Solved Speeding up my P.C?

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Allan.T

PCHF Member
PCHF Member
Jun 17, 2017
132
19
30
U.K, North West.
Hi,

Some may know I'm looking into getting new parts for my PC, whilst I'm waiting for that to happen, I'm wondering if there is anyway to speed up my PC on the software side of things, and I don't mean putting it on wheels and pushing it down the hill haha.

I enjoy my games, and my games list is full of games I can't play due to the lack of speed on my computer. My processor is lagging behind, as is my GPU (If im honest, I'd like to just replace everything, but beggars can't be choosers huh?). So is there much I can do? I know there's over-clocking etc. but it's all beyond me, and too much pc tech info just scrambles my brain!

Thank you in advanced,

Regards,
Allan
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,397
552
ZHP Diag Scan


Download ZHP Diag to your desktop.


1. Right Click Run as Admin.
2. Click the Options button.

Click on Check All
Then Click Validate
Then click close.




3. Click the Scanner button.





When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.

HijackThis.


1- Please Click HERE to download HijackThis. -- Unzip to your desktop.
2- Right click run as admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.
 

Allan.T

PCHF Member
PCHF Member
Jun 17, 2017
132
19
30
U.K, North West.
Hey there, I've done what you asked of me,

ZHPDiag
~ ZHPDiag v2017.6.17.100 By Nicolas Coolman (2017/06/17)
~ Run by Allan (Administrator) (2017/06/18 02:28:57)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Certificate ZHPDiag: Legal
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Allan\Desktop\ZHPDiag.txt
~ Report: C:\Users\Allan\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

---\\ Internet Browsers (2) - 0s
~ MFIE: Mozilla Firefox 53.0.3 (x86 en-US)
~ MSIE: Internet Explorer v11.0.9600.18697

---\\ Windows Product Information (4) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software (2) - 2s
Avast Free Antivirus v17.4.2294 (Protection)
Malwarebytes Anti-Malware version 2.2.0.1024 (Protection)

---\\ Surveillance software (1) - 2s
~ Adobe Flash Player 26 NPAPI (Surveillance)

---\\ Sharing software PeerToPeer (1) - 3s
~ µTorrent v3.4.3.40298 (P2P)

---\\ Information on the system (6) - 0s
~ Operating System: AMD64 Family 21 Model 1 Stepping 2, AuthenticAMD
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 8371.448 MB (70% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 537 GB (56%) free of 953 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: PROTOTYPE
~ User Name: Allan
~ Logged in as Administrator

---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 537 GB free of 953 GB (System)
~ Drive E: has 379 GB free of 476 GB

---\\ State of the Windows Security Center (11) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

---\\ Search Generic System Files (24) - 1s
[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - 29/08/2016 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [3229696] =>.Microsoft Corporation
[MD5.C36BB659F08F046B139C8D1B980BF1AC] - 30/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [46080] =>.Microsoft Corporation
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [129024] =>.Microsoft Corporation
[MD5.1AAE329190ED545F5FB02941F3644094] - 14/05/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [3240960] =>.Microsoft Corporation
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - 17/07/2014 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [455168] =>.Microsoft Corporation
[MD5.067FA52BFB59A56110A12312EF9AF243] - 21/11/2010 - (.Microsoft Corporation - Software Licensing Library.) -- C:\Windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation
[MD5.492D07D79E7024CA310867B526D9636D] - 03/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation
[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 03/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\Syswow64\dnsapi.dll [270336] =>.Microsoft Corporation
[MD5.0DC2A9882540DEA4A55B08785E09D8FC] - 04/04/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [496128] =>.Microsoft Corporation
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windows®
[MD5.B8BD2BB284668C84865658C77574381A] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation
[MD5.9B38580063D281A99E68EF5813022A5F] - 08/09/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [106496] =>.Microsoft Corporation
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation
[MD5.9B08FBED1849FB5A6E0BA1D44396191D] - 21/05/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [159744] =>.Microsoft Corporation
[MD5.E47D571FEC2C76E867935109AB2A770C] - 11/05/2016 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [262144] =>.Microsoft Corporation
[MD5.47B2D0B31BDC3EBE6090228E2BA3764D] - 11/01/2016 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1684416] =>.Microsoft Windows®
[MD5.0086431C29C35BE1DBC43F52CC273887] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 21/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation
[MD5.028D61D9803FBEFB7426696A7840BB48] - 10/05/2017 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [117248] =>.Microsoft Corporation
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - 21/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [295808] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (11) - 3s
O23 - Service: (AdobeUpdateService) . (.Adobe Systems Incorporated - Adobe Update Service.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe =>.Adobe Systems Incorporated®
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) . (.BlueStack Systems, Inc. - BlueStacks Service.) - C:\Program Files (x86)\BlueStacks\HD-Service.exe =>.Bluestack Systems, Inc.®
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe =>.Bluestack Systems, Inc.®
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) . (.BlueStack Systems, Inc. - BlueStacks Updater Service.) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe =>.Bluestack Systems, Inc.®
O23 - Service: (MBAMService) . (.Malwarebytes - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 342.0.) - C:\Windows\system32\nvvsvc.exe =>.NVIDIA Corporation
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe =>.NVIDIA Corporation®
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) . (.VIA Technologies, Inc. - Service binary.) - C:\Windows\system32\viakaraokesrv.exe =>.VIA Technologies, Inc.

