981576] WtuSystemSupport (WtuSystemSupport) . (.Copyright (C) 2015.) - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe =>.AVG Technologies CZ, s.r.o.®

---\\ Task Planned Automatically (34) - 9s
[MD5.F2FF574F6F2211D9AAAE5E82A3AD553F] [APT] [Adobe Acrobat Update Task] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1165920] (.Activate.) =>.Adobe Systems, Incorporated®
[MD5.D3E6ADD1B26BC1A450FC4FCCBA5814C7] [APT] [Adobe Flash Player PPAPI Notifier] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [1281024] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.FAE473043FC45F5A8CAECBA72BFD865A] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.687A7236E1CCC350F72A37A00E37E35F] [APT] [Antivirus Emergency Update] (.AVG Technologies CZ, s.r.o..) -- C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2368848] (.Activate.) =>.AVG Technologies CZ, s.r.o.®
[MD5.866448863FD28700EA4185609C27197B] [APT] [ASC10_PerformanceMonitor] (.IObit.) -- C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [3332384] (.Activate.) =>.IObit Information Technology®
[MD5.A7A35F5BA43900E8329C60A06A4ECDDD] [APT] [ASC10_SkipUac_scct] (.IObit.) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [6885152] (.Activate.) =>.IObit Information Technology®
[MD5.75BD58B59D972CD83B674C74B4310869] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [7618776] (.Activate.) =>.Piriform Ltd®
[MD5.A1F58FFF448E4099297D6EE0641D4D0E] [APT] [DropboxUpdateTaskMachineCore] (.Dropbox, Inc..) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144] (.Activate.) =>.Dropbox, Inc®
[MD5.A1F58FFF448E4099297D6EE0641D4D0E] [APT] [DropboxUpdateTaskMachineUA] (.Dropbox, Inc..) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144] (.Activate.) =>.Dropbox, Inc®
[MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752] (.Activate.) =>.Google Inc®
[MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752] (.Activate.) =>.Google Inc®
[MD5.4BC51A4AA9659E5FA0059210FD61C185] [APT] [IObitSelfCheckTask] (.IObit.) -- C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [1084704] (.Activate.) =>.IObit Information Technology®
[MD5.E7E024F0B2264B2B5DBD6B80340D803A] [APT] [Run RoboForm TaskBar Icon] (.Siber Systems.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376] (.Activate.) =>.Siber Systems®
[MD5.41D72FA0FA4FBE89FBAA52ECFBA610CF] [APT] [SmartDefrag_AutoAnalyze] (.IObit.) -- D:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [498976] (.Activate.) =>.IObit Information Technology®
[MD5.3DEABF505FF9E71CBADB1DABD206BF9B] [APT] [SmartDefrag_Update] (.IObit.) -- D:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2965792] (.Activate.) =>.IObit Information Technology®
[MD5.BEC6F07F030B8D831D0595D581AA1C38] [APT] [Microsoft\Office\OfficeBackgroundTaskHandlerRegistration] (.Hewlett-Packard.) -- C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [26312] (.Activate.) =>.Microsoft Corporation®
O39 - APT: DropboxUpdateTaskMachineCore - (.Dropbox, Inc..) -- C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job [932] =>.Dropbox, Inc®
O39 - APT: DropboxUpdateTaskMachineUA - (.Dropbox, Inc..) -- C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job [936] =>.Dropbox, Inc®
O39 - APT: Adobe Acrobat Update Task - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task [4562] =>.Adobe Systems, Incorporated®
O39 - APT: Adobe Flash Player PPAPI Notifier - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier [4598] =>.Adobe Systems Incorporated®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater [4422] =>.Adobe Systems Incorporated®
O39 - APT: Antivirus Emergency Update - (.AVG Technologies CZ, s.r.o..) -- C:\WINDOWS\System32\Tasks\Antivirus Emergency Update [4282] =>.AVG Technologies CZ, s.r.o.®
O39 - APT: ASC10_SkipUac_scct - (.IObit.) -- C:\WINDOWS\System32\Tasks\ASC10_SkipUac_scct [2902] =>.IObit Information Technology®
O39 - APT: AVG EUpdate Task - (...) -- C:\WINDOWS\System32\Tasks\AVG EUpdate Task [3668] (.Orphan.) =>.SUP.Orphan
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\WINDOWS\System32\Tasks\CCleanerSkipUAC [2212] =>.Piriform Ltd®
O39 - APT: DropboxUpdateTaskMachineCore - (.Dropbox, Inc..) -- C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore [3226] =>.Dropbox, Inc®
O39 - APT: DropboxUpdateTaskMachineUA - (.Dropbox, Inc..) -- C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA [3450] =>.Dropbox, Inc®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore [3120] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA [3344] =>.Google Inc®
O39 - APT: IObitSelfCheckTask - (.IObit.) -- C:\WINDOWS\System32\Tasks\IObitSelfCheckTask [2440] =>.IObit Information Technology®
O39 - APT: Unknown - (.RoboForm.) -- C:\WINDOWS\System32\Tasks\Open URL by RoboForm [3544] =>.RoboForm
O39 - APT: Run RoboForm TaskBar Icon - (.Siber Systems.) -- C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon [2934] =>.Siber Systems®
O39 - APT: SmartDefrag_AutoAnalyze - (.IObit.) -- C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze [3260] =>.IObit Information Technology®
O39 - APT: SmartDefrag_Update - (.IObit.) -- C:\WINDOWS\System32\Tasks\SmartDefrag_Update [3096] =>.IObit Information Technology®

---\\ Auto loading programs from Registry and folders (22) - 5s
O4 - HKLM\..\Run: [SecurityHealth] . (.Microsoft Corporation - Windows Defender notification icon.) -- C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Windows®
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe =>.Intel Corporation
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe =>.Intel Corporation
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp.®
O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe =>.Logitech Inc®
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Update Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe =>.NVIDIA Corporation®
O4 - HKLM\..\Run: [Malwarebytes TrayApp] . (.Malwarebytes - Malwarebytes Tray Application.) -- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe =>.Malwarebytes Corporation®
O4 - HKLM\..\Run: [AvgUi] . (.AVG Technologies CZ, s.r.o. - AVG Ui (Re)Starter.) -- C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe =>.AVG Technologies CZ, s.r.o.®
O4 - HKLM\..\Run: [AVGUI.exe] . (.AVG Technologies CZ, s.r.o. - AvLaunch component.) -- C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe =>.AVG Technologies CZ, s.r.o.®
O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe =>.Siber Systems®
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- D:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe =>.Safer Networking Ltd.®
O4 - HKCU\..\Run: [Advanced SystemCare 10] . (.IObit - Advanced SystemCare 10.) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe =>.IObit Information Technology®
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\scct\AppData\Roaming\Spotify\SpotifyWebHelper.exe =>.Spotify AB®
O4 - HKLM\..\Wow6432Node\Run: [AvgUi] . (.AVG Technologies CZ, s.r.o. - AVG Ui (Re)Starter.) -- C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe =>.AVG Technologies CZ, s.r.o.®
O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.Copyright (C) 2012 - VProtect Application.) -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe =>.AVG Technologies CZ, s.r.o.®
O4 - HKLM\..\Wow6432Node\Run: [Dropbox] . (.Dropbox, Inc. - Dropbox.) -- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe =>.Dropbox, Inc®
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe =>.Safer Networking Ltd.®
O4 - HKLM\..\Wow6432Node\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe =>.IObit Information Technology®
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-21-251929532-3862799365-3943777-1000\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-21-251929532-3862799365-3943777-1000\..\RunOnce: [WAB Migrate] . (.Microsoft Corporation - Windows Contacts.) -- C:\Program Files\Windows Mail\wab.exe =>.Microsoft Corporation

---\\ Process running (27) - 6s
[MD5.FD3DE2078B2ED0BBF28B396F213FEC95] - (.IObit - IObit Malware Fighter Service.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1768736] [PID.1404] =>.IObit Information Technology®
[MD5.1CFADAA64D34D92AB64887802D1F33FE] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624] [PID.1412] =>.IObit Information Technology®
[MD5.87E62F1B98DD606EE0D7CD791C966479] - (.Copyright (C) 2015 - WtuSyste Application.) -- C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576] [PID.2556] =>.AVG Technologies CZ, s.r.o.®
[MD5.843F16D234D03756B9EB6054B5C62FAA] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [426040] [PID.2600] =>.NVIDIA Corporation®
[MD5.00000000000000000000000000000000] - (.Dropbox, Inc. - Dropbox Service.) -- C:\WINDOWS\system32\DbxSvc.exe [0] [PID.3588] =>.Dropbox, Inc.
[MD5.68D6C7F99BC73B88954D844FCCBEB2A0] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408] [PID.3664] =>.Safer Networking Ltd.®
[MD5.553AE0B7AE88B66C2AD2C780F78F9AB6] - (.AVG Technologies CZ, s.r.o. - AVG Service Process.) -- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656] [PID.3684] =>.AVG Technologies CZ, s.r.o.®
[MD5.5479527A00944D891F2531986BC1A30F] - (.AVG Secure Search - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1354824] [PID.3692] =>.AVG Technologies CZ, s.r.o.®
[MD5.9B9B368A8FF5CAF91D7A333CF62CD2CC] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928] [PID.3624] =>.Safer Networking Ltd.®
[MD5.A1F58FFF448E4099297D6EE0641D4D0E] - (.Dropbox, Inc. - Dropbox Update.) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144] [PID.6172] =>.Dropbox, Inc®
[MD5.CD6FE4D2E29D70D9E2AA587DE5978A15] - (.IObit - Uninstall Programs.) -- C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736] [PID.14040] =>.IObit Information Technology®
[MD5.E0E9768A214DB152DA61DB074A4C35F7] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1800712] [PID.1048] =>.AVG Technologies CZ, s.r.o.®
[MD5.8413F26550442F9C9AA16F3D1FCACB3E] - (.AVG Technologies CZ, s.r.o. - AVG Antivirus.) -- C:\Program Files (x86)\AVG\Antivirus\avgui.exe [9271528] [PID.8016] =>.AVG Technologies CZ, s.r.o.®
[MD5.DBE440017ADEF623761D55B58FBEDE35] - (...) -- C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe [74752] [PID.225000] =>.Skype Technologies
[MD5.3E5999946E4C3E84DC474E6BE28CFE79] - (.IObit - UninstallerMonitor.) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe [2275104] [PID.221052] =>.IObit Information Technology®
[MD5.FEB88D505A683435A7D5620BB95A8A8B] - (.IncrediMail Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [444424] [PID.79720] =>.IncrediMail, Inc.®
[MD5.8D145E3007D8C5656D1B48E06911D901] - (.IncrediMail Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [296968] [PID.224036] =>.IncrediMail, Inc.®
[MD5.64FD9533B2FDC4E21B1659C794A8BF19] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.365440] =>.Google Inc®
[MD5.64FD9533B2FDC4E21B1659C794A8BF19] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.223700] =>.Google Inc®
[MD5.64FD9533B2FDC4E21B1659C794A8BF19] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.343672] =>.Google Inc®
[MD5.64FD9533B2FDC4E21B1659C794A8BF19] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.364836] =>.Google Inc®
[MD5.64FD9533B2FDC4E21B1659C794A8BF19] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.223872] =>.Google Inc®
[MD5.64FD9533B2FDC4E21B1659C794A8BF19] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.354136] =>.Google Inc®
[MD5.64FD9533B2FDC4E21B1659C794A8BF19] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.364008] =>.Google Inc®
[MD5.64FD9533B2FDC4E21B1659C794A8BF19] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.362056] =>.Google Inc®
[MD5.17A0E8DBB9BA2C01A8882406ED45F582] - (...) -- C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe [1307560] [PID.312292] =>.IObit Information Technology®
[MD5.86EBD460621BAB6AFE8595392B0560CA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\scct\Desktop\ZHPDiag3.exe [2812800] [PID.350012] =>.Nicolas Coolman

---\\ Google Chrome, Start,Search,Extensions (29) - 2s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ajax.googleapis.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d1ndl3am21r6ws.cloudfront.net =>.SUP.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d31qbv1cthcecs.cloudfront.net =>.SUP.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d5nxst8fruw4z.cloudfront.net =>.SUP.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://pchelpforum.net
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.ebay.co.uk =>.eBay
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.skybet.com
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.bet365.com
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.co.uk =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] =>.Google Inc. {Slides}
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] =>.Google Inc. {Docs}
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] http://drive.google.com/ =>.Google Inc. {Drive}
G2 - GCE: Preference [User Data\Default] [bbmegnmpleoagolcnjnejdacakedpcgd] IObit Surfing Protection & Ads Removal =>.IObit
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] http://www.youtube.com =>.Youtube {Youtube}
G2 - GCE: Preference [User Data\Default] [dkpejdfnpdkhifgbancbammdijojoffk] Logitech Smooth Scrolling =>.Logitech Inc.
G2 - GCE: Preference [User Data\Default] [fdcgdnkidjaadafnichfpabhfomcebme] ZenMate =>.zenmate.com
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] =>.Google Inc. {Sheets}
G2 - GCE: Preference [User Data\Default] [fllaojicojecljbmefodhfapmkghcbnh] =>.ga-extension-publishers {Désactivation Google Analytics}
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] =>.Google Inc. {Docs hors connexion}
G2 - GCE: Preference [User Data\Default] [gpdjojdkbbmdfjfahjcgigfpmkopogic] =>.pinterest.com {Save Button}
G2 - GCE: Preference [User Data\Default] [jmfikkaogpplgnfjmbjdpalkhclendgd] Save to Facebook =>.Facebook
G2 - GCE: Preference [User Data\Default] [loopfhhjebfdiedohdimifdjcdolcljm] Search DW
G2 - GCE: Preference [User Data\Default] [mmfcakoljjhncfphlflcedhgogfhpbcd] ZIP Extractor =>.zip-extractor
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] =>.Google Inc. {Wallet}
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] http://mail.google.com/ =>.Google Inc. {Gmail}
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (1) - 10s
P2 - EXT FILE: (.IObit Surfing Protection Ads Rem - Protect your PC from malicious website.) -- C:\Users\scct\AppData\Roaming\Mozilla\Firefox\Profiles\es7scrkr.default\extensions\ascsurfingprotectionnew@iobit.com.xpi =>.IObit Surfing Protection Ads Rem

---\\ Internet Explorer Extensions, Start, Search (15) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (15643)

---\\ Browser Helper Object (BHO) (6) - 2s
O2 - BHO: ExplorerWnd Helper [64Bits] - {10921475-03CE-4E04-90CE-E2E7EF20C814} (.Orphan.)
O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll =>.Microsoft Corporation®
O2 - BHO: RoboForm BHO [64Bits] - {724d43a9-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll =>.Siber Systems®
O2 - BHO: AVG Web TuneUp [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG - AVG Web TuneUp.dll.) -- C:\Program Files (x86)\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll =>.AVG Technologies CZ, s.r.o.®
O2 - BHO: (no name) [64Bits] - {AF949550-9094-4807-95EC-D1C317803333} . (.Logitech, Inc. - Logitech SetPoint.) -- C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll =>.Logitech Inc®
O2 - BHO: Microsoft OneDrive for Business Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®

---\\ Global shortcuts Startup (117) - 25s
O4 - GS\Desktop [Administrator]: Downloads - Shortcut.lnk . (...) D:\Users\scct\Downloads
O4 - GS\Desktop [Administrator]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\Desktop [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Administrator]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\scct\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: IncrediMail 2.0.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Advanced SystemCare 10.lnk . (.IObit - Advanced SystemCare 10.) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe =>.IObit Information Technology®
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\TaskBar [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\scct\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Sky Go Download Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 814376323.go.sky.com =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Smart Defrag.lnk . (.IObit - Smart Defrag 5.) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe =>.IObit Information Technology®
O4 - GS\Programs [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [defaultuser0]: Downloads - Shortcut.lnk . (...) D:\Users\scct\Downloads
O4 - GS\Desktop [defaultuser0]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\Desktop [defaultuser0]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [defaultuser0]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation
O4 - GS\Desktop [defaultuser0]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\scct\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [defaultuser0]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [defaultuser0]: IncrediMail 2.0.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\sendTo [defaultuser0]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [defaultuser0]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [defaultuser0]: Advanced SystemCare 10.lnk . (.IObit - Advanced SystemCare 10.) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe =>.IObit Information Technology®
O4 - GS\TaskBar [defaultuser0]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [defaultuser0]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\TaskBar [defaultuser0]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [defaultuser0]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\scct\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [defaultuser0]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [defaultuser0]: Sky Go Download Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 814376323.go.sky.com =>.Microsoft Corporation®
O4 - GS\Programs [defaultuser0]: Smart Defrag.lnk . (.IObit - Smart Defrag 5.) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe =>.IObit Information Technology®
O4 - GS\Programs [defaultuser0]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Guest]: Downloads - Shortcut.lnk . (...) D:\Users\scct\Downloads
O4 - GS\Desktop [Guest]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\Desktop [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Guest]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\scct\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: IncrediMail 2.0.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Advanced SystemCare 10.lnk . (.IObit - Advanced SystemCare 10.) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe =>.IObit Information Technology®
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\TaskBar [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\scct\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Sky Go Download Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 814376323.go.sky.com =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Smart Defrag.lnk . (.IObit - Smart Defrag 5.) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe =>.IObit Information Technology®
O4 - GS\Programs [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Guest]: Start Tor Browser.lnk . (.Mozilla Corporation - Tor Browser.) D:\Users\scct\Desktop\Tor Browser\Browser\firefox.exe =>.Mozilla Corporation
O4 - GS\Desktop [scct]: Downloads - Shortcut.lnk . (...) D:\Users\scct\Downloads
O4 - GS\Desktop [scct]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\Desktop [scct]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [scct]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation
O4 - GS\Desktop [scct]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\scct\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [scct]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [scct]: IncrediMail 2.0.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\sendTo [scct]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [scct]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [scct]: Advanced SystemCare 10.lnk . (.IObit - Advanced SystemCare 10.) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe =>.IObit Information Technology®
O4 - GS\TaskBar [scct]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [scct]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\TaskBar [scct]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [scct]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\scct\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [scct]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [scct]: Sky Go Download Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 814376323.go.sky.com =>.Microsoft Corporation®
O4 - GS\Programs [scct]: Smart Defrag.lnk . (.IObit - Smart Defrag 5.) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe =>.IObit Information Technology®
O4 - GS\Programs [scct]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\CommonDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) D:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\scct\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [Public]: Sky Go Download Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 814376323.go.sky.com =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Smart Defrag.lnk . (.IObit - Smart Defrag 5.) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe =>.IObit Information Technology®
O4 - GS\Programs [Public]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
OO4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Access 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.) C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico =>.Flexera Software LLC
O4 - GS\ProgramsCommon [Public]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\ProgramsCommon [Public]: Launch RamBooster 2.0.lnk . (.J.Pajula - RamBooster.) D:\Program Files (x86)\RamBooster 2.0\Rambooster.exe
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) D:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\ProgramsCommon [Public]: OneDrive for Business.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: OneNote 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Outlook 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: PowerPoint 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Publisher 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Skype for Business 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe =>.Safer Networking Ltd.®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{1b30f767-49af-449e-bf96-8bca1f256d62}: DhcpNameServer = 8.8.8.8 8.8.4.4 =>.France Google Cloud
O17 - HKLM\System\CCS\Services\Tcpip\..\{f567b79d-d877-4cd9-a354-819b58d9860e}: DhcpNameServer = 192.168.0.1 =>.Local IP Adress

---\\ Extra protocols (26) - 2s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: mso-minsb-roaming.16 [64Bits] - {83C25742-A9F7-49FB-9138-434302C88D07} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: mso-minsb.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf-roaming.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf.16 [64Bits] - {5504BE45-A83B-4808-900A-3A5C36E7F77A} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation

---\\ Software installed (55) - 10s
O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Flash Player 26 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player PPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001824237067} =>.Adobe Systems Incorporated
O42 - Logiciel: Advanced SystemCare 10 - (.IObit.) [HKLM][64Bits] -- Advanced SystemCare_is1 =>.IObit Information Technology®
O42 - Logiciel: AVG - (.AVG Technologies.) [HKLM][64Bits] -- {434FBA38-0562-4F98-9436-4B45C0C0EF0B} =>.AVG Technologies
O42 - Logiciel: AVG Internet Security - (.AVG Technologies.) [HKLM][64Bits] -- AVG Antivirus =>.AVG Technologies CZ, s.r.o.®
O42 - Logiciel: AVG Web TuneUp - (.AVG Technologies.) [HKLM][64Bits] -- AVG Web TuneUp =>.AVG Technologies CZ, s.r.o.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Driver Booster 4.4 - (.IObit.) [HKLM][64Bits] -- Driver Booster_is1 =>.IObit Information Technology®
O42 - Logiciel: Dropbox - (.Dropbox, Inc..) [HKLM][64Bits] -- Dropbox =>.Dropbox, Inc®
O42 - Logiciel: Dropbox Update Helper - (.Dropbox, Inc..) [HKLM][64Bits] -- {099218A5-A723-43DC-8DB5-6173656A1E94} =>.Dropbox, Inc.
O42 - Logiciel: FMW 1 - (.AVG Technologies.) [HKLM][64Bits] -- {1DA9CD4A-687F-4075-A828-0A3ACB901438} =>.AVG Technologies
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: IL-2 Sturmovik: Forgotten Battles - (.Ubi Soft.) [HKLM][64Bits] -- {8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3} =>.Ubi Soft
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {35505AE1-27E2-4206-B3BF-58771803B8D0} =>.IncrediMail
O42 - Logiciel: IncrediMail 2.5 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail =>.IncrediMail, Inc.®
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel Corporation.) [HKLM][64Bits] -- {B685D0AD-42A8-4A39-9BFE-8C063FA9AF29} =>.Intel Corporation
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel(R) Corporation.) [HKLM][64Bits] -- {c6cff78a-cccb-49d5-be68-ae0ec5f0d48a} =>.Intel Corporation - Software and Firmware Products®
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {1CEAC85D-2590-4760-800F-8DE5E91F3700} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {60DC6F22-D268-44F0-8720-200033508384} =>.Intel Corporation
O42 - Logiciel: Intel(R) ME UninstallLegacy - (.Intel Corporation.) [HKLM][64Bits] -- {DF17C0DB-76D8-4A45-B26E-674F8455B803} =>.Intel Corporation
O42 - Logiciel: IObit Malware Fighter 5 - (.IObit.) [HKLM][64Bits] -- IObit Malware Fighter_is1 =>.IObit Information Technology®
O42 - Logiciel: IObit Uninstaller - (.IObit.) [HKLM][64Bits] -- IObitUninstall =>.IObit Information Technology®
O42 - Logiciel: Logitech SetPoint 6.67 - (.Logitech.) [HKLM][64Bits] -- sp6 =>.Logitech®
O42 - Logiciel: Malwarebytes version 3.1.2.1733 - (.Malwarebytes.) [HKLM][64Bits] -- {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1 =>.Malwarebytes Corporation®
O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- OneDriveSetup.exe =>.Microsoft Corporation®
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: Mozilla Firefox 54.0.1 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 54.0.1 (x86 en-US) =>.Mozilla Corporation®
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: NVIDIA 3D Vision Driver 342.01 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Control Panel 342.01 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Graphics Driver 342.01 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo =>.NVIDIA Corporation®
O42 - Logiciel: NVIDIA Update 10.4.0 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Update Core - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core =>.NVIDIA Corporation
O42 - Logiciel: Office 16 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-007E-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Pop-Up Blocker Full - (..) [HKLM][64Bits] -- {F0DEA93A-EADB-4D7C-AA2B-DFB356DA886A}
O42 - Logiciel: RamBooster - (.RamBooster.) [HKLM][64Bits] -- {ADE3CACC-EC31-480C-83A0-587EE60CE8DF}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp.®
O42 - Logiciel: RoboForm 7-9-22-2 (All Users) - (.Siber Systems.) [HKLM][64Bits] -- AI RoboForm =>.Siber Systems®
O42 - Logiciel: Sky Go Download Player - (.go.sky.com.) [HKCU][64Bits] -- 814376323.go.sky.com
O42 - Logiciel: Smart Defrag 5 - (.IObit.) [HKLM][64Bits] -- Smart Defrag_is1 =>.IObit Information Technology®
O42 - Logiciel: Sony Mobile Update Engine - (.Sony Mobile Communications Inc..) [HKLM][64Bits] -- Update Engine =>.Sony Mobile Communications Inc.
O42 - Logiciel: Spotify - (.Spotify AB.) [HKCU][64Bits] -- Spotify =>.Spotify AB®
O42 - Logiciel: Spybot - Search & Destroy - (.Safer-Networking Ltd..) [HKLM][64Bits] -- {B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1 =>.Safer Networking Ltd.®
O42 - Logiciel: USB3 Hub FW Upgrade Tool version 0.44 - (..) [HKLM][64Bits] -- USB3 Hub FW Upgrade Tool_is1
O42 - Logiciel: Visual Studio 2012 x64 Redistributables - (.AVG Technologies.) [HKLM][64Bits] -- {8C775E70-A791-4DA8-BCC3-6AB7136F4484} =>.AVG Technologies
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM][64Bits] -- {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: Windows 10 Update and Privacy Settings - (.Microsoft Corporation.) [HKLM][64Bits] -- {293F2009-0145-450B-B4AA-063D43FB368C} =>.Microsoft Corporation
O42 - Logiciel: Zoom - (.Zoom Video Communications, Inc..) [HKCU][64Bits] -- ZoomUMX =>.Zoom Video Communications, Inc.®

---\\ HKCU & HKLM Software Keys (74) - 10s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\Auslogics =>.Auslogics
HKLM\SOFTWARE\Wow6432Node\AVG =>.AVG Software
HKLM\SOFTWARE\Wow6432Node\AVG Tuneup =>.AVG Software
HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp =>.AVG Web TuneUp
HKLM\SOFTWARE\Wow6432Node\Dropbox =>.Dropbox
HKLM\SOFTWARE\Wow6432Node\DropboxUpdate =>.Dropbox Inc.
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\IncrediMail =>.IncrediMail
HKLM\SOFTWARE\Wow6432Node\InstallShield =>.InstallShield
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\Intel Security =>.Intel Security
HKLM\SOFTWARE\Wow6432Node\IObit =>.IObit
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Logitech =>.Logitech
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\McAfee =>.McAfee Inc.
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\PocketSoft
HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited =>.Safer Networking Limited
HKLM\SOFTWARE\Wow6432Node\Siber Systems =>.Siber Systems
HKLM\SOFTWARE\Wow6432Node\Sony Mobile =>.Sony Corporation
HKLM\SOFTWARE\Wow6432Node\Ubi Soft =>.Ubi Soft
HKLM\SOFTWARE\Wow6432Node\Ubi Soft Entertainment Inc.
HKLM\SOFTWARE\Wow6432Node\Usb3HubFWUpgrade
HKLM\SOFTWARE\Wow6432Node\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\wtu =>.WTU
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\Avg =>.AVG Software
HKCU\SOFTWARE\AVG SafePrice =>.AVG Software
HKCU\SOFTWARE\Avg Secure Update =>.AVG Software
HKCU\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\Dropbox =>.Dropbox
HKCU\SOFTWARE\DropboxUpdate =>.Dropbox Inc.
HKCU\SOFTWARE\FTweak =>.FTweak
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\IM =>Adware.InstallCore
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\IncrediMail =>.IncrediMail
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\Intel Security =>.Intel Security
HKCU\SOFTWARE\IObit =>.IObit
HKCU\SOFTWARE\Logitech =>.Logitech
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Safer Networking Limited =>.Safer Networking Limited
HKCU\SOFTWARE\Safer Technologies
HKCU\SOFTWARE\Siber Systems =>.Siber Systems
HKCU\SOFTWARE\Spotify =>.Spotify
HKCU\SOFTWARE\SyncEngines =>.Microsoft Corporation
HKCU\SOFTWARE\TrueKey =>.Intel Corporation
HKCU\SOFTWARE\Ubi Soft =>.Ubi Soft
HKCU\SOFTWARE\VB and VBA Program Settings =>.Microsoft Corporation
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\PasswordBox =>.PasswordBox Inc

---\\ Contents of the Common Files folders (223) - 28s
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files\AVG Web TuneUp =>.AVG Web TuneUp
O43 - CFD: 22/10/2016 - [] AD -- C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 09/08/2017 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Program Files\Logitech =>.Logitech Inc®
O43 - CFD: 05/03/2017 - [] D -- C:\Program Files\Malwarebytes =>.Malwarebytes
O43 - CFD: 28/07/2017 - [] AD -- C:\Program Files\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 27/11/2016 - [] D -- C:\Program Files\Microsoft Office 15 =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] AD -- C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\Program Files\Realtek =>.Realtek
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 23/10/2016 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] AD -- C:\Program Files\UNP =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Program Files\VideoLAN =>.VideoLan Team
O43 - CFD: 14/07/2017 - [] RD -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files\Windows Defender Advanced Threat Protection =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Security =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] SHD -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 15/08/2017 - [] HD -- C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 07/08/2017 - [] D -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 25/04/2017 - [] D -- C:\Program Files (x86)\AVG =>.AVG Software
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files (x86)\AVG Web TuneUp =>.AVG Technologies CZ, s.r.o.®
O43 - CFD: 09/08/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 07/12/2016 - [] D -- C:\Program Files (x86)\directx =>.Microsoft Corporation
O43 - CFD: 14/08/2017 - [] D -- C:\Program Files (x86)\Dropbox =>.Dropbox, Inc®
O43 - CFD: 22/10/2016 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 05/07/2017 - [] AD -- C:\Program Files (x86)\IncrediMail =>.IncrediMail, Inc.®
O43 - CFD: 07/12/2016 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield
O43 - CFD: 09/03/2017 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 26/06/2017 - [] D -- C:\Program Files (x86)\IObit =>.IObit
O43 - CFD: 09/08/2017 - [0] D -- C:\Program Files (x86)\McAfee =>.McAfee
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 27/07/2017 - [] D -- C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
O43 - CFD: 27/07/2017 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 14/12/2016 - [] D -- C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Program Files (x86)\Pop-Up Blocker Full
O43 - CFD: 06/08/2017 - [0] AD -- C:\Program Files (x86)\RAMRush
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Program Files (x86)\Siber Systems =>.Siber Systems®
O43 - CFD: 13/04/2017 - [] D -- C:\Program Files (x86)\Spybot - Search & Destroy 2 =>.SaferNetworking
O43 - CFD: 07/12/2016 - [] D -- C:\Program Files (x86)\Ubi Soft =>.Ubi Soft
O43 - CFD: 07/12/2016 - [] D -- C:\Program Files (x86)\ubi.com
O43 - CFD: 20/06/2017 - [0] HD -- C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 31/10/2016 - [] AD -- C:\Program Files (x86)\USB3 Hub FW Upgrade Tool
O43 - CFD: 14/07/2017 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] SHD -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 14/07/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 14/07/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 09/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare =>.IObit
O43 - CFD: 17/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG =>.AVG Software
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen =>.AVG
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 28/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4 =>.IObit
O43 - CFD: 14/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox =>.Dropbox
O43 - CFD: 05/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 05/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail =>.IncrediMail
O43 - CFD: 20/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter =>.IObit
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller =>.IObit
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech =>.Logitech
O43 - CFD: 18/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 28/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes =>.Malwarebytes
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 05/08/2017 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMRush
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm =>.Siber Systems Inc.
O43 - CFD: 03/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag =>.IObit
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 =>.SaferNetworking
O43 - CFD: 07/08/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft =>.Ubi Soft
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ubi.com
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB3 Hub FW Upgrade Tool
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLan Team
O43 - CFD: 07/08/2017 - [] D -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 20/06/2017 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 07/11/2016 - [0] D -- C:\ProgramData\Auslogics =>.Auslogics
O43 - CFD: 25/04/2017 - [] AD -- C:\ProgramData\Avg =>.AVG Software
O43 - CFD: 15/06/2017 - [] D -- C:\ProgramData\AVG Web TuneUp =>.AVG Web TuneUp
O43 - CFD: 21/06/2017 - [] HD -- C:\ProgramData\Common Files =>.Microsoft Corporation
O43 - CFD: 23/10/2016 - [0] D -- C:\ProgramData\Comms =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 30/01/2017 - [] D -- C:\ProgramData\Dropbox =>.Dropbox
O43 - CFD: 17/01/2017 - [] D -- C:\ProgramData\Gaijin =>.Gaijin Entertainment
O43 - CFD: 22/10/2016 - [] D -- C:\ProgramData\IM =>.IncrediMail Ltd
O43 - CFD: 22/10/2016 - [] D -- C:\ProgramData\IncrediMail =>.IncrediMail
O43 - CFD: 04/11/2016 - [] D -- C:\ProgramData\Intel =>.Intel Corporation
O43 - CFD: 04/08/2017 - [] D -- C:\ProgramData\IObit =>.IObit
O43 - CFD: 22/10/2016 - [] D -- C:\ProgramData\Logishrd =>.Logitech Inc.
O43 - CFD: 05/03/2017 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 09/08/2017 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 25/04/2017 - [] D -- C:\ProgramData\MFAData =>.AVG Software
O43 - CFD: 20/06/2017 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
O43 - CFD: 14/08/2017 - [] D -- C:\ProgramData\NVIDIA =>.nVidia Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 12/01/2017 - [] D -- C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 15/08/2017 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 27/07/2017 - [] AD -- C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\ProgramData\RoboForm =>.Siber Systems Inc.
O43 - CFD: 18/03/2017 - [0] D -- C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
O43 - CFD: 12/01/2017 - [] D -- C:\ProgramData\Sony Mobile =>.Sony Corporation
O43 - CFD: 13/04/2017 - [] D -- C:\ProgramData\Spybot - Search & Destroy =>.SaferNetworking
O43 - CFD: 20/06/2017 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 18/01/2017 - [] D -- C:\ProgramData\WarThunder =>.Games Software
O43 - CFD: 19/03/2017 - [] D -- C:\ProgramData\WindowsHolographicDevices =>.Microsoft Corporation
O43 - CFD: 16/11/2016 - [0] D -- C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
O43 - CFD: 22/11/2016 - [0] D -- C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
O43 - CFD: 22/10/2016 - [0] D -- C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
O43 - CFD: 07/08/2017 - [] AD -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 22/10/2016 - [] D -- C:\Program Files (x86)\Common Files\AVG Secure Search =>.AVG Secure Search
O43 - CFD: 07/12/2016 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 24/04/2017 - [] D -- C:\Program Files (x86)\Common Files\IObit =>.IObit
O43 - CFD: 20/06/2017 - [] AD -- C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 07/12/2016 - [] D -- C:\Program Files (x86)\Common Files\PocketSoft
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 07/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 12/01/2017 - [] D -- C:\Users\scct\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 24/04/2017 - [] D -- C:\Users\scct\AppData\Roaming\AVG =>.AVG Software
O43 - CFD: 30/01/2017 - [] D -- C:\Users\scct\AppData\Roaming\Dropbox =>.Dropbox
O43 - CFD: 11/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\dvdcss =>.VideoLan Team
O43 - CFD: 13/05/2017 - [] D -- C:\Users\scct\AppData\Roaming\Google =>.Google
O43 - CFD: 26/06/2017 - [] D -- C:\Users\scct\AppData\Roaming\IObit =>.IObit
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\Logishrd =>.Logitech Inc.
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\Logitech =>.Logitech
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 20/06/2017 - [] SD -- C:\Users\scct\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 27/07/2017 - [] D -- C:\Users\scct\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\RoboForm =>.Siber Systems Inc.
O43 - CFD: 31/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\Skype =>.Skype
O43 - CFD: 14/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\Spotify =>.Spotify
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\TuneUp Software =>.TuneUp Software
O43 - CFD: 11/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\vlc =>.VideoLan Team
O43 - CFD: 15/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 27/06/2017 - [] D -- C:\Users\scct\AppData\Roaming\Zoom =>.ZOOM
O43 - CFD: 07/08/2017 - [] D -- C:\Users\scct\AppData\Local\Adobe =>.Adobe
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\scct\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 06/03/2017 - [] D -- C:\Users\scct\AppData\Local\Apps =>.Microsoft Corporation
O43 - CFD: 06/07/2017 - [] D -- C:\Users\scct\AppData\Local\Avg =>.AVG Software
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Local\AVG Web TuneUp =>.AVG Web TuneUp
O43 - CFD: 04/12/2016 - [] D -- C:\Users\scct\AppData\Local\AvgSetupLog =>.AVG Software
O43 - CFD: 31/10/2016 - [] D -- C:\Users\scct\AppData\Local\CEF =>.CEF
O43 - CFD: 10/08/2017 - [] D -- C:\Users\scct\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Users\scct\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
O43 - CFD: 22/06/2017 - [0] D -- C:\Users\scct\AppData\Local\DBG =>.DBG
O43 - CFD: 26/07/2017 - [] D -- C:\Users\scct\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 17/07/2017 - [] D -- C:\Users\scct\AppData\Local\Dropbox =>.Dropbox
O43 - CFD: 17/01/2017 - [] D -- C:\Users\scct\AppData\Local\Gaijin =>.Gaijin Entertainment
O43 - CFD: 07/11/2016 - [] D -- C:\Users\scct\AppData\Local\Google =>.Google
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\scct\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 31/10/2016 - [] D -- C:\Users\scct\AppData\Local\IM =>.IncrediMail Ltd
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Local\MFAData =>.AVG Software
O43 - CFD: 26/07/2017 - [] D -- C:\Users\scct\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 27/07/2017 - [] D -- C:\Users\scct\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 14/12/2016 - [] D -- C:\Users\scct\AppData\Local\NVIDIA =>.nVidia Corporation
O43 - CFD: 08/08/2017 - [] D -- C:\Users\scct\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [0] D -- C:\Users\scct\AppData\Local\PeerDistRepub =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 14/08/2017 - [] D -- C:\Users\scct\AppData\Local\Spotify =>.Spotify
O43 - CFD: 15/08/2017 - [] D -- C:\Users\scct\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\scct\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\Users\scct\AppData\Local\UNP =>.Microsoft Corporation
O43 - CFD: 23/05/2017 - [] D -- C:\Users\scct\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 15/08/2017 - [] D -- C:\Users\scct\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 22/10/2016 - [0] D -- C:\Users\scct\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 04/08/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 20/06/2017 - [] D -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComputerHelp.com Software
O43 - CFD: 20/06/2017 - [] D -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc =>.GitHub
O43 - CFD: 18/03/2017 - [] D -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 04/08/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 27/06/2017 - [] D -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom =>.ZOOM
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Avg =>.AVG Software
O43 - CFD: 14/08/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\AvgSetupLog =>.AVG Software
O43 - CFD: 26/06/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Dropbox =>.Dropbox
O43 - CFD: 20/06/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 26/06/2017 - [0] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\PeerDistRepub =>.Microsoft Corporation
O43 - CFD: 26/06/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\Dropbox =>.Dropbox
O43 - CFD: 24/06/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\IObit =>.IObit

---\\ Latest files created in Prefetcher (2) - 18s
O45 - LFCP:[MD5.4A5D51A4B3CEC174FD867982D2824800] 07/08/2017 A -- C:\WINDOWS\Prefetch\BROWSERPROTECT.EXE-9DE5B231.pf =>PUP.Optional.Eazel
O45 - LFCP:[MD5.990EBDD9989D9343033F86788F0A6884] 27/06/2017 A -- C:\WINDOWS\Prefetch\REIMAGE.EXE-8A509CAA.pf =>.SUP.ReimageRepair

---\\ ShellIconOverlayIdentifiers (SIOI) (19) - 1s
O106 - SIOI: DropboxExt1 Class [ DropboxExt01] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt7 Class [ DropboxExt02] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt9 Class [ DropboxExt03] - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt3 Class [ DropboxExt04] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt2 Class [ DropboxExt05] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt4 Class [ DropboxExt06] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt5 Class [ DropboxExt07] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt8 Class [ DropboxExt08] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt10 Class [ DropboxExt09] - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt6 Class [ DropboxExt10] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: ReadOnlyOverlayHandler Class [ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®

---\\ Image File Execution Options (18) - 2s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\\3] =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialisation Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\MRT.exe - (.Microsoft Corporation - Microsoft Windows Malicious Software Remova.) [CFGOptions\\1] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\\1118481] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\\4294967296] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\\32768] =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation

---\\ System Drivers List (95) - 23s
O58 - SDL:2017/03/18 21:56:25 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\WINDOWS\System32\drivers\3ware.sys [107424] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys [1135512] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys [83352] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys [259488] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys [27040] =>.Microsoft Windows®
O58 - SDL:2016/11/04 10:22:42 A . (.Alcor Micro, Corp. - Alocr Micro USB Mass Storage Driver.) -- C:\WINDOWS\System32\drivers\AmUStor.sys [90264] =>.AlcorMicro, Corp.®
O58 - SDL:2017/03/18 21:56:25 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
O58 - SDL:2017/07/24 10:00:48 A . (.AVG Technologies CZ, s.r.o. - File Vault Driver.) -- C:\WINDOWS\System32\drivers\avgbdiska.sys [166624] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/24 10:00:48 A . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Driver..) -- C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [313616] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/24 10:00:48 A . (.AVG Technologies CZ, s.r.o. - Application Activity Monitor Helper Driver.) -- C:\WINDOWS\System32\drivers\avgbidsha.sys [192584] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/24 10:00:48 A . (.AVG Technologies CZ, s.r.o. - Logging Driver.) -- C:\WINDOWS\System32\drivers\avgbloga.sys [336896] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/24 10:00:48 A . (.AVG Technologies CZ, s.r.o. - Universal Driver.) -- C:\WINDOWS\System32\drivers\avgbuniva.sys [51336] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/24 10:01:10 A . (.AVG Technologies CZ, s.r.o. - AVG HWID.) -- C:\WINDOWS\System32\drivers\avgHwid.sys [39424] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/08/09 22:01:38 A . (.AVG Technologies CZ, s.r.o. - AVG File System Minifilter for Windows 2003.) -- C:\WINDOWS\System32\drivers\avgmonflt.sys [139112] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/24 10:00:55 A . (.AVG Technologies CZ, s.r.o. - AVG Firewall Driver.) -- C:\WINDOWS\System32\drivers\avgNetSec.sys [546968] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/24 10:01:09 A . (.AVG Technologies CZ, s.r.o. - AVG WFP Redirect Driver.) -- C:\WINDOWS\System32\drivers\avgRdr2.sys [102792] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/24 10:01:10 A . (.AVG Technologies CZ, s.r.o. - AVG Revert.) -- C:\WINDOWS\System32\drivers\avgRvrt.sys [76832] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/08/09 22:01:38 A . (.AVG Technologies CZ, s.r.o. - AVG Virtualization Driver.) -- C:\WINDOWS\System32\drivers\avgsnx.sys [1008288] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/24 10:01:10 A . (.AVG Technologies CZ, s.r.o. - AVG self protection module.) -- C:\WINDOWS\System32\drivers\avgSP.sys [578048] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/24 10:01:10 A . (.AVG Technologies CZ, s.r.o. - Stream Filter.) -- C:\WINDOWS\System32\drivers\avgStm.sys [191208] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/07/24 10:01:10 A . (.AVG Technologies CZ, s.r.o. - AVG VM Monitor.) -- C:\WINDOWS\System32\drivers\avgVmm.sys [353744] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/03/18 21:56:25 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2017/03/18 21:56:23 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) -- C:\WINDOWS\System32\drivers\bxvbda.sys [533920] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) -- C:\WINDOWS\System32\drivers\cht4dx64.sys [102816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) -- C:\WINDOWS\System32\drivers\cht4sx64.sys [347032] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) -- C:\WINDOWS\System32\drivers\cht4vx64.sys [2104224] =>.Microsoft Windows®
O58 - SDL:2016/02/17 15:37:20 A . (.Cypress Semiconductor, Inc. - Trackpad Driver.) -- C:\WINDOWS\System32\drivers\cysmb.sys [10752] =>.Cypress Semiconductor, Inc.
O58 - SDL:2017/08/10 18:03:40 A . (.Dropbox, Inc. - Dropbox Filter Driver.) -- C:\WINDOWS\System32\drivers\dbx-canary.sys [45640] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2017/08/10 18:03:40 A . (.Dropbox, Inc. - Dropbox Filter Driver.) -- C:\WINDOWS\System32\drivers\dbx-dev.sys [45672] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2017/08/10 18:03:40 A . (.Dropbox, Inc. - Dropbox Filter Driver.) -- C:\WINDOWS\System32\drivers\dbx-stable.sys [45640] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2015/04/17 10:23:15 A . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- C:\WINDOWS\System32\drivers\EtronHub3.sys [65408] =>.Etron Technology Inc
O58 - SDL:2015/04/17 10:23:15 A . (.Etron Technology Inc - Etron Enhance USB Mass Storage Driver..) -- C:\WINDOWS\System32\drivers\EtronSTOR.sys [39296] =>.Etron Technology Inc
O58 - SDL:2015/04/17 10:23:15 A . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- C:\WINDOWS\System32\drivers\EtronXHCI.sys [94208] =>.Etron Technology Inc
O58 - SDL:2017/03/18 21:56:23 A . (.QLogic Corporation - QLogic 10 GigE VBD.) -- C:\WINDOWS\System32\drivers\evbda.sys [3419040] =>.Microsoft Windows®
O58 - SDL:2017/03/18 23:56:41 A . (.Malwarebytes - Malwarebytes Anti-Ransomware Protection.) -- C:\WINDOWS\System32\drivers\farflt.sys [111544] =>.Malwarebytes Corporation®
O58 - SDL:2010/10/19 23:34:26 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\HECIx64.sys [56344] =>.Intel Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:23 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
O58 - SDL:2017/03/18 21:56:19 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:26 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAV.sys [673184] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\WINDOWS\System32\drivers\ibbus.sys [526240] =>.Microsoft Windows®
O58 - SDL:2017/03/09 02:16:06 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\WINDOWS\System32\drivers\igdkmd64.sys [5382856] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2017/03/17 00:57:50 A . (.IObit.com - IMFCameraProtect.) -- C:\WINDOWS\System32\drivers\IMFCameraProtect.sys [44096] =>.IObit Information Technology®
O58 - SDL:2015/06/18 03:25:00 A . (.Logitech, Inc. - Logitech HID Filter Driver..) -- C:\WINDOWS\System32\drivers\LHidFilt.Sys [86672] =>.Logitech Inc®
O58 - SDL:2015/06/18 03:25:00 A . (.Logitech, Inc. - Logitech Mouse Filter Driver..) -- C:\WINDOWS\System32\drivers\LMouFilt.Sys [69264] =>.Logitech Inc®
O58 - SDL:2016/10/22 22:21:51 A . (.Logitech, Inc. - Logitech Non-Plug and Play Driver..) -- C:\WINDOWS\System32\drivers\LNonPnP.sys [18960] =>.Logitech®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys [108960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys [123808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys [103328] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
O58 - SDL:2007/05/09 21:46:36 A . (.Logitech Inc. - Audio filter for Express Plus.) -- C:\WINDOWS\System32\drivers\lv302a64.sys [16032] =>.Logitech Inc®
O58 - SDL:2007/05/09 22:46:48 A . (.Logitech Inc. - Logitech QuickCam Driver.) -- C:\WINDOWS\System32\drivers\LV302V64.SYS [1127328] =>.Logitech Inc®
O58 - SDL:2007/05/09 21:50:48 A . (.Logitech Inc. - USB Statistic Driver.) -- C:\WINDOWS\System32\drivers\LVUSBS64.sys [50208] =>.Logitech Inc®
O58 - SDL:2017/08/14 13:09:46 A . (...) -- C:\WINDOWS\System32\drivers\mbae64.sys [77376] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 23:56:37 A . (.Malwarebytes - Malwarebytes Real-Time Protection.) -- C:\WINDOWS\System32\drivers\mbam.sys [43968] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/05 02:02:22 A . (.Malwarebytes - Malwarebytes Chameleon.) -- C:\WINDOWS\System32\drivers\MBAMChameleon.sys [186304] =>.Malwarebytes Corporation®
O58 - SDL:2017/08/14 14:57:10 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys [59808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\MegaSas2i.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys [575904] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - MLX4 Bus Driver.) -- C:\WINDOWS\System32\drivers\mlx4_bus.sys [842656] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
O58 - SDL:2017/03/19 00:00:47 A . (.Malwarebytes - Malwarebytes Web Protection.) -- C:\WINDOWS\System32\drivers\mwac.sys [92088] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\WINDOWS\System32\drivers\ndfltr.sys [108960] =>.Microsoft Windows®
O58 - SDL:2016/12/09 12:39:04 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\WINDOWS\System32\drivers\nvhda64v.sys [206776] =>.NVIDIA Corporation®
O58 - SDL:2016/12/09 12:45:46 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys [12914360] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [150432] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
O58 - SDL:2015/11/20 00:05:20 A . (.NVIDIA Corporation - Stereoscopic 3D USB controller driver.) -- C:\WINDOWS\System32\drivers\nvstusb.sys [460776] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys [58784] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
O58 - SDL:2017/07/22 17:06:32 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.40 64-bit Dr.) -- C:\WINDOWS\System32\drivers\rt640x64.sys [984032] =>.Realtek Semiconductor Corp.®
O58 - SDL:2017/06/28 20:20:36 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RTKVHD64.sys [5545512] =>.Realtek Semiconductor Corp.®
O58 - SDL:2017/03/18 21:56:26 A . (...) -- C:\WINDOWS\System32\drivers\SDFRd.sys [31128] =>.Microsoft Windows®
O58 - SDL:2011/10/14 17:13:26 A . (.Silicon Laboratories - Silicon Labs VCP Serial Enumerator.) -- C:\WINDOWS\System32\drivers\silabenm.sys [27336] =>.Silicon Laboratories
O58 - SDL:2017/03/18 21:56:25 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys [44960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys [81824] =>.Microsoft Windows®
O58 - SDL:2014/12/22 20:52:54 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ve.) -- C:\WINDOWS\System32\drivers\ssudbus.sys [103448] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2017/03/18 21:56:25 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys [31136] =>.Microsoft Windows®
O58 - SDL:2016/04/21 10:10:04 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) -- C:\WINDOWS\System32\drivers\tap0901.sys [27136] =>.The OpenVPN Project
O58 - SDL:2015/07/07 21:45:12 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [184608] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O58 - SDL:2012/12/05 08:27:46 A . (.Seiko Epson Corporation - EPSON USB Device Driver for TM/BA/EU Printe.) -- C:\WINDOWS\System32\drivers\TMUSB64.SYS [63096] =>.Seiko Epson Corporation
O58 - SDL:2014/08/16 00:35:00 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\System32\drivers\usbaapl64.sys [54784] =>.Apple, Inc.
O58 - SDL:2011/11/17 19:34:04 A . (.VIA Labs, Inc. - VL810FILTER.sys.) -- C:\WINDOWS\System32\drivers\vl810filter.sys [17008] =>.VIA Technologies Inc.®
O58 - SDL:2017/03/18 21:56:25 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\WINDOWS\System32\drivers\vsmraid.sys [166816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305568] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - Kernel WinMad.) -- C:\WINDOWS\System32\drivers\winmad.sys [32160] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - Kernel WinVerbs.) -- C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®

---\\ Last modified or created user files (2) - 779s
O61 - LFC: 2017/08/12 17:04:30 A . (..) -- C:\Users\scct\AppData\Roaming\Spotify\natives_blob.bin [334730] =>.Spotify
O61 - LFC: 2017/08/12 17:04:30 A . (..) -- C:\Users\scct\AppData\Roaming\Spotify\snapshot_blob.bin [963964] =>.Spotify

---\\ File Associations Shell Spawning (10) - 1s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Start Menu Internet (12) - 1s
O68 - StartMenuInternet: <Firefox-260915DCF3A62DA7> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <Firefox-260915DCF3A62DA7> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialisation Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <Firefox-260915DCF3A62DA7> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialisation Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <Firefox-260915DCF3A62DA7> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialisation Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

---\\ Search Browser Infection (2) - 3s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com

---\\ Search Svchost Services (48) - 6s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smart card Certificate Propagatio.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smart card Certificate Propagatio.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [303104] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\WINDOWS\System32\gpsvc.dll [1269248] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\WINDOWS\System32\ikeext.dll [934912] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\WINDOWS\System32\iphlpsvc.dll [996864] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Log-on Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\WINDOWS\System32\appinfo.dll [138752] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\WINDOWS\system32\iscsiexe.dll [150016] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\WINDOWS\System32\eapsvc.dll [108032] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\WINDOWS\system32\schedsvc.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [221696] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [133120] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\WINDOWS\system32\profsvc.dll [413696] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\WINDOWS\System32\wercplsupport.dll [92672] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [192512] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\WINDOWS\System32\XblGameSave.dll [1135104] =>.Microsoft Corporation
O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) -- C:\WINDOWS\System32\NaturalAuth.dll [723968] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\WINDOWS\system32\wlidsvc.dll [2155008] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\WINDOWS\System32\usermgr.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\WINDOWS\System32\XblAuthManager.dll [1015296] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) -- C:\Windows\System32\Windows.Internal.Management.dll [536064] =>.Microsoft Corporation
O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) -- C:\WINDOWS\System32\xbgmsvc.dll [301216] =>.Microsoft Windows Publisher®
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\WINDOWS\system32\themeservice.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) -- C:\Windows\System32\TokenBroker.dll [1052160] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) -- C:\WINDOWS\System32\lfsvc.dll [43520] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) -- C:\WINDOWS\System32\irmon.dll [24576] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [104448] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [873472] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [490496] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\System32\sens.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\System32\ipnathlp.dll [537600] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [306688] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\WINDOWS\system32\wuaueng.dll [2444288] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\System32\qmgr.dll [1159680] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [612864] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) -- C:\WINDOWS\system32\flightsettings.dll [699904] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) -- C:\WINDOWS\system32\WpnService.dll [276480] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\WINDOWS\System32\bdesvc.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) -- C:\WINDOWS\system32\usocore.dll [681984] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) -- C:\WINDOWS\System32\NetSetupSvc.dll [261632] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\WINDOWS\System32\DeviceSetupManager.dll [233984] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\WINDOWS\System32\ncasvc.dll [167424] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) -- C:\WINDOWS\System32\XboxGipSvc.dll [18944] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [196096] =>.Microsoft Corporation

---\\ Additional Scan (O88) (6) - 2s
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] =>.SUP.Orphan
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}] =>.SUP.Orphan
C:\WINDOWS\Prefetch\BROWSERPROTECT.EXE-9DE5B231.pf =>PUP.Optional.Eazel
C:\WINDOWS\Prefetch\REIMAGE.EXE-8A509CAA.pf =>.SUP.ReimageRepair
C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1af033869koo7.cloudfront.net_0.localstorage =>.SUP.CloudfrontNet
C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1af033869koo7.cloudfront.net_0.localstorage-journal =>.SUP.CloudfrontNet

---\\ Summary of the elements found (4) - 0s
https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/ =>.SUP.CloudfrontNet
https://nicolascoolman.eu/2017/03/12/adware-installcore-2/ =>Adware.InstallCore
https://www.nicolascoolman.com/fr/hijacker-eazel/ =>PUP.Optional.Eazel
https://nicolascoolman.eu/2017/01/27/superfluous-reimagerepair/ =>.SUP.ReimageRepair

~ Unselected Options:
~ End of the scan, 18208 items in 33mn56s (1046)(0)
 
#8
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (XP Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.
 

Attachments

  • fixlist.txt
    8.3 KB · Views: 8
#9
Download ResetBrowser to your desktop.

Now close all open browsers. All browsers MUST be closed during this operation!

Right click and Run as Administrator

vwueyaz-png.1017


Click on Reset Chrome-- Allow completion.
Click on Reset Firefox-- Allow completion.
Click on Reset Internet Explorer-- Allow completion.

Now reboot your machine.

Uninstall the items below with Geek Uninstaller.

IObit Uninstaller
Advanced SystemCare
Smart Defrag
AVG
Spybot - Search & Destroy
IObit Malware Fighter

We will need a log from AdwCleaner for further information.

Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

Once downloaded to the desktop AdwCleaner will create an icon
2016-08-13_160702-jpg.828

Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

AdwCleaner will open, click the scan button to start searching.

adw-scan-jpg.829


The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the "Cleaning" button.

adwclean-jpg.830


After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[s#].txt

2016-08-13_162447-jpg.831


Please Copy and Paste the contents of the log file with your next reply.
 
#10
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by scct (15-08-2017 17:52:17) Run:1
Running from C:\Users\scct\Desktop\New folder (2)
Loaded Profiles: defaultuser0 & scct (Available Profiles: defaultuser0 & scct)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) D:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2184776 2017-06-15] ()
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5779232 2017-07-18] (IObit)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Run: [Spybot-S&D Cleaning] => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3924256 2017-05-17] (IObit)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
SearchScopes: HKU\S-1-5-21-251929532-3862799365-3943777-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={96C9F7D2-FD05-4335-A086-F681A63B6490}&mid=481aeb678e9747cfa66181ac0fa59744-669890c835fe003ea153188f0fb51fc7e00449c6&lang=en&ds=AVG&coid=avgtbavg&cmpid=0317tb&pr=fr&d=2016-10-22 19:33:45&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> No File
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll [2017-06-15] (AVG)
BHO: No Name -> {AF949550-9094-4807-95EC-D1C317803333} -> No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.510\AVG Web TuneUp.dll [2017-06-15] (AVG)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-08-03] (IObit)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
Toolbar: HKLM - No Name - {724d43a0-0d85-11d4-9908-00400523e39a} - No File
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-gb","hxxps://www.facebook.com/","hxxp://www.ebay.co.uk/","hxxp://www.skybet.com/","hxxp://www.bet365.com/","hxxp://www.google.co.uk/"
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-07-22]
R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-24] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [312712 2017-07-24] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-24] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-08-01] (AVG Technologies CZ, s.r.o.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1768736 2017-07-18] (IObit)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S2 SDScannerService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1354824 2017-06-15] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-06-15] ()
R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-07-24] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [313616 2017-07-24] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-07-24] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-07-24] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-07-24] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-07-24] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [139112 2017-08-09] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\WINDOWS\system32\drivers\avgNetSec.sys [546968 2017-07-24] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102792 2017-07-24] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-07-24] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1008288 2017-08-09] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [578048 2017-07-24] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [191208 2017-07-24] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [353744 2017-07-24] (AVG Technologies CZ, s.r.o.)
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-06] (IObit.com)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-16] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34080 2017-06-18] (IObit.com)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-16] (IObit.com)
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe => No running process found
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe => No running process found
D:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe => No running process found
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe => Could not close process
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe => No running process found
D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => No running process found
C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe => Could not close process
C:\Program Files (x86)\AVG\Antivirus\afwServ.exe => Could not close process
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe => No running process found
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe => No running process found
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe => No running process found
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe => Could not close process
C:\Program Files (x86)\AVG\Antivirus\avgui.exe => Could not close process
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe => No running process found
C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe => No running process found
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe => No running process found
D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => No running process found
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe => No running process found
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe => No running process found
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe => No running process found
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe => No running process found
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AvgUi => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AVGUI.exe => value could not remove.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter => value removed successfully
HKU\S-1-5-21-251929532-3862799365-3943777-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Spybot-S&D Cleaning => value removed successfully
HKU\S-1-5-21-251929532-3862799365-3943777-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 10 => value removed successfully
HKU\S-1-5-21-251929532-3862799365-3943777-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks => value removed successfully
HKU\S-1-5-21-251929532-3862799365-3943777-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key removed successfully
HKLM\Software\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a} => key removed successfully
HKLM\Software\Classes\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333} => key removed successfully
HKLM\Software\Classes\CLSID\{AF949550-9094-4807-95EC-D1C317803333} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => key not found.
HKLM\Software\Wow6432Node\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{724d43a0-0d85-11d4-9908-00400523e39a} => value removed successfully
HKLM\Software\Classes\CLSID\{724d43a0-0d85-11d4-9908-00400523e39a} => key not found.
Chrome StartupUrls => removed successfully
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-07-22] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\AdvancedSystemCareService10 => key removed successfully
AdvancedSystemCareService10 => service removed successfully
AVG Antivirus => Unable to stop service.
HKLM\System\CurrentControlSet\Services\AVG Antivirus => key could not remove, key could be protected
AVG Firewall => Unable to stop service.
HKLM\System\CurrentControlSet\Services\AVG Firewall => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbIDSAgent => key could not remove, key could be protected
avgsvc => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgsvc => key removed successfully
avgsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\IMFservice => key removed successfully
IMFservice => service removed successfully
HKLM\System\CurrentControlSet\Services\IObitUnSvr => key removed successfully
IObitUnSvr => service removed successfully
SDScannerService => Unable to stop service.
HKLM\System\CurrentControlSet\Services\SDScannerService => key removed successfully
SDScannerService => service removed successfully
SDUpdateService => Unable to stop service.
HKLM\System\CurrentControlSet\Services\SDUpdateService => key removed successfully
SDUpdateService => service removed successfully
SDWSCService => Unable to stop service.
HKLM\System\CurrentControlSet\Services\SDWSCService => key removed successfully
SDWSCService => service removed successfully
vToolbarUpdater40.3.8 => service not found.
HKLM\System\CurrentControlSet\Services\WtuSystemSupport => key removed successfully
WtuSystemSupport => service removed successfully
avgbdisk => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgbdisk => key could not remove, key could be protected
avgbidsdriver => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgbidsdriver => key could not remove, key could be protected
avgbidsh => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgbidsh => key could not remove, key could be protected
avgblog => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgblog => key could not remove, key could be protected
avgbuniv => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgbuniv => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgHwid => key could not remove, key could be protected
avgMonFlt => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgMonFlt => key could not remove, key could be protected
avgNetSec => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgNetSec => key could not remove, key could be protected
avgRdr => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgRdr => key could not remove, key could be protected
avgRvrt => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgRvrt => key could not remove, key could be protected
avgSnx => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgSnx => key could not remove, key could be protected
avgSP => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgSP => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgStm => key could not remove, key could be protected
avgVmm => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgVmm => key could not remove, key could be protected
IMFCameraProtect => Unable to stop service.
HKLM\System\CurrentControlSet\Services\IMFCameraProtect => key removed successfully
IMFCameraProtect => service removed successfully
IMFDownProtect => Unable to stop service.
HKLM\System\CurrentControlSet\Services\IMFDownProtect => key removed successfully
IMFDownProtect => service removed successfully
IMFFilter => Unable to stop service.
HKLM\System\CurrentControlSet\Services\IMFFilter => key removed successfully
IMFFilter => service removed successfully
IMFForceDelete => Unable to stop service.
HKLM\System\CurrentControlSet\Services\IMFForceDelete => key removed successfully
IMFForceDelete => service removed successfully
RegFilter => Unable to stop service.
HKLM\System\CurrentControlSet\Services\RegFilter => key removed successfully
RegFilter => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state Off =========

Ok.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-251929532-3862799365-3943777-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-251929532-3862799365-3943777-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-251929532-3862799365-3943777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-251929532-3862799365-3943777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on FalcoVPN while it has its media disconnected.

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2a02:c7f:4c01:4600:9e8:8651:ec19:27b3
IPv6 Address. . . . . . . . . . . : fd03:fe47:3575:0:9e8:8651:ec19:27b3
Temporary IPv6 Address. . . . . . : 2a02:c7f:4c01:4600:6:e1fb:ac49:e2c1
Temporary IPv6 Address. . . . . . : fd03:fe47:3575:0:6:e1fb:ac49:e2c1
Link-local IPv6 Address . . . . . : fe80::9e8:8651:ec19:27b3%5
Default Gateway . . . . . . . . . : fe80::9221:6ff:feba:c28c%5

Ethernet adapter FalcoVPN:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:208f:89e:fabe:780a
Link-local IPv6 Address . . . . . : fe80::208f:89e:fabe:780a%3
Default Gateway . . . . . . . . . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on FalcoVPN while it has its media disconnected.

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : Home
IPv6 Address. . . . . . . . . . . : 2a02:c7f:4c01:4600:9e8:8651:ec19:27b3
IPv6 Address. . . . . . . . . . . : fd03:fe47:3575:0:9e8:8651:ec19:27b3
Temporary IPv6 Address. . . . . . : 2a02:c7f:4c01:4600:6:e1fb:ac49:e2c1
Temporary IPv6 Address. . . . . . : fd03:fe47:3575:0:6:e1fb:ac49:e2c1
Link-local IPv6 Address . . . . . : fe80::9e8:8651:ec19:27b3%5
IPv4 Address. . . . . . . . . . . : 192.168.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::9221:6ff:feba:c28c%5
192.168.0.1

Ethernet adapter FalcoVPN:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:208f:89e:fabe:780a
Link-local IPv6 Address . . . . . : fe80::208f:89e:fabe:780a%3
Default Gateway . . . . . . . . . :

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 279127504 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 656320 B
Edge => 28689 B
Chrome => 265709213 B
Firefox => 5287030 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 29401268 B
NetworkService => 4358 B
defaultuser0 => 0 B
scct => 3627418157 B

RecycleBin => 35118721 B
EmptyTemp: => 4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-08-2017 18:04:13)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\AVG Antivirus => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\AVG Firewall => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbIDSAgent => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbdisk => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbidsdriver => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbidsh => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgblog => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbuniv => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgHwid => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgMonFlt => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgNetSec => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgRdr => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgRvrt => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgSnx => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgSP => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgStm => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgVmm => key could not remove, key could be protected
==== End of Fixlog 18:04:14 ====

zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by scct on 15/08/2017 at 18:15:22.63.
Microsoft Windows 10 Pro 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\scct\Desktop\zoek.exe [Scan all users] [Deep Scan]

==== System Restore Info ======================

15/08/2017 18:22:04 Zoek.exe System Restore Point Created Successfully.

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\scct\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8110 MB
CPU Info: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
CPU Speed: 3342.7 MHz
Sound Card: Speakers (Realtek High Definiti |
T27D390S-0 (NVIDIA High Definit |
Realtek Digital Output (Realtek |
Realtek Digital Output(Optical) |
Display Adapters: NVIDIA GeForce GT 240 | NVIDIA GeForce GT 240 | Intel(R) HD Graphics | Intel(R) HD Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller | TAP-Windows Adapter V9
CD / DVD Drives: No optical drives found.
Ports: COM1 LPT1
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 148.6GB | D: 1863.0GB
Hard Disks - Free: C: 34.0GB | D: 1652.5GB
Manufacturer *: Award Software International, Inc.
BIOS Info: AT/AT COMPATIBLE | 06/16/11 | GBT - 42302e31
Time Zone: GMT Standard Time
Motherboard *: Gigabyte Technology Co., Ltd. Z68AP-D3
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Internet Explorer Version: 11.540.15063.0
Mozilla Firefox version: 54.0.1 (x86 en-US)
Google Chrome version: 60.0.3112.90
Adobe Reader version: 17.12.20095.239572