---\\ Services not Microsoft (SR=Run, SS=Stop) (18) - 24s
SS - Demand [17/06/2017] [ 272384] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SR - Auto [09/06/2015] [ 680112] (AdobeUpdateService) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe =>.Adobe Systems Incorporated®
SS - Demand [14/06/2017] [ 7346208] aswbIDSAgent (aswbIDSAgent) . (.AVAST Software s.r.o..) - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe =>.AVAST Software s.r.o.®
SR - Auto [14/06/2017] [ 263304] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
SS - Demand [17/06/2017] [ 1404936] BattlEye Service (BEService) . (...) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe =>.BattlEye Innovations e.K.®
SS - Auto [24/03/2015] [ 433880] BlueStacks Android Service (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe =>.Bluestack Systems, Inc.®
SR - Auto [24/03/2015] [ 388824] BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe =>.Bluestack Systems, Inc.®
SR - Auto [24/03/2015] [ 798424] BlueStacks Updater Service (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe =>.Bluestack Systems, Inc.®
SS - Auto [05/10/2015] [ 1135416] (MBAMService) . (.Malwarebytes.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
SS - Demand [16/06/2017] [ 173512] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
SR - Auto [03/05/2017] [ 495040] NVIDIA LocalSystem Container (NvContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
SS - Demand [03/05/2017] [ 495040] NVIDIA NetworkService Container (NvContainerNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
SR - Auto [14/11/2016] [ 932728] NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe =>.NVIDIA Corporation®
SR - Auto [03/05/2017] [ 449984] NVIDIA Telemetry Container (NvTelemetryContainer) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe =>.NVIDIA Corporation®
SS - Demand [29/04/2015] [ 1931632] Origin Client Service (Origin Client Service) . (.Electronic Arts.) - C:\Program Files (x86)\Origin\OriginClientService.exe =>.Electronic Arts, Inc.®
SR - Demand [08/06/2017] [ 1607968] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valve®
SR - Auto [14/11/2016] [ 426040] NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®
SR - Auto [22/10/2012] [ 27768] VIA Karaoke digital mixer Service (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\system32\viakaraokesrv.exe =>.VIA Technologies Inc.®

---\\ Task Planned Automatically (25) - 8s
[MD5.7DE8B8AC559E16AEB388E7D098E7C288] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.866FF7A49542CDBBF7EE0FD4FD0ADC02] [APT] [Avast Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2326672] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.934BF1FB1BE4A5BAE408EE860D82AEF0] [APT] [NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040] (.Activate.) =>.NVIDIA Corporation®
[MD5.920B28E89B82FD1BEB28F710C23C2B08] [APT] [NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1693632] (.Activate.) =>.NVIDIA Corporation®
[MD5.EA7CA45E1634F0E362C8954249223599] [APT] [NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [946112] (.Activate.) =>.NVIDIA Corporation®
[MD5.DD2097DB22ADE924A5224F9223595764] [APT] [NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649152] (.Activate.) =>.NVIDIA Corporation®
[MD5.DD2097DB22ADE924A5224F9223595764] [APT] [NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649152] (.Activate.) =>.NVIDIA Corporation®
[MD5.1194C29F3D59D17268DB7DBE69A5D8E3] [APT] [NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436672] (.Activate.) =>.NVIDIA Corporation®
[MD5.4B870A77F09529EABB6F7C83A5D99152] [APT] [NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000] (.Activate.) =>.NVIDIA Corporation®
[MD5.4B870A77F09529EABB6F7C83A5D99152] [APT] [NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000] (.Activate.) =>.NVIDIA Corporation®
[MD5.41559E85DBA8DF3E7C197C5514B6025D] [APT] [SafeZone scheduled Autoupdate 1497547532] (.Avast Software.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe [927264] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.80E8A9D877445CD90EC72B630704AF0A] [APT] [{93E3722E-7795-4E87-87B3-5C42114B32F0}] (...) -- C:\Windows\UniFish3.exe [45568] (.Activate.)
[MD5.C72865DE00C0B7E4B4C3DEBCB347FC36] [APT] [AVAST Software\Avast settings backup] (.AVAST Software.) -- C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [797264] (.Activate.) =>.AVAST Software s.r.o.®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [4312] =>.Adobe Systems Incorporated®
O39 - APT: Avast Emergency Update - (.AVAST Software.) -- C:\Windows\System32\Tasks\Avast Emergency Update [4172] =>.AVAST Software s.r.o.®
O39 - APT: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [4146] =>.NVIDIA Corporation®
O39 - APT: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3814] =>.NVIDIA Corporation®
O39 - APT: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3852] =>.NVIDIA Corporation®
O39 - APT: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3738] =>.NVIDIA Corporation®
O39 - APT: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3494] =>.NVIDIA Corporation®
O39 - APT: NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3730] =>.NVIDIA Corporation®
O39 - APT: NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3554] =>.NVIDIA Corporation®
O39 - APT: NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3738] =>.NVIDIA Corporation®
O39 - APT: SafeZone scheduled Autoupdate 1497547532 - (.Avast Software.) -- C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1497547532 [3894] =>.AVAST Software s.r.o.®
O39 - APT: {93E3722E-7795-4E87-87B3-5C42114B32F0} - (...) -- C:\Windows\System32\Tasks\{93E3722E-7795-4E87-87B3-5C42114B32F0} [3224]

---\\ Auto loading programs from Registry and folders (17) - 1s
O4 - HKLM\..\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe =>.VIA Technologies Inc.®
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated®
O4 - HKLM\..\Run: [Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\Pac207\Monitor.exe =>.PixArt Imaging Incorporation
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll =>.Logitech, Inc.
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) -- C:\Program Files\AVAST Software\Avast\AvLaunch.exe =>.AVAST Software s.r.o.®
O4 - HKLM\..\Run: [ShadowPlay] . (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - HKCU\..\Run: [Gaijin.Net Agent] C:\Users\Allan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe =>.Bluestack Systems, Inc.®
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe =>.Adobe Systems Incorporated®
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle America, Inc.®
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2771956393-836798383-2307004672-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - HKUS\S-1-5-21-2771956393-836798383-2307004672-1000\..\Run: [Gaijin.Net Agent] C:\Users\Allan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe (.not file.)