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\scct\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2017-08-09 17:55:16 CA7D35A5DC99E8C89F116898C5E3DDAC 835576 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-09 17:55:16 3830C6ADB3DFB496058D803E60EF481F 177648 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 12:56:44 D8CBBE2F2FEC241AFA18A486695D8298 750496 ----a-w- C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 12:56:44 9991A1DE77FB2C743ACE39C90615E2B5 1627136 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 12:56:43 DEB099B0F9996D4257A8E89578E91B8C 364032 ----a-w- C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 12:56:43 36995E102EFE21928D6B815A42F67BD5 2199552 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 12:56:43 30AEF07FAC1BF9486258B560F752781B 2671616 ----a-w- C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 12:56:43 0C832C64ADBA9F7602A4D96DB23D6D64 2165752 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 12:56:42 69E704A5C850BB0E9941C18DA7F2E91C 13841408 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 12:56:42 01A428E4903562A40060B27AECBC9AD5 2956288 ----a-w- C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 12:56:41 94D10B11B61DB26940B4FB1B3ECFCE84 310272 ----a-w- C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 12:56:41 3ECB53FB8F75E1FE0A5AC156068BD7B0 5961728 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 12:56:40 E1A2A1C53E354D9016E68B16B86AE570 343552 ----a-w- C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 12:56:40 D03CBC7A13DB67F83EAD4BB2B1B2C9D2 616448 ----a-w- C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 12:56:40 C508CD60FB68D39482966EDEFBD7CB43 290816 ----a-w- C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 12:56:40 C180A1B83D27A34209AC751D1F53F996 349600 ----a-w- C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 12:56:40 94A4BD919D8D6FEAE8DAC69A1FBE7094 518144 ----a-w- C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 12:56:40 742507EF151DA85BCD219E282C0B535D 798208 ----a-w- C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 12:56:40 6D22C21DB4CB1AB451C6583289B4DA10 339968 ----a-w- C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 12:56:40 5ADEF0B67913448A7850836010F48ED9 1311744 ----a-w- C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 12:56:40 36817535EE805FDCDC6CA5A32F1C1247 272896 ----a-w- C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 12:56:39 E98568DF2CF0222A1FCE4DABE85EF08D 229888 ----a-w- C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 12:56:39 B41B0D59894807CAC2DBF5D31299598F 176024 ----a-w- C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 12:56:39 56841DECA5C99F6D407E291DF251C4F5 394240 ----a-w- C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 12:56:39 48B8FD7C090A8B8EC47BF7A9AF8B954B 475648 ----a-w- C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 12:56:39 457319220133DC44052A5EC2E8E94659 406544 ----a-w- C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 12:56:39 2F58C0DD4BCFE7CD9752EEDE8B08C261 240640 ----a-w- C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 12:56:39 01AEB7B9C67E38E14088D108F024631C 375808 ----a-w- C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 12:56:38 FFEAED0E3BD67DA3559231F762B6E201 866816 ----a-w- C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 12:56:38 CE1226EA1F5AD462C978A5CB0219B8D9 641536 ----a-w- C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 12:56:38 CB176F34AFAF06DDCE88149884E44BAF 267264 ----a-w- C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 12:56:38 A8F12BA3BB36BE5CE223E3DD5EEA861D 610584 ----a-w- C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 12:56:38 9CDAF20919F4EBB816017912D29A35A6 168864 ----a-w- C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 12:56:38 9CA290852F87FF23968AF96C629DB750 359552 ----a-w- C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 12:56:38 67F882BFA84263D1F8033FA8D128B83D 133904 ----a-w- C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 12:56:38 66CFEF9459FE5771D640BDADE2840192 83968 ----a-w- C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 12:56:38 4CF82C2806DADFE477EB7AF2366A3F37 404480 ----a-w- C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 12:56:38 3797C091CF381302F2D0768BE00B3F13 144896 ----a-w- C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 12:56:38 1C2541D0871F6632D99AEE5DFBE55C3E 280472 ----a-w- C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 12:56:37 A2A9BBF716E6351A94AB8D20E42093B5 154624 ----a-w- C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 12:56:37 9FA9B3F04E1331CDA6002DAE67B40F84 34816 ----a-w- C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 12:56:37 7BA877247D9608CA2E8411AC94867E5A 35840 ----a-w- C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 12:56:37 39DA22F4F861B1B89BD6F3EA70191A0D 127488 ----a-w- C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 12:56:35 8DE044E4E4A121AE1695AAE162DE7F94 358400 ----a-w- C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 12:56:34 9357A9C86584F2A35D17DBCC0F442476 20504064 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 12:56:33 5ACAB1C1A51711C9E8683C836012DCCD 3656192 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 12:56:32 564EBC6B69CD50A3FD42692942991347 19336192 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 12:56:30 DAB8C4608EA7807A3519A5AB2F7137E7 6269440 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 12:56:25 BFAC1DEB03049F5239CB3BBD7975EAD1 11870208 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 12:56:25 985574F3ED370D4290D3B195AD232FDC 80896 ----a-w- C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-04 22:23:21 55236CB7CED3DD7E8E9B0813BA4643E3 106 ----a-w- C:\WINDOWS\SysWOW64\SoftwareCache.ini
2017-08-03 14:52:03 65B966A5E42A12ACF5D42A95FC06E916 18432 ----a-w- C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-03 14:52:02 AD1A42F817A0511C5482699A4C232955 636416 ----a-w- C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-03 14:52:01 AE71668988988D9234F3D48CAEC4657A 357888 ----a-w- C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-03 14:52:01 77EC7AD78E7DC7447FF25EBFE73535A0 5820984 ----a-w- C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-03 14:52:01 77D4FCFC81BD8819A1A78C904E3106E2 337920 ----a-w- C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-03 14:52:01 6FA80C9122ED8C650AE89B1C8200455E 5721600 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-03 14:52:01 63C601774B382A24E3F61E32EEF9AF1E 96648 ----a-w- C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-03 14:52:01 63699A87A289FC37648D892474623185 760832 ----a-w- C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-03 14:52:01 0BF7E282762CBB33ED1DDC3BE763A612 368128 ----a-w- C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-03 14:52:00 CA015EF776D4335424237E01B2456541 3667456 ----a-w- C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-03 14:52:00 C53734D5BA8C7734CCC096C66502DA5A 147456 ----a-w- C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-03 14:52:00 C41F49C0125723E445B96F7137D252FB 5225984 ----a-w- C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-03 14:52:00 73781FA79A1A5B663AC494C0C3310439 551200 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-03 14:52:00 415F6A5FF3DFAE0C4CC5041CB62B853C 29184 ----a-w- C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-03 14:52:00 2F9F59E7BDB27CC2F27B393BE3EA0964 1019904 ----a-w- C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-03 14:51:59 7851B01302467AD20CEEE413FDAD26AA 1248768 ----a-w- C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-03 14:51:59 64D982E8C887B93DA765617213BBB01B 446464 ----a-w- C:\WINDOWS\SysWOW64\rastls.dll
2017-08-03 14:51:58 F648045536A6225C8BBC7B9B5C677C38 100232 ----a-w- C:\WINDOWS\SysWOW64\bcd.dll
2017-08-03 14:51:58 D892D1992D856C948F9233A5F3FF15F2 932352 ----a-w- C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-03 14:51:58 771F2769B78FABC1926DC4BA1CA01F63 5808640 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-03 14:51:58 6BEC475E6873EE37A0387F3EA988E819 866808 ----a-w- C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-03 14:51:58 2F97579914B2F10237298EBDAA34D6FA 135680 ----a-w- C:\WINDOWS\SysWOW64\qasf.dll
2017-08-03 14:51:58 0E3668003E4B007D56194BF1F994CBDD 1291776 ----a-w- C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-03 14:51:57 F90CA51B1C728A32915E5F7CB4D8A2F1 2424024 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-03 14:51:57 790B736891D7371C58D30314DE784E60 4056064 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-03 14:51:47 9E4B3216469999B7BF3D486808A6540C 564224 ----a-w- C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-03 14:51:47 9056D6C19E51525E845C12AE6727B6EB 1536512 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-03 14:51:47 756A6AE1B2105D3A18A15F3B1BC4C026 6728192 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2017-08-03 14:51:47 69ACE8C3672F23DAC13A0B64CA80672B 20373408 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2017-08-03 14:51:46 7A92B3B26FEE0080E67A910036C2B77C 331264 ----a-w- C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-03 14:51:46 60A673A0630302521792569624C26A60 952832 ----a-w- C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-03 14:51:46 2EE21FE0A91678417FDEEF0AB02A68A3 4417024 ----a-w- C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-03 14:51:46 0BEA9CF1451055F0663340D065C4B290 277432 ----a-w- C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-03 14:51:23 BCF88C38F7D229FCCCDFA18A5407508A 967584 ----a-w- C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-03 14:51:23 974DD6D59B4EE5C8E8E9566EACBE79AA 584192 ----a-w- C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-03 14:51:23 83BED579070817EF53D2A7E46DD43DF0 3464704 ----a-w- C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-03 14:51:23 7F99C0CFFA7D3413AA520A67DAE2AF81 988168 ----a-w- C:\WINDOWS\SysWOW64\ole32.dll
2017-08-03 14:51:23 472D0B4BB0F597F17D8B31A1EE79E2E4 877056 ----a-w- C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-03 14:51:23 421D47A4850CE29BA1DD897CEBBB83DE 77312 ----a-w- C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-03 14:51:23 180F42C2932226D695E1627A8590C061 853504 ----a-w- C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-03 14:51:06 973F3418ECCD629FA36C01C898EBD1D9 864248 ----a-w- C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-03 14:51:06 808EF0D01CDF458596C4130FB8B98B67 1195760 ----a-w- C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-03 14:51:06 1DF1937F1772FF11D400471D32E64B58 173104 ----a-w- C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-03 14:51:05 FB7A9C2BA6C348EDC8F5C2751EF321EA 583160 ----a-w- C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-03 14:51:05 FA5BEA100F6275FF461127B1CC69CC9A 665600 ----a-w- C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-03 14:51:05 F8ACB18106132A1187442BE813D037E3 470016 ----a-w- C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-03 14:51:05 EC1EF8C30D9B26E4007F9F9423AEF2DB 2259768 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-03 14:51:05 C8CF2149AB9932343341CDCF8C16728D 117760 ----a-w- C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-03 14:51:05 B0D0EFC87829526BEC82AEF638DB1E89 892928 ----a-w- C:\WINDOWS\SysWOW64\autochk.exe
2017-08-03 14:51:05 AF8E607D1F18021EF08468AFC5BC7B83 538112 ----a-w- C:\WINDOWS\SysWOW64\untfs.dll
2017-08-03 14:51:05 AA7B107A047ED27D1A9EC0E68A0844A0 805816 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-03 14:51:05 A9E5F721E4A91E3221E2DC133B3B36F2 787456 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-03 14:51:05 8D6315F408EEAE171C210F72298334F6 519680 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-03 14:51:05 72A9C809C91A2A5BD27D945832934CB3 2211840 ----a-w- C:\WINDOWS\SysWOW64\InputService.dll
2017-08-03 14:51:05 62AD1CFCB428C62CDD00D2B5F57A4862 6761568 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-03 14:51:05 4D834DA7CF6DF9B76562DB7C5FCDB406 4213656 ----a-w- C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-03 14:51:05 481A6C401A4BF2DEB15207AC248A4318 139776 ----a-w- C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-03 14:51:05 432E035262C770EB6137864F820DE0C5 79872 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-03 14:51:05 3D987EF5C4590502F6C5F562330EDB11 90464 ----a-w- C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-03 14:51:05 32AB22E940A7E0FECF86A321B78E8786 587776 ----a-w- C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-03 14:51:05 2EBAAB8D3153AD7B5CEEB5AB18D02E84 4559360 ----a-w- C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-03 14:51:05 17B964BF3A5CAE5F9D306A8BEF39E0ED 1839872 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2017-08-10 17:03:40 CF8737B7CFB2FE5C557DC7893BAC888F 49992 ----a-w- C:\WINDOWS\Sysnative\DbxSvc.exe
2017-08-09 14:56:48 27B73DAB32F51461861CF7398E3A282C 27424 ----a-w- C:\WINDOWS\Sysnative\RegistryDefragBootTime.exe
2017-08-09 12:56:44 E7D0DB66467A547DAAA8C2864A740E70 3377664 ----a-w- C:\WINDOWS\Sysnative\tquery.dll
2017-08-09 12:56:36 7AA8614A390EE2FB79BDD11154CF1A61 2516480 ----a-w- C:\WINDOWS\Sysnative\diagtrack.dll
2017-08-09 12:56:36 59138156177F96091B84AABD5994B00D 820128 ----a-w- C:\WINDOWS\Sysnative\WWAHost.exe
2017-08-09 12:56:34 E4CF9332E2CE27ED72473DD407B79640 805888 ----a-w- C:\WINDOWS\Sysnative\ieproxy.dll
2017-08-09 12:56:32 A868AAEF07F9D8094775AC672BF7E02C 110592 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll
2017-08-09 12:56:30 FB162E0E9669892BA8C782CC6FC08482 4730368 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2017-08-09 12:56:30 3484058DAFAF59F48CA12F84B0A86091 692736 ----a-w- C:\WINDOWS\Sysnative\jscript9diag.dll
2017-08-09 12:56:29 0EDE6EA1570E8BDA287C789941315BAC 23677952 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2017-08-09 12:56:28 7CC6BC8C0D6207BE650B6FCE5B6847BF 8209920 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll
2017-08-09 12:56:27 E9019EBFDA28ADA93FF9172247A3F167 23681536 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2017-08-09 12:56:24 BF0A8CE27BB67B16FBDCC0B3EEBB3B69 8319392 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2017-08-09 12:56:24 27508A4E51384677C3FC7D18C1D8EB8D 212384 ----a-w- C:\WINDOWS\Sysnative\browserbroker.dll
2017-08-09 12:56:24 1FF1EF58EC9344F2102EEBBF8755F547 12786176 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2017-08-09 12:56:23 A3CA886E5D3EA5877BBFA22A44E189D7 182688 ----a-w- C:\WINDOWS\Sysnative\wermgr.exe
2017-08-09 12:56:23 8FCAAB05ECBBFFC800A941C6EC0A704A 315288 ----a-w- C:\WINDOWS\Sysnative\WerFault.exe
2017-08-09 12:56:23 8F7E0BA60047C8BD8CA050AE52473F56 723680 ----a-w- C:\WINDOWS\Sysnative\wer.dll
2017-08-09 12:56:23 8DF4E4631338E8EE7CCDF7D6DC55D3A8 176640 ----a-w- C:\WINDOWS\Sysnative\wersvc.dll
2017-08-09 12:56:23 1EBA29D8D802926CDFBD46B30BAC46F5 143736 ----a-w- C:\WINDOWS\Sysnative\WerFaultSecure.exe
2017-08-09 12:56:23 15C632F8F212C22C415A52AC56EEBC68 410160 ----a-w- C:\WINDOWS\Sysnative\Faultrep.dll
2017-08-09 12:56:22 5379471B971D29EFCECBA87200C9FBFC 1052160 ----a-w- C:\WINDOWS\Sysnative\TokenBroker.dll
2017-08-09 12:56:22 46D90B7476CDB119C548D970EF271D34 1396736 ----a-w- C:\WINDOWS\Sysnative\wwansvc.dll
2017-08-09 12:56:22 09DDA13DB14DF255847A6972DCDC8055 433664 ----a-w- C:\WINDOWS\Sysnative\msIso.dll
2017-08-09 12:56:21 E019A83421C1F53AD41070B31D3E6903 2055168 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2017-08-09 12:56:21 5C79CC35D51C157D0720B0BC7733232F 4445696 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll
2017-08-09 12:56:20 310F02509E78BE780F666FB6D37A93F1 1802752 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll
2017-08-09 12:56:20 0ABFB7485BC96FA5BA325800466A8B22 3670016 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2017-08-09 12:56:19 8014E23CD797B1CAEA701C0BD139B06E 7336960 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll
2017-08-09 12:56:19 62218B23629C50C4C6830043B2E434DD 2199552 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.Resources.dll
2017-08-09 12:56:18 9EF885F71433B79F8F9B4744099D8D06 5477088 ----a-w- C:\WINDOWS\Sysnative\OneCoreUAPCommonProxyStub.dll
2017-08-09 12:56:17 4AD5E9DCAF8FD9B43142172991D85FD6 17366528 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2017-08-09 12:56:16 3EBE091B3709DAAC4BD4D916E0BC6CFC 2645680 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll
2017-08-09 12:56:15 0A48620F5AD7BDC8195986C515CFE35E 473240 ----a-w- C:\WINDOWS\Sysnative\policymanager.dll
2017-08-09 12:56:14 EBAB0E77E55B7EA478B40D2A98AD6F35 204192 ----a-w- C:\WINDOWS\Sysnative\basecsp.dll
2017-08-09 12:56:14 D2172FEF788CB9CF28900783471EB8D5 411040 ----a-w- C:\WINDOWS\Sysnative\msv1_0.dll
2017-08-09 12:56:14 64D870580FCC1C0287DFAE4600421EE4 1269760 ----a-w- C:\WINDOWS\Sysnative\enterprisecsps.dll
2017-08-09 12:56:14 4E50B7D94C7292F84FB0DF23116994FD 255488 ----a-w- C:\WINDOWS\Sysnative\scksp.dll
2017-08-09 12:56:13 F3A8401610E1B3AADAD61A09D4589BB3 315904 ----a-w- C:\WINDOWS\Sysnative\ncryptprov.dll
2017-08-09 12:56:13 A03F7672702AD09395B92EEA6E39C53B 1275392 ----a-w- C:\WINDOWS\Sysnative\werconcpl.dll
2017-08-09 12:56:13 91F12EB2AB434357D9D7271F726EA349 462848 ----a-w- C:\WINDOWS\Sysnative\werui.dll
2017-08-09 12:56:13 0ABC86D12FC2C2050AFAE2A4B4E5DA3E 130560 ----a-w- C:\WINDOWS\Sysnative\policymanagerprecheck.dll
2017-08-09 12:56:12 ECFFCC67C47A86CA32D0953428699210 303104 ----a-w- C:\WINDOWS\Sysnative\srvsvc.dll
2017-08-09 12:56:12 93850DEAB66E81697E2CF2E8F6011E9C 153088 ----a-w- C:\WINDOWS\Sysnative\fdeploy.dll
2017-08-09 12:56:12 854611E286322F91F5D06E0735EF167F 290816 ----a-w- C:\WINDOWS\Sysnative\dmenterprisediagnostics.dll
2017-08-09 12:56:12 6DF6A4212D53228D8336840A2E848783 143872 ----a-w- C:\WINDOWS\Sysnative\profsvcext.dll
2017-08-09 12:56:12 0941A50663B7F3BAB62687AC0E03A31B 92672 ----a-w- C:\WINDOWS\Sysnative\wercplsupport.dll
2017-08-09 12:56:12 05D8AB4B49930F05F0CAB3C0F5D70324 46592 ----a-w- C:\WINDOWS\Sysnative\sscore.dll
2017-08-09 12:56:11 F9DFC03138D04BCD4E890F1B01340235 323584 ----a-w- C:\WINDOWS\Sysnative\DeviceEnroller.exe
2017-08-09 12:56:11 CB84A00CA6F3F5477529BD3569485113 249344 ----a-w- C:\WINDOWS\Sysnative\coredpus.dll
2017-08-09 12:56:11 BFD0EB7A4249080922DBFDF7B3C0D81D 77824 ----a-w- C:\WINDOWS\Sysnative\wsqmcons.exe
2017-08-09 12:56:11 AF5AC697A5AC4A88C6FF3B6897E1C4FE 140800 ----a-w- C:\WINDOWS\Sysnative\dmcsps.dll
2017-08-09 12:56:11 79CEB0BE5F5AF184E2955B1E6F66D7CE 184320 ----a-w- C:\WINDOWS\Sysnative\DWWIN.EXE
2017-08-09 12:56:11 793AA174EA2396FF07302B40A29BFC4D 574464 ----a-w- C:\WINDOWS\Sysnative\configmanager2.dll
2017-08-09 12:56:11 60D3BD3C785C86865CEC04C806E02D3E 482816 ----a-w- C:\WINDOWS\Sysnative\dmenrollengine.dll
2017-08-09 12:56:11 44934F415C77845D9A0DDF5B060D3D94 42496 ----a-w- C:\WINDOWS\Sysnative\tokenbinding.dll
2017-08-09 12:56:11 22831BE90B369CF41B61277843E454DC 194048 ----a-w- C:\WINDOWS\Sysnative\mdmregistration.dll
2017-08-09 12:56:11 15684D78C67B63475EABAB5A6ECF32A8 582656 ----a-w- C:\WINDOWS\Sysnative\SmsRouterSvc.dll
2017-08-03 14:52:02 9EDB8897772826AEE113A50A30B4C08B 387928 ----a-w- C:\WINDOWS\Sysnative\wmpps.dll
2017-08-03 14:51:58 49A58C1A669C961A6165FF9B7834FF55 1033544 ----a-w- C:\WINDOWS\Sysnative\DolbyDecMFT.dll
2017-08-03 14:51:57 CCD85C1B908FC75FC72E88F3BC9C0553 2604248 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll
2017-08-03 14:51:57 52F1D7346C7C2C2022459307DD67BB8E 4535296 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll
2017-08-03 14:51:57 1AEF812535BD55EADC0B7B19EC34E581 6557520 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll
2017-08-03 14:51:48 5D9A8A2BB555B743334A096C5B1774E2 1833984 ----a-w- C:\WINDOWS\Sysnative\workfolderssvc.dll
2017-08-03 14:51:23 9D4D2F25DCAB3F497B9C6366689BA2A3 584192 ----a-w- C:\WINDOWS\Sysnative\UIRibbonRes.dll
2017-08-03 14:51:23 78604FDB9A13EE8D3556631BD6A8475A 142848 ----a-w- C:\WINDOWS\Sysnative\dwmredir.dll
2017-08-03 14:51:23 684E37E1D4CE07F2A52EA66F4B6F7BEB 1068720 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll
2017-08-03 14:51:22 8EC3BDEDFFB63A6781AD84E195024355 1722880 ----a-w- C:\WINDOWS\Sysnative\dui70.dll
2017-08-03 14:51:22 1F81F31F0982F67E26FA09B307EA2A44 500224 ----a-w- C:\WINDOWS\Sysnative\Windows.Shell.BlueLightReduction.dll
2017-08-03 14:51:22 1E9AF434808C569E93AAA98D242ED602 3995136 ----a-w- C:\WINDOWS\Sysnative\UIRibbon.dll
2017-08-03 14:51:21 FA9A0C4512AAD83979C4993188576724 491520 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_Display.dll
2017-08-03 14:51:21 7942EAD670B82F393264716B45393B31 365056 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_Notifications.dll
2017-08-03 14:51:21 490F6144273A85A3CFF3D416850E0611 612864 ----a-w- C:\WINDOWS\Sysnative\shsvcs.dll
2017-08-03 14:51:20 E3A1479DD292A37D467A61BA21D20E42 21353208 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2017-08-03 14:51:20 D65A6CAF42634451EAEB631F50B53BB2 323936 ----a-w- C:\WINDOWS\Sysnative\shlwapi.dll
2017-08-03 14:51:20 08347F4A3C7A605378EC3B832551B604 1046016 ----a-w- C:\WINDOWS\Sysnative\comdlg32.dll
2017-08-03 14:51:19 E3740C9E6D48CF87FB489F34BCA004D1 7931392 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2017-08-03 14:51:19 B4CF6879D52DC880A4C9C3F154292104 4707840 ----a-w- C:\WINDOWS\Sysnative\ExplorerFrame.dll
2017-08-03 14:51:19 83DBB2F99617E06A8A819937FA0FEDAE 687616 ----a-w- C:\WINDOWS\Sysnative\LogonController.dll
2017-08-03 14:51:19 19E78AD13326CE8AA6237537AD398266 1706496 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Immersive.dll
2017-08-03 14:51:18 E745DEA8AAA633610C3104C6F49B9A43 566784 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.UX.EapRequestHandler.dll
2017-08-03 14:51:18 E3C51EB50D64C39658E0435109319ACB 102912 ----a-w- C:\WINDOWS\Sysnative\officecsp.dll
2017-08-03 14:51:18 C7FB5046DAAC080BF642510E072B6392 22528 ----a-w- C:\WINDOWS\Sysnative\IpNatHlpClient.dll
2017-08-03 14:51:18 BC3B8CB17FE7B03CC28EE5841A4F13D4 90112 ----a-w- C:\WINDOWS\Sysnative\ofdeploy.exe
2017-08-03 14:51:18 B8C51295F8AE07D84912335ACA1BE3EB 259072 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_Flights.dll
2017-08-03 14:51:18 B8607D31E25E0A80AD5CD98515A37991 809984 ----a-w- C:\WINDOWS\Sysnative\rasapi32.dll
2017-08-03 14:51:18 B3EEA71D8F92724E0AD496D1A85BBD42 44032 ----a-w- C:\WINDOWS\Sysnative\cmintegrator.dll
2017-08-03 14:51:18 B2D5F55A522C6C586B138D8ADA84E68A 119904 ----a-w- C:\WINDOWS\Sysnative\dmcmnutils.dll
2017-08-03 14:51:18 97106D80FD861D5762D5B93D1058D053 972288 ----a-w- C:\WINDOWS\Sysnative\MPSSVC.dll
2017-08-03 14:51:18 961599D817655AB85646C7D56684D2B0 64512 ----a-w- C:\WINDOWS\Sysnative\winsrv.dll
2017-08-03 14:51:18 8BCFD0A4900E197DFA8679A13128EC79 536064 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Management.dll
2017-08-03 14:51:18 77A3A2A4C9DB2B71C8ECE11304BF5163 497152 ----a-w- C:\WINDOWS\Sysnative\rastls.dll
2017-08-03 14:51:18 4E9F6F63790B597292F6D9B6C4C79C54 925696 ----a-w- C:\WINDOWS\Sysnative\WpcWebFilter.dll
2017-08-03 14:51:18 2E15586B76465941D1DEE75625B9484E 699904 ----a-w- C:\WINDOWS\Sysnative\FlightSettings.dll
2017-08-03 14:51:18 269B8888A6B07B7C2FD0328BD434E7BD 961952 ----a-w- C:\WINDOWS\Sysnative\efscore.dll
2017-08-03 14:51:18 24A624FC6DED20C3B7980BD71D6540D7 1298432 ----a-w- C:\WINDOWS\Sysnative\lpasvc.dll
2017-08-03 14:51:17 EDA172DCEA90CE7476049B685106CEED 455584 ----a-w- C:\WINDOWS\Sysnative\hal.dll
2017-08-03 14:51:17 E9F76D65192565EE4183606268BC6AAE 116280 ----a-w- C:\WINDOWS\Sysnative\bcd.dll
2017-08-03 14:51:17 E2E6516375AA863DC3131F73EC02EE0B 770048 ----a-w- C:\WINDOWS\Sysnative\PCPKsp.dll
2017-08-03 14:51:17 E161F32A15197C6613A4A41C467BAC8E 1886208 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.onecore.dll
2017-08-03 14:51:17 C81F9707DEA008EED4071B5A39B7C76E 527976 ----a-w- C:\WINDOWS\Sysnative\services.exe
2017-08-03 14:51:17 C1B7E03AB82EFE554484C831C8B4D280 370688 ----a-w- C:\WINDOWS\Sysnative\rastlsext.dll
2017-08-03 14:51:17 BD2775BCFB7735266CD90392E934B5C3 971264 ----a-w- C:\WINDOWS\Sysnative\autochk.exe
2017-08-03 14:51:17 B30BD6034A1A93A9CA93293A873042D4 150528 ----a-w- C:\WINDOWS\Sysnative\qasf.dll
2017-08-03 14:51:17 B2ED8942523BBC1BD1AA1C0C585F9635 197120 ----a-w- C:\WINDOWS\Sysnative\bcdboot.exe
2017-08-03 14:51:17 A61222D41CE44B0C3592CEB57AB20B71 2805248 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2017-08-03 14:51:17 96FB8F74B6F5A653EE050B1C4FA6E827 1305088 ----a-w- C:\WINDOWS\Sysnative\dosvc.dll
2017-08-03 14:51:17 61D8B8594601BDB5FD8B4E98C630ADC2 229376 ----a-w- C:\WINDOWS\Sysnative\SIHClient.exe
2017-08-03 14:51:17 5BA2D313DCA0D408D81DE0A8E73112D6 420864 ----a-w- C:\WINDOWS\Sysnative\facecredentialprovider.dll
2017-08-03 14:51:17 55B2051DC6ABB3B1C7FA9EA1C4952815 1260544 ----a-w- C:\WINDOWS\Sysnative\GamePanel.exe
2017-08-03 14:51:17 48F2A87C3D82118DE69CE86BC0BCC618 43520 ----a-w- C:\WINDOWS\Sysnative\TpmTasks.dll
2017-08-03 14:51:17 472DF4D02690B74CFFF24C6E2E0DF63B 1468416 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.desktop.dll
2017-08-03 14:51:17 2A47E31DF8273509527D353C3D9B564D 406528 ----a-w- C:\WINDOWS\Sysnative\wuuhext.dll
2017-08-03 14:51:17 263E2E41BF4D87545F0ED4CE9A1FD543 579072 ----a-w- C:\WINDOWS\Sysnative\untfs.dll
2017-08-03 14:51:17 0C01994BB54CCD13BAE1D41BD1D44F0C 450048 ----a-w- C:\WINDOWS\Sysnative\bcdedit.exe
2017-08-03 14:51:10 FFED99DB5805637345A0FCF68BB0F99F 778240 ----a-w- C:\WINDOWS\Sysnative\MBR2GPT.EXE
2017-08-03 14:51:10 F807A0BD441A24360EE36399E6C9784C 1525760 ----a-w- C:\WINDOWS\Sysnative\RecoveryDrive.exe
2017-08-03 14:51:10 E819CC5C0206FF1077914E6A9BD54ABA 926208 ----a-w- C:\WINDOWS\Sysnative\autofmt.exe
2017-08-03 14:51:10 D13F9E0573B15062AF11B64B97B6741B 78848 ----a-w- C:\WINDOWS\Sysnative\setbcdlocale.dll
2017-08-03 14:51:10 BCB4DD208574F7FEF70937CF2D3151FE 2399728 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll
2017-08-03 14:51:10 9B7A6AD43CAA322C4E04B4E52FD7CDAD 923048 ----a-w- C:\WINDOWS\Sysnative\CoreMessaging.dll
2017-08-03 14:51:10 796A41C2FA568CEE0FA7994044822FFD 593408 ----a-w- C:\WINDOWS\Sysnative\BootMenuUX.dll
2017-08-03 14:51:10 6BFE682811A9C9F48B5E2ECC586DCDEF 1114528 ----a-w- C:\WINDOWS\Sysnative\ReAgent.dll
2017-08-03 14:51:10 65E9D3F43C41C5F530956F74A67BB8F1 1087488 ----a-w- C:\WINDOWS\Sysnative\reseteng.dll
2017-08-03 14:51:10 5DEE7F9B7FF84C1EFCB7C83F0B6D3E9B 1325968 ----a-w- C:\WINDOWS\Sysnative\ole32.dll
2017-08-03 14:51:10 53F27049DE74A3C997FF4FB257B61F99 94720 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll
2017-08-03 14:51:10 38C29E4B57267C0560D175E3399C1E08 93696 ----a-w- C:\WINDOWS\Sysnative\spbcd.dll
2017-08-03 14:51:10 1A7758663CF58FF765F6A04B61E11E47 954368 ----a-w- C:\WINDOWS\Sysnative\autoconv.exe
2017-08-03 14:51:09 E1E58C86AE73A95329696C675D8C03E6 2444288 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2017-08-03 14:51:09 CA91B0EE0D3C07CB0FA6F5B527178D67 7907344 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Protection.PlayReady.dll
2017-08-03 14:51:09 C8A24813154C450C062C4BDFDEA42142 986112 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll
2017-08-03 14:51:09 C2B3EBD7FCBBA5F4287042A5E4B46E0F 104432 ----a-w- C:\WINDOWS\Sysnative\msacm32.dll
2017-08-03 14:51:09 C112B50179256C4A4D18F6CACE147D60 165888 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll
2017-08-03 14:51:09 B0C039D9BE36FCF834D7DDE599F46E2C 1337856 ----a-w- C:\WINDOWS\Sysnative\AudioEng.dll
2017-08-03 14:51:09 A7954A741C3CF780D54C273897BCDF73 231936 ----a-w- C:\WINDOWS\Sysnative\DolbyMATEnc.dll
2017-08-03 14:51:09 A1E27D3A6BAA09B71C27B4DEAD579AA8 192264 ----a-w- C:\WINDOWS\Sysnative\mfsensorgroup.dll
2017-08-03 14:51:09 7A65DDF46AA15974B8E036C6DB219826 209408 ----a-w- C:\WINDOWS\Sysnative\psmsrv.dll
2017-08-03 14:51:09 67ADB26CC1B504E9566B9106277DE92B 1357312 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll
2017-08-03 14:51:09 5D623A25E7BAEC73FD2FE8D6C372FD73 184832 ----a-w- C:\WINDOWS\Sysnative\VCardParser.dll
2017-08-03 14:51:09 58811D00A582A89B7839B4B2CE7302BE 600576 ----a-w- C:\WINDOWS\Sysnative\FrameServer.dll
2017-08-03 14:51:09 3649B212335E7799AAB7AD588741E9C8 1054280 ----a-w- C:\WINDOWS\Sysnative\AudioSes.dll
2017-08-03 14:51:09 329F315D04B64BC185A59FE17A2AD6CE 625152 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll
2017-08-03 14:51:09 2A5513FD46099FFC9A66C4DA9F44C31E 105472 ----a-w- C:\WINDOWS\Sysnative\RjvMDMConfig.dll
2017-08-03 14:51:09 209A8EF8E2D60575DD265F83E886C638 59392 ----a-w- C:\WINDOWS\Sysnative\DmApiSetExtImplDesktop.dll
2017-08-03 14:51:09 1F4FA2C015A5BDC14AFB020C860AFA99 74240 ----a-w- C:\WINDOWS\Sysnative\EnterpriseDesktopAppMgmtCSP.dll
2017-08-03 14:51:09 1B18A047B1EAFCED3BA9F02CB4F73F9C 5557760 ----a-w- C:\WINDOWS\Sysnative\dbgeng.dll
2017-08-03 14:51:09 16A79C4F8B1C7569115B269263213DC1 112640 ----a-w- C:\WINDOWS\Sysnative\MDMAppInstaller.exe
2017-08-03 14:51:09 1507DA4C1CF2039D13BD736F6E8416A9 778240 ----a-w- C:\WINDOWS\Sysnative\DolbyHrtfEnc.dll
2017-08-03 14:51:09 0E8714FD45B9B73495CCB8613D3BCE0B 112640 ----a-w- C:\WINDOWS\Sysnative\wuuhosdeployment.dll
2017-08-03 14:51:09 06373FF017097FD40D60219980871FA0 847360 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll
2017-08-03 14:51:08 F10E4B054E1FBF5B084E872BFDD84577 383488 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe
2017-08-03 14:51:08 D6D699FFC510389ADE9952B27B31C070 8333312 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll
2017-08-03 14:51:08 A9F3A7967DA415F050D5AFBBA1A9F0B6 777216 ----a-w- C:\WINDOWS\Sysnative\netlogon.dll
2017-08-03 14:51:08 A7F07679A34EE13FD0C8CE112645DF49 2939392 ----a-w- C:\WINDOWS\Sysnative\InputService.dll
2017-08-03 14:51:08 55B92A284F02002F6433564029462941 2969888 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll
2017-08-03 14:51:08 4D33831BFF362168FC37F4791721105F 4396032 ----a-w- C:\WINDOWS\Sysnative\D3DCompiler_47.dll
2017-08-03 14:51:08 392D7FCB3494B1508DFAA12AC7F990D0 555008 ----a-w- C:\WINDOWS\Sysnative\TpmCoreProvisioning.dll
2017-08-03 14:51:08 2441C77EF1BF54C921C50B645FB08A5A 524800 ----a-w- C:\WINDOWS\Sysnative\TileDataRepository.dll
2017-08-03 14:51:08 0574C896B0EDC1CA49056CE5A51B5D69 660680 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll
2017-08-03 14:51:08 03E4119804030A6BE89B18FA9381F379 417792 ----a-w- C:\WINDOWS\Sysnative\InstallAgentUserBroker.exe
2017-08-03 14:51:07 A08C93CE26B0F98A307E59AF9BAEDCA9 7326128 ----a-w- C:\WINDOWS\Sysnative\windows.storage.dll
2017-08-03 14:51:07 8FD3B06E1B4EB0C481F81ABF544A77F5 3204608 ----a-w- C:\WINDOWS\Sysnative\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-03 14:51:07 6AFDF7A5A811294947EB5472588A1313 189440 ----a-w- C:\WINDOWS\Sysnative\BluetoothApis.dll
2017-08-03 14:51:07 39A0B8DD517E3CBF0A6EED5A12BB182F 942592 ----a-w- C:\WINDOWS\Sysnative\wbiosrvc.dll
2017-08-03 14:51:07 0242626678C83AE788C655C1990A3CC3 318232 ----a-w- C:\WINDOWS\Sysnative\wininit.exe
2017-08-03 14:51:06 F34283DE289AF82A97BCE6563D1E2BB4 872472 ----a-w- C:\WINDOWS\Sysnative\ClipSVC.dll
2017-08-03 14:51:06 E0A69E49D1ECC65272182A9C6BAA9180 527360 ----a-w- C:\WINDOWS\Sysnative\aadcloudap.dll
2017-08-03 14:51:06 AE1918EED1E4925778B92061CC2B8D18 5302968 ----a-w- C:\WINDOWS\Sysnative\Windows.StateRepository.dll
2017-08-03 14:51:06 99FAD8B424023E514EAD2AF9A9B4EAE5 1878016 ----a-w- C:\WINDOWS\Sysnative\AzureSettingSyncProvider.dll
2017-08-03 14:51:06 91DB5775249920FD245851E0BC97D8C4 586240 ----a-w- C:\WINDOWS\Sysnative\AppReadiness.dll
2017-08-03 14:51:06 7FE60B52DD841ED374285B7ED9210222 1015296 ----a-w- C:\WINDOWS\Sysnative\XblAuthManager.dll
2017-08-03 14:51:06 61EDB8B164D4A42A931CEBC4965A0724 1293824 ----a-w- C:\WINDOWS\Sysnative\aadtb.dll
2017-08-03 14:51:06 30C4A37305C9FF5FA41B73CFDB9ECC1E 412160 ----a-w- C:\WINDOWS\Sysnative\ActivationManager.dll
2017-08-03 14:51:06 1FD5B18E01731EDBE63A5B0EAA84ACAA 136192 ----a-w- C:\WINDOWS\Sysnative\Windows.StateRepositoryUpgrade.dll
2017-08-03 14:51:06 19177E2A773C4EBE41801D5807E18660 654976 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll
====== C:\WINDOWS\Sysnative\drivers =====
2017-08-10 17:03:40 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\WINDOWS\Sysnative\drivers\dbx-stable.sys
2017-08-10 17:03:40 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\WINDOWS\Sysnative\drivers\dbx-canary.sys
2017-08-10 17:03:40 728BE4B36BA453779AEC6459DDDB320B 45672 ----a-w- C:\WINDOWS\Sysnative\drivers\dbx-dev.sys
2017-08-09 21:01:39 1AF8F4E6B18E1B04E6CAE3254AB584BE 1008288 ----a-w- C:\WINDOWS\Sysnative\drivers\avgsnx.sys
2017-08-09 21:01:38 EE9BF0626185FEAF9E12D6FE2141A8B3 139112 ----a-w- C:\WINDOWS\Sysnative\drivers\avgmonflt.sys
2017-08-09 12:56:36 D74756DD1518D28A09CDA99696273FA4 119712 ----a-w- C:\WINDOWS\Sysnative\drivers\tdx.sys
2017-08-09 12:56:25 AF0BF03C8574DD026FAF9A82A64C2D04 382368 ----a-w- C:\WINDOWS\Sysnative\drivers\clfs.sys
2017-08-09 12:56:22 BA43C274B0B555640DECE50A6BC81383 712600 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys
2017-08-09 12:56:21 F1D8A5A6C39586717822C2AAB70663F4 2444704 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2017-08-09 12:56:12 D3ACDFA2753614A7892DB5A5618D3A5D 83968 ----a-w- C:\WINDOWS\Sysnative\drivers\vmbkmclr.sys
2017-08-09 12:56:12 A3288A1D51453254600652F455A75B8B 82336 ----a-w- C:\WINDOWS\Sysnative\drivers\vmbkmcl.sys
2017-08-03 14:51:56 560AE7760EC108F92D2EA8638CC805CF 715168 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys
2017-08-03 14:51:17 44A8A52763381E5DCAE122330191493C 115712 ----a-w- C:\WINDOWS\Sysnative\drivers\bridge.sys
2017-08-03 14:51:17 075F8C81457804BB79DD33FE69A96C57 2327456 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2017-08-03 14:51:10 02481DA7952E87F0EF007B54E0216DA8 2679200 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2017-08-03 14:51:04 F083A400FB9CB8ADD1783848CB1C76F0 51712 ----a-w- C:\WINDOWS\Sysnative\drivers\UcmUcsi.sys
2017-08-03 14:51:04 E1E55BA45510B2B0309E2C77ABEB1BFE 97792 ----a-w- C:\WINDOWS\Sysnative\drivers\bthhfenum.sys
2017-08-03 14:51:04 AC251B31370C1E00F577928260B8939F 723360 ----a-w- C:\WINDOWS\Sysnative\drivers\acpi.sys
2017-08-03 14:51:04 618707F3F742BF67AB578808171F60EB 279968 ----a-w- C:\WINDOWS\Sysnative\drivers\msiscsi.sys
2017-08-03 14:51:04 0939AD44244AA9D348187015083E17DF 554400 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2017-07-24 09:01:35 E38F8B259CA35034C932F426DE092273 191208 ----a-w- C:\WINDOWS\Sysnative\drivers\avgStm.sys
2017-07-24 09:01:35 B007ED6A12A1F0CFD22C1446B71DFDBC 76832 ----a-w- C:\WINDOWS\Sysnative\drivers\avgRvrt.sys
2017-07-24 09:01:35 96EEB2B224654ABC4D77AAF965389A8B 139112 ----a-w- C:\WINDOWS\Sysnative\drivers\avgmonflt.sys.150088689757801
2017-07-24 09:01:35 507070572F44ED236FFC28985A41136E 353744 ----a-w- C:\WINDOWS\Sysnative\drivers\avgVmm.sys
2017-07-24 09:01:35 0C991E293781F60D72B6313B32C9AA21 578048 ----a-w- C:\WINDOWS\Sysnative\drivers\avgSP.sys
2017-07-24 09:01:35 073CAAB128DF449722FD0B00788E95D8 39424 ----a-w- C:\WINDOWS\Sysnative\drivers\avgHwid.sys
2017-07-24 09:01:34 F1010BE84E42847363A6C60F7C5210D9 313616 ----a-w- C:\WINDOWS\Sysnative\drivers\avgbidsdrivera.sys
2017-07-24 09:01:34 B3DEFE293512C52B79BF0F18FCFB3C1A 166624 ----a-w- C:\WINDOWS\Sysnative\drivers\avgbdiska.sys
2017-07-24 09:01:34 69B140DC6A5B656687C45CC5A732E559 336896 ----a-w- C:\WINDOWS\Sysnative\drivers\avgbloga.sys
2017-07-24 09:01:34 65D2A6E750677E5B7C27E4777589E559 51336 ----a-w- C:\WINDOWS\Sysnative\drivers\avgbuniva.sys
2017-07-24 09:01:34 4AF1AB9F345E68ECE5A886BA7144E0FB 102792 ----a-w- C:\WINDOWS\Sysnative\drivers\avgRdr2.sys
2017-07-24 09:01:34 1E1FBDE5029719BD98DCED45373FF078 546968 ----a-w- C:\WINDOWS\Sysnative\drivers\avgNetSec.sys
2017-07-24 09:01:34 09AF19D9D4FA7682FC8B266A70B300C1 192584 ----a-w- C:\WINDOWS\Sysnative\drivers\avgbidsha.sys
2017-07-22 16:06:32 67454B99C2CD787C6927BF00B7D49B05 984032 ----a-w- C:\WINDOWS\Sysnative\drivers\rt640x64.sys
2017-07-20 14:29:24 D765F43CBEA72D14C04AF3D2B9C8E54B 27136 ----a-w- C:\WINDOWS\Sysnative\drivers\tap0901.sys
====== C:\WINDOWS\Tasks ======
2017-08-13 19:48:24 03218B198F7E6A70D610E3DDABCCDC1D 4562 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Acrobat Update Task
2017-08-09 14:50:05 813F245A44AE8BE8E2C98AE907A84052 2902 ----a-w- C:\WINDOWS\Sysnative\Tasks\ASC10_SkipUac_scct
2017-07-24 09:01:35 7B0F0E976BAF353D7EEF9303C2AEE134 4282 ----a-w- C:\WINDOWS\Sysnative\Tasks\Antivirus Emergency Update
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2017-07-27 06:57:40 -------- d---a-w- C:\Program Files\Common Files\DESIGNER
======= C:\PROGRA~2 =====
2017-08-07 16:58:43 -------- d---a-w- C:\PROGRA~2\COMMON~1\Adobe
2017-08-07 16:58:43 -------- d-----w- C:\PROGRA~2\Adobe
2017-08-05 06:46:18 -------- d---a-w- C:\PROGRA~2\RAMRush
2017-07-27 18:31:40 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service
======= C: =====
2017-08-04 08:10:54 93B885ADFE0DA089CDF634904FD59F71 1 --sha-w- C:\BOOTNXT
2017-08-04 08:10:54 78A668B67D478FD0EF853E22FB5973B5 395232 --sha-r- C:\bootmgr
====== C:\Users\scct\AppData\Roaming ======
2017-08-15 13:24:20 -------- d-----w- C:\Users\scct\AppData\Local\ZHP
2017-07-27 18:31:46 -------- d-----w- C:\Users\scct\AppData\Local\Mozilla
2017-07-26 12:53:11 -------- d-----w- C:\Users\scct\AppData\Local\Diagnostics
====== C:\Users\scct ======
2017-08-15 17:05:07 -------- d-----w- C:\ProgramData\ProductData
2017-08-15 17:01:26 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2017-08-15 13:03:32 86EBD460621BAB6AFE8595392B0560CA 2812800 ----a-w- C:\Users\scct\Desktop\ZHPDiag3.exe
2017-08-15 13:02:19 E40542C4CC75E658A4615BFEFB308570 1790024 ----a-w- C:\Users\scct\Desktop\JRT.exe
2017-08-14 11:46:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-12 13:11:27 33A9DAA3AD9501D73C0F45C25B3A89D2 81719720 ----a-w- C:\Users\scct\Desktop\Dropbox 32.4.23 Offline Installer.exe
2017-08-07 16:58:05 -------- d-----w- C:\ProgramData\Adobe
2017-08-05 06:46:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMRush
2017-07-20 13:09:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter

====== C: exe-files ==
2017-08-14 11:45:58 D9B9AC9804727D78D783E826A8C64815 25408 ----a-w- C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
2017-08-14 11:45:57 F668F28BB0BE8466A2E4E8EEFF20FEA3 3487032 ----a-w- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
2017-08-14 11:45:57 CF8737B7CFB2FE5C557DC7893BAC888F 49992 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbxsvc.exe
2017-08-14 11:45:57 CF84880E1716EF53DB265B275C55E452 43336 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbxsvc.exe
2017-08-14 11:45:57 A61C8191FC9491ADA40AB04A83C5EB33 174152 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe
2017-08-10 15:24:48 A013E5E9A1E8D9E36F91BF923E44AA47 2226160 ----a-w- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
2017-08-10 03:45:05 8CFE959042C8379D6045CF5318F5912A 3947128 ----a-w- C:\Users\scct\AppData\Local\Google\Chrome\User Data\SwReporter\20.117.0\software_reporter_tool.exe
2017-08-09 21:01:38 8413F26550442F9C9AA16F3D1FCACB3E 9271528 ----a-w- C:\Program Files (x86)\AVG\Antivirus\avgui.exe
2017-08-09 14:50:07 1281408B7070694E4ECB79EA832FE20D 1408288 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\SPInit.exe
2017-08-09 14:50:00 4C8E4F05DF99066586EA0533F4A4BC99 4827048 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\ADBlock.exe
2017-08-09 14:49:59 7F5E10375D6546C4DD45D619F45F4C09 1787680 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
2017-08-09 14:49:59 49637902C4BB34FCA607622A2F2EEDBC 1458464 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPUpdate.exe
2017-08-09 14:49:59 422DFE61D678BEA4CB16A432E97DA7BA 544680 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FWRules.exe
2017-08-09 14:49:59 17A0E8DBB9BA2C01A8882406ED45F582 1307560 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe
2017-08-09 14:49:59 1281408B7070694E4ECB79EA832FE20D 1408288 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\PluginInstall.exe
2017-08-09 14:49:58 F1525F3D112F4DD28BBFC4C6B4F42335 23840 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\wxp_x86\RegistryDefragBootTime.exe
2017-08-09 14:49:58 7EEDADC5D43319D802A7CA9EBCFF830E 26400 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\wxp_amd64\RegistryDefragBootTime.exe
2017-08-09 14:49:57 F715D25D052AD3441B8F0AFB27C8C225 2513696 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Suc11_RegistryCleaner.exe
2017-08-09 14:49:57 F6242DFC001F4E1EBCAA3F885017E841 124192 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
2017-08-09 14:49:57 F3E8E02CE126E02F6CEC4F301862CAFE 23840 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\wnet_x86\RegistryDefragBootTime.exe
2017-08-09 14:49:57 E93DA918F52441BF3BC9D385C15AF8D6 560416 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Suo10_SmartRAM.exe
2017-08-09 14:49:57 A500F83ECC7AAD400EE677B096193A95 24352 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_x86\RegistryDefragBootTime.exe
2017-08-09 14:49:57 9D69441E0F1B134D5B7DFA993F365A32 26400 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\wnet_amd64\RegistryDefragBootTime.exe
2017-08-09 14:49:57 85D28E9EE35CD2336495F1F890871B49 27424 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\wlh_amd64\RegistryDefragBootTime.exe
2017-08-09 14:49:57 83BD850953B8CAA09A093152BA69F38F 1286944 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Suc12_DiskCleaner.exe
2017-08-09 14:49:57 71B5DBE2F3E12C7B5C7CC5BCF245DC65 24352 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\wlh_x86\RegistryDefragBootTime.exe
2017-08-09 14:49:57 6A920D114170550B754F2A21CB3065E1 3855136 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Suo12_StartupManager.exe
2017-08-09 14:49:57 3D2C114B00F92C70D9A873EF4B501E15 2071840 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\MyWin10.exe
2017-08-09 14:49:57 27B73DAB32F51461861CF7398E3A282C 27424 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\RegistryDefragBootTime.exe
2017-08-09 14:49:57 26D8A69FCD0CFC471AE36A4CF297C921 1759520 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Suo11_InternetBooster.exe
2017-08-09 14:49:57 0E94CCFAB6C57C82CD5B4B516C36CB9E 2091808 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Sur13_WinFix.exe
2017-08-09 14:49:56 FEAE6A6D38A498E1DFC96999CAF6FAE1 607520 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\TaskHelper.exe
2017-08-09 14:49:56 F9F2BCF4D01A2FB5C6C95079B055CBC4 150816 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\ReProcess.exe
2017-08-09 14:49:56 EF80F2E86A521C909FFD965D146458DC 1015072 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\StartupInfo.exe
2017-08-09 14:49:56 EF21BBA1BAB0B01CE23FAF66B0EDEEAF 1979680 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Nfeatures.exe
2017-08-09 14:49:56 EC412405CB8D4D64BCE173481D725D60 2895136 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallPromote.exe
2017-08-09 14:49:56 E2E5505E0C3024D4E78B3BDCA693B674 1808672 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\RescueCenter.exe
2017-08-09 14:49:56 D4D33597FB3748EDE47A15BBDADB6B16 854816 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
2017-08-09 14:49:56 D3C532BF3E2AEB761A2DC2C803928678 1526560 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Wizard.exe
2017-08-09 14:49:56 D38081BF684ABF3CA7881DF3178D42CA 1268000 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
2017-08-09 14:49:56 D1E248897399700BF62DDF704991685F 2065696 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Register.exe
2017-08-09 14:49:56 B874145BE54671031484E705D6E32B17 1281312 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Reinforce.exe
2017-08-09 14:49:56 B5DF69B2A732B458D321FEF060E9335D 924960 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe
2017-08-09 14:49:56 B401BF471C0210541AC1A9BD7D1A2D7E 1760544 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\QuickSettings.exe
2017-08-09 14:49:56 90E9D355E76EFDFE87366A4F46EB08D1 395552 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\repair_task.exe
2017-08-09 14:49:56 866448863FD28700EA4185609C27197B 3332384 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
2017-08-09 14:49:56 8482B7AB58E706392EFB5006A762BE43 816928 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\ScreenShot.exe
2017-08-09 14:49:56 7BEAC7AB09DEC90675DD25D391B430FA 1157920 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\SoftUpdateTip.exe
2017-08-09 14:49:56 402521A93045C0154779891D6441A7A2 1019680 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Report.exe
2017-08-09 14:49:56 17D13E1C0D3BDC680DA9D6647FB531AE 156960 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\MonitorDisk.exe
2017-08-09 14:49:56 14A27689098D5258A10BC4D05EAFDEC3 123168 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\NoteIcon.exe
2017-08-09 14:49:56 089CE6F7BF4A93E7D8E9149D7F5014C6 940320 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\SendBugReportNew.exe
2017-08-09 14:49:55 EF9A0DC18A39161EE5EE39E750C089D2 1635104 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe
2017-08-09 14:49:55 E4C4EFC55BA4CADB99712A82F7A69981 1641248 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe
2017-08-09 14:49:55 D3CF6B80AAC9322C2C4C8C07F2AC38B8 1619744 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\FaceIDSetting.exe
2017-08-09 14:49:55 BF2224949C8ECEC2702B9B1BCAB2A245 1016096 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\DNSProtect.exe
2017-08-09 14:49:55 B16B5D902F840F82EC4241DAE6E36D0A 1908512 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe
2017-08-09 14:49:55 A1025AEC03EDEBC85CABE7F3FF20B526 1829152 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\FeedBack.exe
2017-08-09 14:49:55 8364943D34448394F8CE2FF5035D2627 1961248 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe
2017-08-09 14:49:55 7B44810F10BE1F0CAC7C2217783B69E3 1596704 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Fimon.exe
2017-08-09 14:49:55 78718751EBD9000980DC137B9AE221F7 793888 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCUpgrade.exe
2017-08-09 14:49:55 683035B1B9542A2C8CC2B2785B54DB9E 21280 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Iobit_RefreshTaskBar.exe
2017-08-09 14:49:55 5DD6A579AA1F212C39539FECD4190715 604960 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\AUpdate.exe
2017-08-09 14:49:55 5CA074A771995F557A31EBEFA5E4E626 242464 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\delayLoad.exe
2017-08-09 14:49:55 37F53A2ABE757536B3A71B94C390B1F1 438560 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe
2017-08-09 14:49:55 37D0EAC9775431DAC24C961F379710AB 188704 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe
2017-08-09 14:49:55 358D68AADE77E120C9C1ABC29B916F9E 513528 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Dashlane_Launcher.exe
2017-08-09 14:49:55 2EC8854B9D9AA74B94FB3655AF1DECF9 169760 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\DiskScan.exe
2017-08-09 14:49:55 1B59451BA9BB7FC7C73D4CF0B02929BA 2958624 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe
2017-08-09 14:49:55 18E736713AA9B91D45FA37AA64406FD6 1250592 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe
2017-08-09 14:49:55 14A30D73D1E39EC4E547680D0BDF55BC 179488 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe
2017-08-09 14:49:54 A7A35F5BA43900E8329C60A06A4ECDDD 6885152 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
2017-08-09 14:49:54 98C6EF7A8CC1852356D99D1FF3E606BA 3924256 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
2017-08-09 14:49:54 95E965C08F52DB9EA8AF7AE7F9262766 775456 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCDownload.exe
2017-08-09 14:49:54 3B60D364C393D0EDC2933ED9110E5822 765216 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe
2017-08-09 14:49:54 1CFADAA64D34D92AB64887802D1F33FE 462624 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
2017-08-09 14:49:54 1B9EA5396ADD8A95A52832ADEEE935D0 315168 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\About.exe
2017-08-09 14:49:54 0F21C628845CCE1BF3DE75B5BE43F644 2091808 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\ActionCenterDownloader.exe
2017-08-09 14:49:53 B61967A71F273F08DFF9F91A735EFD42 584992 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\ICONPIN64.exe
2017-08-09 14:49:53 7B53FD69D54BCD7B774363F920CA0B59 381728 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\ICONPIN32.exe
2017-08-09 14:49:53 57A92DC2FA2B5D8BAB8CB47B2973A1C1 1208608 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\unins000.exe
=== C: other files ==
2017-08-14 11:45:57 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-stable.sys
2017-08-14 11:45:57 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-canary.sys
2017-08-14 11:45:57 8ABCBCBD5B649C2D4DC4342B014B2639 35432 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-dev.sys
2017-08-14 11:45:57 728BE4B36BA453779AEC6459DDDB320B 45672 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-dev.sys
2017-08-14 11:45:57 60AF4B7B4EFFB9E5E091BC70AC85355A 24958600 ----a-w- C:\Program Files (x86)\Dropbox\Client\python-packages.zip
2017-08-14 11:45:57 0A9383A95D3FE631650567C9DFC17E03 35408 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-stable.sys
2017-08-14 11:45:57 0A9383A95D3FE631650567C9DFC17E03 35408 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-canary.sys
2017-08-12 14:11:31 31301EEC60D0E6B55C1A3BF4B348C4E4 54247 ----a-w- C:\Users\scct\Dropbox\Back up 1\all thi ladz!.zip
2017-08-11 15:44:08 BAE880517A834CF93C461591F1480155 1276608 ----a-w- C:\Users\scct\Desktop\New folder\MY_PICTU\WORK_ON_\WORK_ON_\WORK_TO_\MY_12.ZIP
2017-08-11 15:42:36 5D73B23ABC7F8BF1D8E5EA718DECC5DD 1722290 ----a-w- C:\Users\scct\Desktop\New folder\MY_PICTU\NZ_EDITE\BIKE_TRI.ZIP
2017-08-11 15:37:03 402F31C1F2D74D197A0509CDA9FA5C3E 3605829 ----a-w- C:\Users\scct\Desktop\New folder\zx12r pdf pics\ZX12R_PA.ZIP
2017-08-11 15:37:03 31301EEC60D0E6B55C1A3BF4B348C4E4 54247 ----a-w- C:\Users\scct\Desktop\New folder\all thi ladz!.zip
2017-08-10 17:03:40 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Windows\System32\drivers\dbx-stable.sys
2017-08-10 17:03:40 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Windows\System32\drivers\dbx-canary.sys
2017-08-10 17:03:40 728BE4B36BA453779AEC6459DDDB320B 45672 ----a-w- C:\Windows\System32\drivers\dbx-dev.sys
2017-08-09 21:01:39 EE9BF0626185FEAF9E12D6FE2141A8B3 139112 -c--a-w- C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgmonflt.sys
2017-08-09 21:01:39 1AF8F4E6B18E1B04E6CAE3254AB584BE 1008288 -c--a-w- C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgsnx.sys
2017-08-09 21:01:39 1AF8F4E6B18E1B04E6CAE3254AB584BE 1008288 ----a-w- C:\Windows\System32\drivers\avgsnx.sys
2017-08-09 21:01:38 EE9BF0626185FEAF9E12D6FE2141A8B3 139112 ----a-w- C:\Windows\System32\drivers\avgmonflt.sys
2017-08-09 14:50:09 D77238AC8FDA0FF4BF36E1F3E893B81F 143796 ----a-w- C:\Users\scct\AppData\Roaming\Mozilla\Firefox\Profiles\es7scrkr.default\extensions\ascsurfingprotectionnew@iobit.com.xpi
2017-08-09 14:49:59 D77238AC8FDA0FF4BF36E1F3E893B81F 143796 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ascsurfingprotectionnew@iobit.com.xpi
2017-08-09 12:56:36 D74756DD1518D28A09CDA99696273FA4 119712 ----a-w- C:\Windows\System32\drivers\tdx.sys
2017-08-09 12:56:25 AF0BF03C8574DD026FAF9A82A64C2D04 382368 ----a-w- C:\Windows\System32\drivers\clfs.sys
2017-08-09 12:56:22 BA43C274B0B555640DECE50A6BC81383 712600 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys
2017-08-09 12:56:21 F1D8A5A6C39586717822C2AAB70663F4 2444704 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2017-08-09 12:56:21 E019A83421C1F53AD41070B31D3E6903 2055168 ----a-w- C:\Windows\System32\win32kbase.sys
2017-08-09 12:56:20 0ABFB7485BC96FA5BA325800466A8B22 3670016 ----a-w- C:\Windows\System32\win32kfull.sys
2017-08-09 12:56:12 D3ACDFA2753614A7892DB5A5618D3A5D 83968 ----a-w- C:\Windows\System32\drivers\vmbkmclr.sys
2017-08-09 12:56:12 A3288A1D51453254600652F455A75B8B 82336 ----a-w- C:\Windows\System32\drivers\vmbkmcl.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-251929532-3862799365-3943777-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Spotify Web Helper"="C:\Users\scct\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup"
"SDTray"="D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Spotify Web Helper"="C:\Users\scct\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"Malwarebytes TrayApp"="C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe"
"AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe /lps=fmw"
"AVGUI.exe"="C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe /gui"
"SecurityHealth"="%ProgramFiles%\Windows Defender\MSASCuiL.exe"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [30/01/2017 23:45]
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [30/01/2017 23:45]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\Antivirus Emergency Update" [C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe]
"C:\WINDOWS\SysNative\tasks\ASC10_SkipUac_scct" ["C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /SkipUac]
"C:\WINDOWS\SysNative\tasks\AVG EUpdate Task" [avgsetupx.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\IObitSelfCheckTask" [C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe]
"C:\WINDOWS\SysNative\tasks\Open URL by RoboForm" [C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.h...MPMFMNMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"]
"C:\WINDOWS\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag_AutoAnalyze" [D:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe]
"C:\WINDOWS\SysNative\tasks\SmartDefrag_Update" [D:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["D:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["D:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe"]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["D:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [22/10/2016 21:00]