---\\ Process running (32) - 3s
[MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 342.0.) -- C:\Windows\system32\nvvsvc.exe [0] [PID.808] =>.NVIDIA Corporation
[MD5.843F16D234D03756B9EB6054B5C62FAA] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [426040] [PID.832] =>.NVIDIA Corporation®
[MD5.C66BCE13DB7C119824839C63FEA226FA] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1208256] [PID.1232] =>.NVIDIA Corporation®
[MD5.D961A7C05A76302E782B1B0CF6546BA7] - (.AVAST Software - Avast Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304] [PID.1240] =>.AVAST Software s.r.o.®
[MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 342.0.) -- C:\Windows\system32\nvvsvc.exe [0] [PID.1248] =>.NVIDIA Corporation
[MD5.E1E457F60C294A55455856ABCE91B476] - (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320] [PID.1644] =>.VIA Technologies Inc.®
[MD5.72334F906C2E2B002CDD2FF9022FD957] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\Pac207\Monitor.exe [319488] [PID.1728] =>.PixArt Imaging Incorporation
[MD5.2EDBCFD497891D49C17B5158DE698021] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [2453952] [PID.1852] =>.NVIDIA Corporation®
[MD5.8FE697AB8A4C28D79C1CDB97C6FB1A17] - (.AVAST Software - Avast Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [8470464] [PID.1724] =>.AVAST Software s.r.o.®
[MD5.86067F0EBA4A2C98B51D62452BBF3552] - (.Adobe Systems Incorporated - Adobe Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112] [PID.1960] =>.Adobe Systems Incorporated®
[MD5.3E2658D4F51D68512E45A4D764C39C14] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe [863960] [PID.1668] =>.Bluestack Systems, Inc.®
[MD5.FB3E302A7C189113F208CB0BF5FC8B37] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152] [PID.2044] =>.Adobe Systems Incorporated®
[MD5.A443A7C05ABF0FCD16E89593F63B633B] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288] [PID.1712] =>.Oracle America, Inc.®
[MD5.DED9C438796B43D153DEF0658A220C58] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824] [PID.2012] =>.Bluestack Systems, Inc.®
[MD5.F6AED4B054657DCF9DE6D7717AAFA227] - (.BlueStack Systems, Inc. - BlueStacks Updater Service.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [798424] [PID.2224] =>.Bluestack Systems, Inc.®
[MD5.41437022B1CEFD388471B7D1F72EAE7C] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [1011360] [PID.2264] =>.Adobe Systems Incorporated®
[MD5.934BF1FB1BE4A5BAE408EE860D82AEF0] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040] [PID.2592] =>.NVIDIA Corporation®
[MD5.0B7BD772ED45111574E2736A5F358D79] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984] [PID.2660] =>.NVIDIA Corporation®
[MD5.00000000000000000000000000000000] - (.VIA Technologies, Inc. - Service binary.) -- C:\Windows\system32\viakaraokesrv.exe [0] [PID.2436] =>.VIA Technologies, Inc.
[MD5.D717B0C761162A5D6D1A10289A77C309] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [449984] [PID.3484] =>.NVIDIA Corporation®
[MD5.A69BC7203E0BFFEE8215C0913D02CB55] - (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe [3042592] [PID.3952] =>.Valve®
[MD5.6CA4BBBE6811C0BDC1D1DC2806F56956] - (.Node.js - NVIDIA Web Helper Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [15553472] [PID.2536] =>.NVIDIA Corporation®
[MD5.FF50FC14C9EF527FB7815DDA059D64AF] - (.Adobe Systems Incorporated - Creative Cloud.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2266800] [PID.4716] =>.Adobe Systems Incorporated®
[MD5.8D1C080C4746E8DFDE72AD0D073652B8] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe [174256] [PID.5052] =>.Adobe Systems Incorporated®
[MD5.4899A46E0F6522BBCCE2612DBA56E00E] - (.Valve Corporation - Steam Client WebHelper.) -- C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [2419488] [PID.1828] =>.Valve®
[MD5.AC5DE2689B571942E08128D0EC771495] - (.Valve Corporation - Steam Client Service.) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1607968] [PID.4496] =>.Valve®
[MD5.3FB6BCB23D287E155DE39A6C2EED6DA0] - (.Copyright © 2013 Adobe Systems, Inc. All rights reser - Core Sync.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [31404192] [PID.4172] =>.Adobe Systems Incorporated®
[MD5.8D1C080C4746E8DFDE72AD0D073652B8] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe [174256] [PID.4628] =>.Adobe Systems Incorporated®
[MD5.4899A46E0F6522BBCCE2612DBA56E00E] - (.Valve Corporation - Steam Client WebHelper.) -- C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [2419488] [PID.2508] =>.Valve®
[MD5.9710FABEF9AD37A3AA966AF53BCBDD1A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [517064] [PID.6096] =>.Mozilla Corporation®
[MD5.2550455C4B37E9B1EE17D1B96B8DF7C5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Allan\ZHPDiag3.exe [2751872] [PID.4940] =>.Nicolas Coolman
[MD5.4899A46E0F6522BBCCE2612DBA56E00E] - (.Valve Corporation - Steam Client WebHelper.) -- C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [2419488] [PID.4892] =>.Valve®

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (3) - 1s
P2 - EXT FILE: (.Avast SafePrice - Avast SafePrice - safe shopping extens.) -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\extensions\[email protected] =>.Avast SafePrice
P2 - EXT FILE: (.Avast Online Security - Avast Browser Security and Web Reputat.) -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\extensions\[email protected] =>.Avast Online Security
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll =>.Adobe Systems Incorporated

---\\ Internet Explorer Extensions, Start, Search (15) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)

---\\ Browser Helper Object (BHO) (1) - 1s
O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>.AVAST Software s.r.o.®

---\\ Internet Explorer Toolbars (1) - 0s
O3 - Toolbar: 0xB1C218236549D4119B18009027A5CD4F - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} . (...) -- (.not file.)