==== Firefox Extensions ======================

ProfilePath: C:\Users\scct\AppData\Roaming\Mozilla\Firefox\Profiles\es7scrkr.default
- IObit Surfing Protection amp; Ads Removal - %ProfilePath%\extensions\ascsurfingprotectionnew@iobit.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\scct\AppData\Roaming\Mozilla\Firefox\Profiles\es7scrkr.default
D24D187FF3004EB238C2B4F84A86DCDE - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL - Microsoft Office 2016
127E13DF136D1CD24B93044D0E45DF1F - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2016
56A8466F5175A400F8490777415728CD - C:\Users\scct\AppData\Roaming\Zoom\bin\npzoomplugin.dll - Zoom launcher - 3.0.1


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[04/11/2016 11:14]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
mbckjcfnjmoiinpgddefodcighgikkgn - No path found[]

Google Slides - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
IObit Surfing Protection & Ads Removal - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
YouTube - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Logitech Smooth Scrolling - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
ZenMate VPN - Best Cyber Security Unblock - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme
Google Sheets - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Analytics Opt-out Add-on by Google - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh
Google Docs Offline - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Pinterest Save Button - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
Save to Facebook - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd
Search DW - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\loopfhhjebfdiedohdimifdjcdolcljm
ZIP Extractor - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd
Chrome Web Store Payments - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE13&ocid=UE13DHP"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== HijackThis Entries ======================

D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SDTray] "D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\scct\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
O23 - Service: AVG Firewall Service (AVG Firewall) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 15/08/2017 at 18:29:45.28 ======================

# AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 15 18:39:17 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 07-31-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\scct\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\scct\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy, C:\Program Files\Common Files\AVG Secure Search
PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\AVG Secure Search
PUP.Optional.Legacy, C:\ProgramData\avg web tuneup
PUP.Optional.Legacy, C:\ProgramData\Application Data\avg web tuneup
PUP.Optional.Legacy, C:\Program Files\avg web tuneup
PUP.Optional.Legacy, C:\Program Files (x86)\avg web tuneup
PUP.Optional.Legacy, C:\Users\All Users\avg web tuneup
PUP.Optional.Legacy, C:\Users\scct\AppData\Local\avg web tuneup
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Application Data\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Users\All Users\Auslogics
PUP.Adware.Heuristic, C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
PUP.Adware.Heuristic, C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
PUP.Adware.Heuristic, C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AVG Tuneup
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-251929532-3862799365-3943777-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Advanced SystemCare 10
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@avg.com\AVG SiteSafety plugin,version=11.0.0.1,application\x-avg-sitesafety-plugin
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
PUP.Optional.SaferBrowser, [Key] - HKU\S-1-5-21-251929532-3862799365-3943777-1001\Software\Safer Technologies
PUP.Optional.SaferBrowser, [Key] - HKCU\Software\Safer Technologies
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKLM\SOFTWARE\Auslogics


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

Plugin found: IObit Surfing Protection & Ads Removal -
Plugin found: Movie Search -

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
#11
Sorry posted the Adware log before the clean, here is the logfile after Adware was run...
# AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 15 18:53:53 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\scct\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\scct\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files\Common Files\AVG Secure Search
Deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted: C:\ProgramData\avg web tuneup
Deleted: C:\ProgramData\Application Data\avg web tuneup
Deleted: C:\Program Files\avg web tuneup
Deleted: C:\Program Files (x86)\avg web tuneup
Deleted: C:\Users\All Users\avg web tuneup
Deleted: C:\Users\scct\AppData\Local\avg web tuneup
Deleted: C:\ProgramData\Auslogics
Deleted: C:\ProgramData\Application Data\Auslogics
Deleted: C:\Users\All Users\Auslogics
Deleted: C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
Deleted: C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
Deleted: C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted: [Key] - HKLM\SOFTWARE\AVG Tuneup
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted: [Value] - HKU\S-1-5-21-251929532-3862799365-3943777-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@avg.com\AVG SiteSafety plugin,version=11.0.0.1,application\x-avg-sitesafety-plugin
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKU\S-1-5-21-251929532-3862799365-3943777-1001\Software\Safer Technologies
Deleted: [Key] - HKCU\Software\Safer Technologies
Deleted: [Key] - HKLM\SOFTWARE\Auslogics


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: IObit Surfing Protection & Ads Removal -
Plugin deleted: Movie Search -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4798 B] - [2017/8/15 18:39:17]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
#12
Did you remove the following with Geek Uninstaller?

IObit Uninstaller
Advanced SystemCare
Smart Defrag
AVG
Spybot - Search & Destroy
IObit Malware Fighter

We will install new software to replace these. But the ones we are removing are junk and useless. IOBit is a resource hog and tried to pass itself off as Malwarebytes, therefore they are the bottom of the totem pole. AVG has proven itself time and time again to cause blue screens, errors, and resource hogging.

The following options can be a replacement for the listed removals:

CCleaner (Uninstalls and cleans)
Defraggler
Avast, Kaspersky Free, Avira, 360 Total Security
Malwarebytes or Zemana
VoodooShield

They are all free and trusted :) Malwarebytes and Zemana are on-demand scanners that can be run as-needed :) VoodooShield acts as a whitelist protector and I use it myself :) You can read information about it here :)
 
#15
Here it is :)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2017 01
Ran by scct (16-08-2017 09:28:22)
Running from C:\Users\scct\Desktop\New folder (2)
Windows 10 Pro Version 1703 (X64) (2017-06-20 19:20:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-251929532-3862799365-3943777-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-251929532-3862799365-3943777-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-251929532-3862799365-3943777-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-251929532-3862799365-3943777-501 - Limited - Disabled)
scct (S-1-5-21-251929532-3862799365-3943777-1001 - Administrator - Enabled) => C:\Users\scct

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
IL-2 Sturmovik: Forgotten Battles (HKLM-x32\...\{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}) (Version: 1.00.0000 - Ubi Soft) Hidden
IncrediMail (HKLM-x32\...\{35505AE1-27E2-4206-B3BF-58771803B8D0}) (Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Firefox 55.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.1 (x86 en-US)) (Version: 55.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Pop-Up Blocker Full (HKLM-x32\...\{F0DEA93A-EADB-4D7C-AA2B-DFB356DA886A}) (Version: 1.0.0.0 - )
RamBooster (HKLM-x32\...\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}) (Version: 2.0 - RamBooster) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
RoboForm 7-9-22-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-22-2 - Siber Systems)
Sky Go Download Player (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\814376323.go.sky.com) (Version: - go.sky.com)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.1.201701041432 - Sony Mobile Communications Inc.)
Spotify (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
USB3 Hub FW Upgrade Tool version 0.44 (HKLM-x32\...\USB3 Hub FW Upgrade Tool_is1) (Version: 0.44 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0145679D-9AA8-4E16-8D14-D986C9DDF0BA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-28] (Microsoft Corporation)
Task: {4AA3BF5A-5860-4096-9AFF-D186CF83355C} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {67E05E75-3D8D-4782-8DC4-2FEAB21F1A89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-15] (Google Inc.)
Task: {7D416D6A-C385-4326-A8D1-FEE075196547} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-05] (Piriform Ltd)
Task: {8101CD07-B24E-4813-B865-76110A9B007D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {82EAC355-1270-41EB-8789-122DCB52A061} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-28] (Microsoft Corporation)
Task: {944D5A4C-4954-490D-8F21-288870F264D0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {9D021D72-0FB0-4A1B-A725-C1ED6F2E9DA3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A1AAE106-E0D2-49F0-91F1-31A7B3C94E3C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {A320E433-CD3F-4CDE-B2C7-82D9058D58AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-15] (Google Inc.)
Task: {A65F6FBC-913B-427F-B573-1D1F8F590029} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-11-04] (Siber Systems)
Task: {BA9E66AF-A86E-4071-B1D9-88C6CCE65F4F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {C1D2EDB8-3103-4473-A10A-888BC7BD5512} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {C73B0EC2-D490-4FF8-974D-B1A487012014} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-30] (Dropbox, Inc.)
Task: {D19A4733-CC73-4F77-8120-8AE5F745A51D} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMJMJHMLMHMKJOJNMCNNJNJOMLJCNLMHMPMNMCNOJOMGMNMCNPMOMIMJMLJHMKMKJPMMMOMJMJNJICMIMCNGMCNNMNMFMOMOMCNMMNMOMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMPMFMMJBJKJLIMJFMOMNMJNHICMMJBJKJLIMJJNBJCMMIMJMJLIJNKJCMJNNICMJNDJCMKJBJJNMJCM (the data entry has 45 more characters).
Task: {DE8D5559-1A95-4FB3-A6BF-D8970AE0426E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-30] (Dropbox, Inc.)
Task: {E7404690-4C79-4BAC-973E-74A6515B7028} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-06-20 19:36 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-06 21:16 - 2017-07-06 21:16 - 008932040 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-03-18 21:59 - 2017-03-19 03:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-01 05:53 - 2017-08-01 05:54 - 000054272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-08-15 19:18 - 2017-08-11 08:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-15 19:18 - 2017-08-11 08:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2017-07-15 12:57 - 2017-07-15 12:58 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-15 12:57 - 2017-07-15 12:58 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-15 12:57 - 2017-07-15 12:58 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-15 12:57 - 2017-07-15 12:58 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)
 
#18
Please go HERE and click the blue
fQO1SSi.jpg
link (French for download) and save the file to your desktop.

Please note is it important to disable your antivirus before running this tool. If you are uncertain how to do this please ask.

Right click the desktop icon
h5QXsXi.jpg
and choose "Run as Administrator". You can safely ignore any security warnings when running this tool.

On the main interface select IMPORT

I3yMa37.jpg


If a box appears similar to that below, click OK or just X out of it.

v6smBPj.jpg


Copy the contents of the box below

Code: 
Script Zhpfix
O39 - APT: AVG EUpdate Task - (...) -- C:\WINDOWS\System32\Tasks\AVG EUpdate Task [3668] (.Orphan.) =>.SUP.Orphan
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d1ndl3am21r6ws.cloudfront.net =>.SUP.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d31qbv1cthcecs.cloudfront.net =>.SUP.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d5nxst8fruw4z.cloudfront.net =>.SUP.CloudfrontNet
O2 - BHO: ExplorerWnd Helper [64Bits] - {10921475-03CE-4E04-90CE-E2E7EF20C814} (.Orphan.)
O43 - CFD: 06/08/2017 - [0] AD -- C:\Program Files (x86)\RAMRush
O43 - CFD: 05/08/2017 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMRush
O43 - CFD: 16/11/2016 - [0] D -- C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
O43 - CFD: 22/11/2016 - [0] D -- C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
O43 - CFD: 22/10/2016 - [0] D -- C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
HKCU\SOFTWARE\IM =>Adware.InstallCore
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] =>.SUP.Orphan
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}] =>.SUP.Orphan
C:\WINDOWS\Prefetch\BROWSERPROTECT.EXE-9DE5B231.pf =>PUP.Optional.Eazel
C:\WINDOWS\Prefetch\REIMAGE.EXE-8A509CAA.pf =>.SUP.ReimageRepair
C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1af033869koo7.cloudfront.net_0.localstorage =>.SUP.CloudfrontNet
C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1af033869koo7.cloudfront.net_0.localstorage-journal =>.SUP.CloudfrontNet
O4 - GS\ProgramsCommon [Public]: Launch RamBooster 2.0.lnk . (.J.Pajula - RamBooster.) D:\Program Files (x86)\RamBooster 2.0\Rambooster.exe
EmptyPrefetch
ShortcutFix
Emptytemp
EmptyClsid

And paste it into the blank ZHP Fix interface screen, then click GO.