---\\ Global shortcuts Startup (70) - 6s
O4 - GS\Desktop [Administrator]: Documents.lnk . (...) C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Allan\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Allan\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Allan]: Documents.lnk . (...) C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop [Allan]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Allan\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Allan]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Allan]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Allan\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\sendTo [Allan]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Allan]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Allan]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Allan]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [ASPNET]: Documents.lnk . (...) C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop [ASPNET]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Allan\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [ASPNET]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [ASPNET]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Allan\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\sendTo [ASPNET]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [ASPNET]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [ASPNET]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [ASPNET]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: Documents.lnk . (...) C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Allan\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Allan\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\Windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\Windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\system32\mblctr.exe /open =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\Windows\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\Windows\system32\rundll32.exe %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\Windows\system32\perfmon.exe /res =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) C:\Windows\system32\taskschd.msc /s =>..Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\Windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\Windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Adobe Creative Cloud.lnk . (.Adobe Systems Incorporated - Adobe Creative Cloud.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe =>.Adobe Systems Incorporated®
O4 - GS\ProgramsCommon [Public]: Adobe Photoshop CC 2015.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CC 2015.) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe =>.Adobe Systems Incorporated®
O4 - GS\ProgramsCommon [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\ProgramsCommon [Public]: GIMP 2.lnk . (.Spencer Kimball, Peter Mattis and the GIMP Developmen - GNU Image Manipulation Program.) C:\Program Files\GIMP 2\bin\gimp-2.8.exe =>.Jernej Simoncic®
O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files (x86)\Windows Sidebar\sidebar.exe /showgadgets =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Windows Anytime Upgrade User Interface.) C:\Windows\system32\WindowsAnytimeUpgradeUI.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\Windows\system32\xpsrchvw.exe =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (6) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = default
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C5D3712-B4D6-4552-9145-29D1C9023246}: DhcpNameServer = 192.168.1.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C522FF4-BDFB-476F-ADB6-A2FDA8D78087}: DhcpNameServer = 192.168.1.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C5D3712-B4D6-4552-9145-29D1C9023246}: DhcpDomain = default
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C522FF4-BDFB-476F-ADB6-A2FDA8D78087}: DhcpDomain = dlink.com

---\\ Extra protocols (20) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®

---\\ Software installed (84) - 11s
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent =>.BitTorrent Inc®
O42 - Logiciel: Adobe Creative Cloud - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Creative Cloud =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Flash Player 26 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Flash Player 26 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Photoshop CC 2015 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {793C2BF7-A4FE-4608-91C9-9282C5801C21} =>.Adobe Systems Incorporated®
O42 - Logiciel: AirMech - (.Carbon Games.) [HKLM][64Bits] -- Steam App 206500 =>.Valve®
O42 - Logiciel: Arma 2 - (.Bohemia Interactive.) [HKLM][64Bits] -- Steam App 33910 =>.Valve®
O42 - Logiciel: Arma 2: DayZ Mod - (.Bohemia Interactive.) [HKLM][64Bits] -- Steam App 224580 =>.Valve®
O42 - Logiciel: Arma 2: Operation Arrowhead - (.Bohemia Interactive.) [HKLM][64Bits] -- Steam App 33930 =>.Valve®
O42 - Logiciel: Arma 2: Operation Arrowhead Beta (Obsolete) - (.Valve.) [HKLM][64Bits] -- Steam App 219540 =>.Valve®
O42 - Logiciel: Arma: Cold War Assault - (.Bohemia Interactive.) [HKLM][64Bits] -- Steam App 65790 =>.Valve®
O42 - Logiciel: Avast Free Antivirus - (.AVAST Software.) [HKLM][64Bits] -- Avast Antivirus =>.AVAST Software s.r.o.®
O42 - Logiciel: BattlEye Uninstall - (.Bohemia Interactive Studio.) [HKLM][64Bits] -- BattlEye for A2
O42 - Logiciel: BlueStacks App Player - (.BlueStack Systems, Inc..) [HKLM][64Bits] -- BlueStacks App Player =>.Bluestack Systems, Inc.®
O42 - Logiciel: BlueStacks Notification Center - (.BlueStack Systems, Inc..) [HKLM][64Bits] -- {011580CB-3D7F-47A6-A5D2-1287A4E43C73} =>.BlueStack Systems, Inc.
O42 - Logiciel: Counter-Strike - (.Valve.) [HKLM][64Bits] -- Steam App 10 =>.Valve®
O42 - Logiciel: Counter-Strike: Condition Zero - (.Valve.) [HKLM][64Bits] -- Steam App 80 =>.Valve®
O42 - Logiciel: Counter-Strike: Condition Zero Deleted Scenes - (.Valve.) [HKLM][64Bits] -- Steam App 100 =>.Valve®
O42 - Logiciel: Counter-Strike: Global Offensive - (.Valve.) [HKLM][64Bits] -- Steam App 730 =>.Valve®
O42 - Logiciel: Counter-Strike: Source - (.Valve.) [HKLM][64Bits] -- Steam App 240 =>.Valve®
O42 - Logiciel: Elite Dangerous Launcher version 0.4.2854.0 - (.Frontier Developments.) [HKLM][64Bits] -- {696F8871-C91D-4CB1-825D-36BE18065575}_is1 =>.Frontier Developments Plc®
O42 - Logiciel: GIMP 2.8.14 - (.The GIMP Team.) [HKLM][64Bits] -- GIMP-2_is1 =>.Jernej Simoncic®
O42 - Logiciel: Java 8 Update 131 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F32180131F0} =>.Oracle Corporation
O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] -- {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
O42 - Logiciel: Malwarebytes Anti-Malware version 2.2.0.1024 - (.Malwarebytes.) [HKLM][64Bits] -- Malwarebytes Anti-Malware_is1 =>.Malwarebytes
O42 - Logiciel: MechWarrior Online - (.Piranha Games Inc..) [HKLM][64Bits] -- Steam App 342200 =>.Valve®
O42 - Logiciel: Medieval II Total War - (.SEGA.) [HKLM][64Bits] -- {C0698BDA-0D29-40EE-8570-A31106DF9AB1} =>.Macrovision Corporation®
O42 - Logiciel: Medieval II Total War : Kingdoms : Americas - (.SEGA.) [HKLM][64Bits] -- {75983B66-804C-40D1-BA13-64DAF652A6F1} =>.Macrovision Corporation®
O42 - Logiciel: Medieval II Total War : Kingdoms : Britannia - (.SEGA.) [HKLM][64Bits] -- {CEDDEE73-3D36-41C2-AA40-29355D9FBD63} =>.Macrovision Corporation®
O42 - Logiciel: Medieval II Total War : Kingdoms : Crusades - (.SEGA.) [HKLM][64Bits] -- {02A10468-2F1C-447C-AD8E-4DEDDEA25AE2} =>.Macrovision Corporation®
O42 - Logiciel: Medieval II Total War : Kingdoms : Teutonic - (.SEGA.) [HKLM][64Bits] -- {7AEE1963-7001-4C37-BC20-2FAEB74AA41C} =>.Macrovision Corporation®
O42 - Logiciel: Microsoft Mouse and Keyboard Center - (.Microsoft Corporation.) [HKLM][64Bits] -- {23D2AFC7-C01E-4413-9D9A-0BABF52569BF} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Mouse and Keyboard Center - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Mouse and Keyboard Center =>.Microsoft Corporation®
O42 - Logiciel: Microsoft Zoo Tycoon - (..) [HKLM][64Bits] -- Zoo Tycoon 1.0
O42 - Logiciel: Mozilla Firefox 53.0.3 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 53.0.3 (x86 en-US) =>.Mozilla Corporation®
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: NVIDIA 3D Vision Controller Driver 340.50 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA 3D Vision Driver 342.01 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Backend - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Control Panel 342.01 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA GeForce Experience 3.6.0.74 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Graphics Driver 342.01 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA LocalSystem Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Message Bus for NvContainer - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA NetworkService Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM][64Bits] -- {80407BA7-7763-4395-AB98-5233F1B34E65} =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX System Software 9.13.1220 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Session Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA ShadowPlay 3.6.0.74 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay =>.NVIDIA Corporation
O42 - Logiciel: Nvidia Share - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo =>.NVIDIA Corporation®
O42 - Logiciel: NVIDIA Telemetry Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Update 25.0.0.0 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Update Core - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA User Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Virtual Audio 3.70.2 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Watchdog Plugin for NvContainer - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog =>.NVIDIA Corporation
O42 - Logiciel: NvNodejs - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs =>.NVIDIA Corporation
O42 - Logiciel: NvTelemetry - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry =>.NVIDIA Corporation
O42 - Logiciel: NvvHci - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci =>.NVIDIA Corporation
O42 - Logiciel: OpenAL - (.Open Audio Library.) [HKLM][64Bits] -- OpenAL =>.Creative Labs Inc®
O42 - Logiciel: OpenOffice 4.1.1 - (.Apache Software Foundation.) [HKLM][64Bits] -- {9395F41D-0F80-432E-9A59-B8E477E7E163} =>.Apache Software Foundation
O42 - Logiciel: Origin - (.Electronic Arts, Inc..) [HKLM][64Bits] -- Origin =>.Electronic Arts, Inc.
O42 - Logiciel: PLAYERUNKNOWN'S BATTLEGROUNDS - (.Bluehole, Inc..) [HKLM][64Bits] -- Steam App 578080 =>.Valve®
O42 - Logiciel: PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server) - (..) [HKLM][64Bits] -- Steam App 622590 =>.Valve®
O42 - Logiciel: Plus500 - (..) [HKLM][64Bits] -- Plus500 {031183F8BA44C6DB1F7305BE0C6A6689}
O42 - Logiciel: Ralink RT2870 Wireless LAN Card - (.Ralink.) [HKLM][64Bits] -- {28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D} =>.Ralink Technology Corporation®
O42 - Logiciel: Roll - (..) [HKLM][64Bits] -- RollerCoaster Tycoon Setup
O42 - Logiciel: S.T.A.L.K.E.R.: Call of Pripyat - (.GSC Game World.) [HKLM][64Bits] -- Steam App 41700 =>.Valve®
O42 - Logiciel: S.T.A.L.K.E.R.: Shadow of Chernobyl - (.GSC Game World.) [HKLM][64Bits] -- Steam App 4500 =>.Valve®
O42 - Logiciel: SafeZone Stable 3.55.2393.607 - (.Avast Software.) [HKLM][64Bits] -- SafeZone 3.55.2393.607 =>.AVAST Software s.r.o.®
O42 - Logiciel: SHIELD Streaming - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv =>.NVIDIA Corporation
O42 - Logiciel: SHIELD Wireless Controller Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController =>.NVIDIA Corporation
O42 - Logiciel: Sid Meier's Pirates! - (.Firaxis Games.) [HKLM][64Bits] -- Steam App 3920 =>.Valve®
O42 - Logiciel: Steam - (.Valve.) [HKLM][64Bits] -- {048298C9-A4D3-490B-9FF9-AB023A9238F3} =>.Valve
O42 - Logiciel: The Pirate: Caribbean Hunt - (.Home Net Games.) [HKLM][64Bits] -- Steam App 512470 =>.Valve®
O42 - Logiciel: The Sims 2 - (..) [HKLM][64Bits] -- {6E7DD182-9FC6-4651-0095-2E666CC6AF35}
O42 - Logiciel: The Sims 2 Nightlife - (..) [HKLM][64Bits] -- {F7529650-B9DB-481B-0089-A2AC3C2821C1}
O42 - Logiciel: Ultima 8 - (.Electronic Arts.) [HKLM][64Bits] -- {428C6B01-D292-46F9-9321-75668ED17DA2} =>.Electronic Arts®
O42 - Logiciel: War Thunder - (.Gaijin Entertainment.) [HKLM][64Bits] -- Steam App 236390 =>.Valve®
O42 - Logiciel: WinZip 19.0 - (.WinZip Computing, S.L..) [HKLM][64Bits] -- {CD95F661-A5C4-44F5-A6AA-ECDD91C240E7} =>.WinZip Computing, S.L.
O42 - Logiciel: X2 - The Threat - (.EGOSOFT.) [HKLM][64Bits] -- {7DCB3E4A-E5EA-4324-ADB2-75BBFEFB44FB} =>.EGOSOFT

---\\ HKCU & HKLM Software Keys (74) - 11s
HKLM\SOFTWARE\Wow6432Node\685D6D1C-D73A-4F37-B7E5E53660311DDB =>.Pixart Imaging Inc
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Wow6432Node\BlueStacks =>.BlueStack Systems, Inc.
HKLM\SOFTWARE\Wow6432Node\Bohemia Interactive =>.Bohemia Interactive
HKLM\SOFTWARE\Wow6432Node\bohemia interactive studio =>.Bohemia Interactive Studio
HKLM\SOFTWARE\Wow6432Node\EA GAMES =>.EA Games
HKLM\SOFTWARE\Wow6432Node\EgoSoftware
HKLM\SOFTWARE\Wow6432Node\Electronic Arts =>.Electronic Arts
HKLM\SOFTWARE\Wow6432Node\Fish Technology Group
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\GSC Game World =>.GSC Game World
HKLM\SOFTWARE\Wow6432Node\InstallShield =>.InstallShield
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\MSPG32
HKLM\SOFTWARE\Wow6432Node\Nico Mak Computing =>.Nico Mak Computing
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\OpenAL =>.Open Audio Library
HKLM\SOFTWARE\Wow6432Node\OpenOffice =>.SourceForge
HKLM\SOFTWARE\Wow6432Node\Origin =>.Electronic Arts, Inc.
HKLM\SOFTWARE\Wow6432Node\Origin Games =>.Electronic Arts, Inc.
HKLM\SOFTWARE\Wow6432Node\Origin Systems
HKLM\SOFTWARE\Wow6432Node\PixArt =>.Pixart Imaging Inc
HKLM\SOFTWARE\Wow6432Node\Ralink =>.Ralink
HKLM\SOFTWARE\Wow6432Node\SEGA =>.SEGA
HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
HKLM\SOFTWARE\Wow6432Node\VIA Technologies, Inc =>.VIA Technologies, Inc
HKLM\SOFTWARE\Wow6432Node\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\Bohemia Interactive Studio =>.Bohemia Interactive Studio
HKCU\SOFTWARE\CarbonGames
HKCU\SOFTWARE\CheeseSoft
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\Electronic Arts =>.Electronic Arts
HKCU\SOFTWARE\Emulators =>.Open Source
HKCU\SOFTWARE\Epic Games =>.Epic Games
HKCU\SOFTWARE\epsxe =>.ePSXe
HKCU\SOFTWARE\Frontier Developments =>.Frontier Developments
HKCU\SOFTWARE\Gaijin =>.Gaijin Entertainment
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\Home Net Games
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\LogiShrd =>.LogiShrd
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\MSPG32
HKCU\SOFTWARE\Nico Mak Computing =>.Nico Mak Computing
HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKCU\SOFTWARE\OpenOffice =>.SourceForge
HKCU\SOFTWARE\Plus500
HKCU\SOFTWARE\SecuROM =>.SecuROM
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\Unity =>.Unity
HKCU\SOFTWARE\Valve =>.Valve
HKCU\SOFTWARE\VIA =>.VIA
HKCU\SOFTWARE\WinZip Computing =>.WinZip Computing
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation

---\\ Contents of the Common Files folders (209) - 6s
O43 - CFD: 28/06/2015 - [] D -- C:\Program Files\Adobe =>.Adobe Systems Incorporated®
O43 - CFD: 14/06/2017 - [] D -- C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
O43 - CFD: 03/12/2015 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 26/07/2015 - [] D -- C:\Program Files\GIMP 2 =>.Jernej Simoncic®
O43 - CFD: 15/04/2015 - [0] D -- C:\Program Files\Google =>.Google
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 16/04/2015 - [] D -- C:\Program Files\Microsoft Mouse and Keyboard Center =>.Microsoft Corporation
O43 - CFD: 27/04/2015 - [] D -- C:\Program Files\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 15/04/2015 - [] D -- C:\Program Files\VIA =>.VIA Technologies Inc.®
O43 - CFD: 17/04/2015 - [] D -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 17/04/2015 - [] D -- C:\Program Files\WinZip =>.WinZip Computing®
O43 - CFD: 28/06/2015 - [] D -- C:\Program Files (x86)\Adobe =>.Adobe Systems Incorporated®
O43 - CFD: 15/06/2017 - [0] D -- C:\Program Files (x86)\AGEIA Technologies =>.AGEIA Technologies
O43 - CFD: 15/04/2015 - [] D -- C:\Program Files (x86)\BlueStacks =>.BlueStack Systems, Inc.
O43 - CFD: 14/06/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 15/04/2015 - [0] D -- C:\Program Files (x86)\Driver Downloader
O43 - CFD: 13/04/2015 - [] D -- C:\Program Files (x86)\EA GAMES =>.EA Games
O43 - CFD: 11/04/2015 - [] D -- C:\Program Files (x86)\EGOSOFT =>.EGOSOFT
O43 - CFD: 15/04/2015 - [] D -- C:\Program Files (x86)\Frontier =>.Frontier Developments Plc®
O43 - CFD: 15/04/2015 - [] D -- C:\Program Files (x86)\Google =>.Google
O43 - CFD: 11/04/2015 - [] D -- C:\Program Files (x86)\Hasbro Interactive =>.Hasbro Interactive
O43 - CFD: 17/04/2015 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [] D -- C:\Program Files (x86)\Java =>.Oracle
O43 - CFD: 26/10/2015 - [] D -- C:\Program Files (x86)\Malwarebytes Anti-Malware =>.Malwarebytes
O43 - CFD: 27/04/2015 - [] D -- C:\Program Files (x86)\Microsoft Application Virtualization Client =>.Microsoft Corporation
O43 - CFD: 12/04/2015 - [] D -- C:\Program Files (x86)\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 27/04/2015 - [] D -- C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 16/04/2015 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 17/06/2017 - [] D -- C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
O43 - CFD: 17/06/2017 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 17/06/2017 - [] D -- C:\Program Files (x86)\OpenAL =>.Open Audio Library
O43 - CFD: 27/04/2015 - [] D -- C:\Program Files (x86)\OpenOffice 4 =>.OpenOffice.org
O43 - CFD: 29/04/2015 - [] D -- C:\Program Files (x86)\Origin =>.Electronic Arts, Inc.
O43 - CFD: 29/04/2015 - [] D -- C:\Program Files (x86)\Origin Games =>.Electronic Arts, Inc.
O43 - CFD: 30/07/2015 - [] D -- C:\Program Files (x86)\Plus500 {031183F8BA44C6DB1F7305BE0C6A6689}
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 12/04/2015 - [] D -- C:\Program Files (x86)\SEGA =>.SEGA
O43 - CFD: 17/06/2017 - [] D -- C:\Program Files (x86)\Steam =>.Steam Games
O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 15/04/2015 - [] D -- C:\Program Files (x86)\VIA =>.US Waves inc®
O43 - CFD: 17/04/2015 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 11/04/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 12/04/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 15/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software =>.AVAST Software
O43 - CFD: 15/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks =>.BlueStack Systems, Inc.
O43 - CFD: 17/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive =>.Bohemia Interactive
O43 - CFD: 13/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES =>.EA Games
O43 - CFD: 15/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier =>.Frontier
O43 - CFD: 29/04/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 11/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasbro Interactive =>.Hasbro Interactive
O43 - CFD: 14/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 26/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware =>.Malwarebytes
O43 - CFD: 12/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 16/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center =>.Microsoft Corporation
O43 - CFD: 27/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 27/04/2015 - [] SD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 =>.SourceForge
O43 - CFD: 29/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin =>.Electronic Arts, Inc.
O43 - CFD: 30/07/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plus500
O43 - CFD: 12/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA =>.SEGA
O43 - CFD: 17/04/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 12/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
O43 - CFD: 29/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima 8
O43 - CFD: 15/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA =>.VIA
O43 - CFD: 17/04/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip =>.WinZip
O43 - CFD: 28/06/2015 - [] D -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\ProgramData\AVAST Software =>.AVAST Software
O43 - CFD: 15/04/2015 - [] D -- C:\ProgramData\BlueStacks =>.BlueStack Systems, Inc.
O43 - CFD: 15/04/2015 - [] D -- C:\ProgramData\BlueStacksSetup =>.BlueStack Systems, Inc.
O43 - CFD: 17/06/2017 - [] D -- C:\ProgramData\Bohemia Interactive Studio =>.Bohemia Interactive Studio
O43 - CFD: 17/06/2017 - [] D -- C:\ProgramData\boost_interprocess =>.boost.org
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 29/04/2015 - [] D -- C:\ProgramData\Electronic Arts =>.Electronic Arts
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 16/06/2017 - [] D -- C:\ProgramData\Gaijin =>.Gaijin Entertainment
O43 - CFD: 25/07/2015 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 18/12/2015 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 15/04/2015 - [] D -- C:\ProgramData\Mozilla =>.Mozilla Corporation
O43 - CFD: 17/06/2017 - [] D -- C:\ProgramData\NVIDIA =>.nVidia Corporation
O43 - CFD: 14/06/2017 - [] D -- C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 14/06/2017 - [] D -- C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 27/05/2015 - [] D -- C:\ProgramData\Origin =>.Electronic Arts, Inc.
O43 - CFD: 14/06/2017 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 17/04/2015 - [] D -- C:\ProgramData\Ralink Driver =>.Ralink
O43 - CFD: 29/06/2015 - [] D -- C:\ProgramData\regid.1986-12.com.adobe =>.Adobe Inc.
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 13/05/2015 - [] D -- C:\ProgramData\VirtualizedApplications =>.Microsoft Corporation
O43 - CFD: 17/04/2015 - [] D -- C:\ProgramData\WinZip =>.WinZip
O43 - CFD: 28/06/2015 - [] D -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 03/12/2015 - [] D -- C:\Program Files (x86)\Common Files\AV =>.Avast
O43 - CFD: 17/06/2017 - [] D -- C:\Program Files (x86)\Common Files\BattlEye =>.BattlEye
O43 - CFD: 27/04/2015 - [] D -- C:\Program Files (x86)\Common Files\DESIGNER =>.Designer
O43 - CFD: 29/04/2015 - [] HD -- C:\Program Files (x86)\Common Files\EAInstaller =>.Electronic Arts, Inc.
O43 - CFD: 15/04/2015 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 14/06/2017 - [] D -- C:\Program Files (x86)\Common Files\Java =>.Oracle
O43 - CFD: 27/05/2015 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files (x86)\Common Files\Steam =>.Steam Games
O43 - CFD: 17/04/2015 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 29/06/2015 - [] D -- C:\Users\Allan\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 15/04/2015 - [] D -- C:\Users\Allan\AppData\Roaming\AVAST Software =>.AVAST Software
O43 - CFD: 12/05/2015 - [] D -- C:\Users\Allan\AppData\Roaming\Carbon =>.Carbon
O43 - CFD: 16/04/2015 - [] D -- C:\Users\Allan\AppData\Roaming\Frontier Developments =>.Frontier Developments
O43 - CFD: 11/04/2015 - [] D -- C:\Users\Allan\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 12/04/2015 - [] D -- C:\Users\Allan\AppData\Roaming\InstallShield =>.InstallShield
O43 - CFD: 17/04/2015 - [] D -- C:\Users\Allan\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 12/04/2011 - [0] D -- C:\Users\Allan\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 29/09/2015 - [] SD -- C:\Users\Allan\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 15/04/2015 - [] D -- C:\Users\Allan\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 29/06/2015 - [] D -- C:\Users\Allan\AppData\Roaming\NVIDIA =>.nVidia Corporation
O43 - CFD: 27/04/2015 - [] D -- C:\Users\Allan\AppData\Roaming\OpenOffice =>.SourceForge
O43 - CFD: 30/04/2015 - [] D -- C:\Users\Allan\AppData\Roaming\Origin =>.Electronic Arts, Inc.
O43 - CFD: 05/06/2015 - [] D -- C:\Users\Allan\AppData\Roaming\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [] D -- C:\Users\Allan\AppData\Roaming\Sun =>.Oracle
O43 - CFD: 27/04/2015 - [0] D -- C:\Users\Allan\AppData\Roaming\TP =>.TP
O43 - CFD: 12/05/2015 - [] D -- C:\Users\Allan\AppData\Roaming\uTorrent
O43 - CFD: 18/06/2017 - [] D -- C:\Users\Allan\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 16/06/2017 - [] D -- C:\Users\Allan\AppData\Local\Adobe =>.Adobe
O43 - CFD: 11/04/2015 - [0] SHD -- C:\Users\Allan\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 12/04/2015 - [] D -- C:\Users\Allan\AppData\Local\ApplicationHistory =>.Microsoft Corporation
O43 - CFD: 17/06/2017 - [] D -- C:\Users\Allan\AppData\Local\ArmA 2 =>.Bohemia Interactive Studio
O43 - CFD: 17/06/2017 - [0] D -- C:\Users\Allan\AppData\Local\ArmA 2 OA =>.Bohemia Interactive Studio
O43 - CFD: 15/04/2015 - [] D -- C:\Users\Allan\AppData\Local\Bluestacks =>.BlueStack Systems, Inc.
O43 - CFD: 31/07/2015 - [] D -- C:\Users\Allan\AppData\Local\CEF =>.CEF
O43 - CFD: 18/06/2017 - [] D -- C:\Users\Allan\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\Users\Allan\AppData\Local\CrashRpt =>.Superfluous.CrashReports
O43 - CFD: 16/06/2017 - [0] D -- C:\Users\Allan\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 06/11/2015 - [0] D -- C:\Users\Allan\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 29/09/2015 - [0] SHD -- C:\Users\Allan\AppData\Local\EmieBrowserModeList =>.Enterprise mode Site List Mgr
O43 - CFD: 29/09/2015 - [0] SHD -- C:\Users\Allan\AppData\Local\EmieSiteList =>.Enterprise mode Site List Mgr
O43 - CFD: 29/09/2015 - [0] SHD -- C:\Users\Allan\AppData\Local\EmieUserList =>.Enterprise mode Site List Mgr
O43 - CFD: 26/07/2015 - [] D -- C:\Users\Allan\AppData\Local\fontconfig =>.Portable Apps
O43 - CFD: 16/04/2015 - [] D -- C:\Users\Allan\AppData\Local\Frontier Developments =>.Frontier Developments
O43 - CFD: 15/04/2015 - [] D -- C:\Users\Allan\AppData\Local\Frontier_Developments
O43 - CFD: 16/06/2017 - [] D -- C:\Users\Allan\AppData\Local\Gaijin =>.Gaijin Entertainment
O43 - CFD: 26/07/2015 - [] D -- C:\Users\Allan\AppData\Local\gegl-0.2 =>.Portable Apps
O43 - CFD: 15/04/2015 - [] D -- C:\Users\Allan\AppData\Local\Google =>.Google
O43 - CFD: 12/06/2015 - [] D -- C:\Users\Allan\AppData\Local\GWX =>.GWX
O43 - CFD: 11/04/2015 - [0] SHD -- C:\Users\Allan\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 19/04/2015 - [] D -- C:\Users\Allan\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 26/10/2015 - [] D -- C:\Users\Allan\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 17/04/2015 - [] D -- C:\Users\Allan\AppData\Local\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 15/04/2015 - [] D -- C:\Users\Allan\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 14/06/2017 - [] D -- C:\Users\Allan\AppData\Local\NVIDIA =>.nVidia Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\Users\Allan\AppData\Local\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 30/04/2015 - [] D -- C:\Users\Allan\AppData\Local\Origin =>.Electronic Arts, Inc.
O43 - CFD: 30/07/2015 - [] D -- C:\Users\Allan\AppData\Local\Plus500
O43 - CFD: 15/04/2015 - [] D -- C:\Users\Allan\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 27/04/2015 - [] D -- C:\Users\Allan\AppData\Local\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [] D -- C:\Users\Allan\AppData\Local\Steam =>.Steam Games
O43 - CFD: 18/06/2017 - [] D -- C:\Users\Allan\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 11/04/2015 - [0] SHD -- C:\Users\Allan\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [] D -- C:\Users\Allan\AppData\Local\TslGame
O43 - CFD: 14/06/2017 - [] D -- C:\Users\Allan\AppData\Local\UnrealEngine =>.Unreal Software
O43 - CFD: 12/04/2015 - [] D -- C:\Users\Allan\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 17/04/2015 - [] D -- C:\Users\Allan\AppData\Local\WinZip =>.WinZip
O43 - CFD: 18/06/2017 - [] D -- C:\Users\Allan\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 15/04/2015 - [0] D -- C:\Users\Allan\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] RD -- C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] RD -- C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 17/06/2017 - [] D -- C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive =>.Bohemia Interactive
O43 - CFD: 11/04/2015 - [] D -- C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\egosoft =>.EGOSOFT
O43 - CFD: 16/06/2017 - [] D -- C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] RD -- C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - [0] D -- C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plus500
O43 - CFD: 15/06/2017 - [] RD -- C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 16/06/2017 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 15/04/2015 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Local\NVIDIA =>.nVidia Corporation
O43 - CFD: 27/04/2015 - [0] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] SD -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 17/06/2017 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 27/04/2015 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE} =>Heuristic.Suspect

---\\ ShellIconOverlayIdentifiers (SIOI) (4) - 0s
O106 - SIOI: avast [