CiyzY6j.jpg


Accept the cleaning process by clicking "Oui" (yes)

qcen9tq.jpg


The cleanup will run and will again ask for permission to complete, again select "Oui".

At the conclusion of cleaning a file notepad will open and be saved to your desktop. Please Copy and Paste the contents of this file in your next reply :)
 
#19
Oops!..
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2017 01
Ran by scct (administrator) on DESKTOP-TN0A1RB (16-08-2017 09:26:20)
Running from C:\Users\scct\Desktop\New folder (2)
Loaded Profiles: scct (Available Profiles: defaultuser0 & scct)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\scct\Desktop\New folder (2)\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-06-28] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-10] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-11-04] (Siber Systems)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Run: [Spotify Web Helper] => C:\Users\scct\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-12] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1b30f767-49af-449e-bf96-8bca1f256d62}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{f567b79d-d877-4cd9-a354-819b58d9860e}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll => No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: es7scrkr.default
FF ProfilePath: C:\Users\scct\AppData\Roaming\Mozilla\Firefox\Profiles\es7scrkr.default [2017-08-15]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-08-09] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-08-09] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-08-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-22] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-17] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-251929532-3862799365-3943777-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\scct\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-06-27] (Zoom Video Communications, Inc.)
StartMenuInternet: Firefox-260915DCF3A62DA7 - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.co.uk/
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-gb","hxxps://www.facebook.com/","hxxp://www.ebay.co.uk/","hxxp://www.skybet.com/","hxxp://www.bet365.com/","hxxp://www.google.co.uk/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Profile: C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default [2017-08-16]
CHR Extension: (Google Slides) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-15]
CHR Extension: (Google Docs) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-15]
CHR Extension: (Google Drive) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-15]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-08-15]
CHR Extension: (YouTube) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-15]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-08-15]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-08-15]
CHR Extension: (Google Sheets) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-15]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2017-08-15]
CHR Extension: (Google Docs Offline) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-15]
CHR Extension: (mixMovie Start) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghfmhofojkkfdnlfefhkckbflohgiicn [2017-08-15]
CHR Extension: (Pinterest Save Button) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-08-15]
CHR Extension: (softorama) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfdniemoeflbhlmcnammemhdahpcjni [2017-08-15]
CHR Extension: (Save to Facebook) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-08-15]
CHR Extension: (Search DW) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\loopfhhjebfdiedohdimifdjcdolcljm [2017-08-15]
CHR Extension: (AVG SafePrice) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-08-15]
CHR Extension: (ZIP Extractor) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2017-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-15]
CHR Extension: (Gmail) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-15]
CHR Extension: (Chrome Media Router) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-15]
CHR Extension: (RoboForm Password Manager) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-08-15]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-10-22]
CHR HKU\S-1-5-21-251929532-3862799365-3943777-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-10-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-30] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-08-10] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-02-17] (Cypress Semiconductor, Inc.) [File not signed]
S3 EtronHub3; C:\WINDOWS\System32\Drivers\EtronHub3.sys [65408 2015-04-17] (Etron Technology Inc) [File not signed]
S3 EtronSTOR; C:\WINDOWS\System32\Drivers\EtronSTOR.sys [39296 2015-04-17] (Etron Technology Inc) [File not signed]
S3 EtronXHCI; C:\WINDOWS\System32\Drivers\EtronXHCI.sys [94208 2015-04-17] (Etron Technology Inc) [File not signed]
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-04] (REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-15] (Malwarebytes)
R1 MpKslb51ec94e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{35602509-EC44-4BB4-B80B-0158E1B6735B}\MpKslb51ec94e.sys [44928 2017-08-15] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-07-22] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 silabenm; C:\WINDOWS\System32\drivers\silabenm.sys [27336 2011-10-14] (Silicon Laboratories) [File not signed]
S3 TMUSB; C:\WINDOWS\System32\drivers\TMUSB64.SYS [63096 2012-12-05] (Seiko Epson Corporation) [File not signed]
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
R3 vl810filter; C:\WINDOWS\system32\DRIVERS\vl810filter.sys [17008 2011-11-17] (VIA Labs, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-15 19:28 - 2017-08-15 19:53 - 000000000 ____D C:\AdwCleaner
2017-08-15 19:28 - 2017-08-15 19:28 - 008185288 _____ (Malwarebytes) C:\Users\scct\Desktop\adwcleaner_7.0.1.0.exe
2017-08-15 19:25 - 2017-08-15 19:26 - 000000085 _____ C:\WINDOWS\wininit.ini
2017-08-15 19:24 - 2017-08-15 19:53 - 000000000 ____D C:\Users\scct\AppData\Roaming\IObit
2017-08-15 19:24 - 2017-08-15 19:24 - 000000000 ____D C:\ProgramData\IObit
2017-08-15 19:23 - 2017-08-15 19:23 - 000000000 ____D C:\Users\scct\AppData\Roaming\Geek Uninstaller
2017-08-15 19:22 - 2017-08-15 19:22 - 003000643 _____ C:\Users\scct\Desktop\geek.zip
2017-08-15 19:18 - 2017-08-15 19:18 - 000002342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-15 19:18 - 2017-08-15 19:18 - 000002330 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-15 19:17 - 2017-08-15 19:17 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-15 19:17 - 2017-08-15 19:17 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-15 19:16 - 2017-08-15 19:16 - 001130328 _____ (Google Inc.) C:\Users\scct\Downloads\ChromeSetup.exe
2017-08-15 18:53 - 2017-08-15 18:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-15 18:45 - 2017-08-15 18:45 - 001622528 _____ C:\Users\scct\Desktop\ResetBrowser.exe
2017-08-15 18:12 - 2017-08-15 18:12 - 001309184 _____ C:\Users\scct\Desktop\zoek.exe
2017-08-15 18:12 - 2017-08-15 18:12 - 000000000 ____D C:\zoek_backup
2017-08-15 18:05 - 2017-08-15 18:05 - 000000000 ____D C:\ProgramData\ProductData
2017-08-15 17:15 - 2017-08-16 09:26 - 000000000 ____D C:\Users\scct\Desktop\New folder (2)
2017-08-15 17:11 - 2017-08-15 17:12 - 000000000 ____D C:\Users\scct\Desktop\pc logs
2017-08-15 14:24 - 2017-08-15 14:59 - 000000000 ____D C:\Users\scct\AppData\Local\ZHP
2017-08-15 14:24 - 2017-08-15 14:28 - 000000000 ____D C:\Users\scct\AppData\Roaming\ZHP
2017-08-15 14:24 - 2017-08-15 14:24 - 000000864 _____ C:\Users\scct\Desktop\ZHPDiag.lnk
2017-08-15 14:03 - 2017-08-15 14:03 - 002812800 _____ C:\Users\scct\Desktop\ZHPDiag3.exe
2017-08-15 14:02 - 2017-08-15 14:02 - 001790024 _____ (Malwarebytes) C:\Users\scct\Desktop\JRT.exe
2017-08-15 12:42 - 2017-08-16 09:26 - 000000000 ____D C:\FRST
2017-08-15 11:07 - 2017-07-23 22:21 - 000454214 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170815-110708.backup
2017-08-14 12:58 - 2017-08-15 12:37 - 000000000 ____D C:\Users\scct\Desktop\Pics, music, work backups etc
2017-08-14 12:46 - 2017-08-14 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-13 20:49 - 2017-08-13 20:49 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-13 20:48 - 2017-08-13 20:48 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-12 14:11 - 2017-08-12 14:11 - 081719720 _____ (Dropbox, Inc.) C:\Users\scct\Desktop\Dropbox 32.4.23 Offline Installer.exe
2017-08-11 16:33 - 2017-08-12 14:47 - 000000000 ____D C:\Users\scct\Desktop\New folder
2017-08-10 18:03 - 2017-08-10 18:03 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-08-10 18:03 - 2017-08-10 18:03 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-08-10 18:03 - 2017-08-10 18:03 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-08-10 18:03 - 2017-08-10 18:03 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-08-09 18:58 - 2017-08-15 19:57 - 113770496 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-09 18:58 - 2017-08-15 19:57 - 005242880 _____ C:\WINDOWS\system32\config\DEFAULT
2017-08-09 18:58 - 2017-08-15 19:57 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2017-08-09 18:58 - 2017-08-14 19:42 - 000032768 _____ C:\WINDOWS\system32\config\SAM
2017-08-09 18:55 - 2017-07-31 16:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-09 18:55 - 2017-07-31 16:15 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 15:56 - 2014-10-16 10:27 - 000027424 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe
2017-08-09 13:56 - 2017-08-01 03:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 13:56 - 2017-08-01 03:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 13:56 - 2017-08-01 03:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 13:56 - 2017-08-01 03:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 13:56 - 2017-08-01 03:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 13:56 - 2017-08-01 03:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 13:56 - 2017-08-01 03:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 13:56 - 2017-08-01 03:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 13:56 - 2017-08-01 03:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 13:56 - 2017-08-01 03:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 13:56 - 2017-08-01 03:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 13:56 - 2017-08-01 03:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 13:56 - 2017-08-01 03:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 13:56 - 2017-08-01 03:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 13:56 - 2017-08-01 03:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 13:56 - 2017-08-01 03:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 13:56 - 2017-08-01 03:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 13:56 - 2017-08-01 03:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 13:56 - 2017-08-01 03:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 13:56 - 2017-08-01 03:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 13:56 - 2017-08-01 03:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 13:56 - 2017-08-01 03:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 13:56 - 2017-08-01 03:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 13:56 - 2017-08-01 03:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 13:56 - 2017-08-01 03:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 13:56 - 2017-08-01 03:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 13:56 - 2017-08-01 03:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 13:56 - 2017-08-01 03:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 13:56 - 2017-08-01 03:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 13:56 - 2017-08-01 03:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 13:56 - 2017-08-01 03:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 13:56 - 2017-08-01 03:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 13:56 - 2017-08-01 03:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 13:56 - 2017-08-01 03:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 13:56 - 2017-08-01 03:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 13:56 - 2017-08-01 03:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 13:56 - 2017-08-01 03:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 13:56 - 2017-08-01 03:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 13:56 - 2017-08-01 03:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 13:56 - 2017-08-01 03:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 13:56 - 2017-08-01 03:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 13:56 - 2017-08-01 03:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 13:56 - 2017-08-01 03:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 13:56 - 2017-08-01 03:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 13:56 - 2017-08-01 03:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 13:56 - 2017-08-01 03:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 13:56 - 2017-08-01 03:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 13:56 - 2017-08-01 02:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 13:56 - 2017-08-01 02:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 13:56 - 2017-08-01 02:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 13:56 - 2017-08-01 02:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 13:56 - 2017-08-01 02:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 13:56 - 2017-08-01 02:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 13:56 - 2017-08-01 02:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 13:56 - 2017-08-01 02:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 13:56 - 2017-08-01 02:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 13:56 - 2017-08-01 02:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 13:56 - 2017-08-01 02:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 13:56 - 2017-08-01 02:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 13:56 - 2017-08-01 02:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 13:56 - 2017-08-01 02:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 13:56 - 2017-08-01 02:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 13:56 - 2017-08-01 02:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 13:56 - 2017-08-01 02:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 13:56 - 2017-08-01 02:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 13:56 - 2017-08-01 02:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 13:56 - 2017-08-01 02:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 13:56 - 2017-08-01 02:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 13:56 - 2017-08-01 02:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 13:56 - 2017-08-01 02:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 13:56 - 2017-08-01 02:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 13:56 - 2017-08-01 02:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 13:56 - 2017-08-01 02:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 13:56 - 2017-08-01 02:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 13:56 - 2017-08-01 02:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 13:56 - 2017-08-01 02:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 13:56 - 2017-08-01 02:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 13:56 - 2017-08-01 02:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 13:56 - 2017-08-01 02:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 13:56 - 2017-08-01 02:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 13:56 - 2017-08-01 02:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 13:56 - 2017-08-01 02:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 13:56 - 2017-08-01 02:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 13:56 - 2017-08-01 02:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 13:56 - 2017-08-01 02:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 13:56 - 2017-08-01 02:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 13:56 - 2017-08-01 02:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-07 18:24 - 2017-08-09 18:59 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-08-07 18:00 - 2017-08-09 19:00 - 000000000 ____D C:\ProgramData\McAfee
2017-08-07 18:00 - 2017-08-07 18:00 - 000000000 ____D C:\Users\scct\AppData\LocalLow\Adobe
2017-08-07 17:58 - 2017-08-07 18:03 - 000000000 ____D C:\ProgramData\Adobe
2017-08-07 17:58 - 2017-08-07 17:58 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-08-05 07:46 - 2017-08-06 05:57 - 000000000 ____D C:\Program Files (x86)\RAMRush
2017-08-05 07:46 - 2017-08-05 12:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMRush
2017-08-04 23:23 - 2017-08-04 23:23 - 000000106 _____ C:\WINDOWS\SysWOW64\SoftwareCache.ini
2017-08-04 09:10 - 2017-08-03 15:51 - 000395232 __RSH C:\bootmgr
2017-08-04 09:10 - 2017-03-18 21:57 - 000000001 ___SH C:\BOOTNXT
2017-08-03 15:52 - 2017-08-03 15:52 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-03 15:52 - 2017-08-03 15:52 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-03 15:52 - 2017-08-03 15:52 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-03 15:51 - 2017-08-03 15:51 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-03 15:51 - 2017-08-03 15:51 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-07-27 19:32 - 2017-08-03 12:25 - 000000000 ____D C:\Users\scct\AppData\LocalLow\Mozilla
2017-07-27 19:31 - 2017-08-15 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-27 19:31 - 2017-08-15 18:53 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-27 19:31 - 2017-08-15 18:53 - 000001218 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-27 19:31 - 2017-08-15 18:52 - 000000000 ____D C:\Users\scct\AppData\Roaming\Mozilla
2017-07-27 07:57 - 2017-07-27 07:57 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-07-24 21:03 - 2017-08-09 18:58 - 005169152 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2017-07-24 21:03 - 2017-08-09 18:58 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2017-07-24 21:03 - 2017-08-09 18:58 - 000032768 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2017-07-24 21:02 - 2017-08-09 18:58 - 113487872 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2017-07-24 21:02 - 2017-08-09 18:58 - 006369280 _____ C:\WINDOWS\system32\config\DRIVERS.iodefrag.bak
2017-07-24 21:02 - 2017-08-04 09:07 - 047132672 _____ C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
2017-07-24 10:47 - 2017-07-24 10:47 - 044146688 _____ C:\WINDOWS\system32\config\COMPONENTS.iobit
2017-07-24 10:01 - 2017-07-24 10:01 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmonflt.sys.150088689757801
2017-07-23 22:21 - 2017-07-06 19:21 - 000454214 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170723-222143.backup
2017-07-22 17:06 - 2017-07-22 17:06 - 000984032 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-07-20 15:29 - 2016-04-21 10:10 - 000027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 09:27 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-15 21:19 - 2017-06-20 19:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-15 19:58 - 2017-06-20 20:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-15 19:58 - 2017-06-20 19:37 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-15 19:58 - 2017-03-05 01:52 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-15 19:58 - 2016-10-22 20:28 - 000000000 ____D C:\Users\scct\AppData\Roaming\AVG
2017-08-15 19:58 - 2016-10-22 20:24 - 000000000 ____D C:\ProgramData\Avg
2017-08-15 19:58 - 2016-10-22 20:24 - 000000000 ____D C:\Program Files (x86)\AVG
2017-08-15 19:57 - 2017-03-18 12:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-15 19:53 - 2016-10-22 21:08 - 000000000 ____D C:\Users\scct\AppData\LocalLow\IObit
2017-08-15 19:53 - 2016-10-22 21:07 - 000000000 ____D C:\Program Files (x86)\IObit
2017-08-15 19:30 - 2016-10-22 20:23 - 000000000 ____D C:\Users\scct\AppData\Local\AvgSetupLog
2017-08-15 19:30 - 2016-10-22 19:08 - 000565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-15 19:26 - 2016-10-22 20:32 - 000000000 ___RD C:\Users\scct\Desktop\PC Progs
2017-08-15 19:18 - 2016-10-22 20:03 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-15 17:58 - 2016-11-15 14:00 - 000000000 ____D C:\Users\scct\AppData\LocalLow\Temp
2017-08-15 17:54 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-15 15:00 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-15 12:28 - 2016-11-04 08:52 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-14 18:03 - 2016-10-31 21:31 - 000000000 ____D C:\Users\scct\AppData\Roaming\Spotify
2017-08-14 18:03 - 2016-10-31 21:31 - 000000000 ____D C:\Users\scct\AppData\Local\Spotify
2017-08-14 13:09 - 2017-06-28 20:33 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-14 12:46 - 2017-01-30 23:45 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-13 01:12 - 2017-06-20 19:39 - 000000000 ____D C:\Users\scct
2017-08-12 14:41 - 2017-01-30 23:48 - 000000000 ___RD C:\Users\scct\Dropbox
2017-08-12 13:54 - 2017-06-20 19:39 - 000000000 ____D C:\Users\defaultuser0
2017-08-11 21:17 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-11 20:28 - 2016-10-22 21:25 - 000000000 ____D C:\Users\scct\AppData\Roaming\vlc
2017-08-11 15:28 - 2016-12-04 14:12 - 000000000 ____D C:\Users\scct\AppData\Roaming\dvdcss
2017-08-10 04:38 - 2016-10-22 18:48 - 000000000 ____D C:\Users\scct\AppData\Local\Comms
2017-08-09 19:01 - 2017-06-20 19:30 - 000380296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 14:02 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 14:00 - 2016-10-22 19:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 13:57 - 2016-10-22 19:07 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 20:25 - 2016-10-22 18:46 - 000000000 ____D C:\Users\scct\AppData\Local\Packages
2017-08-08 12:10 - 2017-06-20 20:10 - 000004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-08 12:10 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 12:10 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-07 18:08 - 2017-04-13 02:44 - 000000000 ____D C:\Users\scct\AppData\Local\Adobe
2017-08-07 18:00 - 2016-10-22 18:46 - 000000000 ____D C:\Users\scct\AppData\Roaming\Adobe
2017-08-06 16:02 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-04 09:34 - 2016-10-22 18:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-04 09:16 - 2017-06-20 19:56 - 000956190 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-28 09:21 - 2016-11-27 09:18 - 000000000 ____D C:\Program Files\Microsoft Office
2017-07-27 07:59 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-27 07:57 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-26 13:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-07-17 10:40 - 2017-01-30 23:45 - 000000000 ____D C:\Users\scct\AppData\Local\Dropbox

==================== Files in the root of some directories =======

2016-11-02 21:37 - 2016-12-29 14:15 - 000016896 _____ () C:\Users\scct\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-22 20:54 - 2017-06-17 09:32 - 000007597 _____ () C:\Users\scct\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-08-15 19:23 - 2017-08-15 19:23 - 004043712 _____ (Geek Unіnstaller) C:\Users\scct\AppData\Local\Temp\geek64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-11 21:18

==================== End of FRST.txt ============================
 
#20
Rapport de ZHPFix 2017.06.13.1 par Nicolas Coolman, Update du 13/06/2017
Fichier d'export Registre :
Run by scct at 16/08/2017 20:21:32
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (15063)

Recycle Bin emptied (00mn 04s)
Prefetcher emptied
Repair of browser shortcuts

========== Process memory ==========
REMOVES: Memory Process: C:\WINDOWS\Prefetch\BROWSERPROTECT.EXE-9DE5B231.pf

========== Registry keys ==========
REMOVES: HKCU\SOFTWARE\IM
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}

========== Preferences browser ==========
NOW Chrome File: C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://d1ndl3am21r6ws.cloudfront.net
NOW Chrome File: C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://d31qbv1cthcecs.cloudfront.net
NOW Chrome File: C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://d5nxst8fruw4z.cloudfront.net

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
Deletes temporary Windows (287) (16,059,886 octets)

========== Other ==========
NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]


========== Summary ==========
1 : Process memory
2 : Registry keys
1 : Folders
1 : Files
6 : Preferences browser
1 : Other


End of clean in 00mn 07s

========== Path to file report ==========
C:\Users\scct\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/08/2017 20:21:36 [1616]
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu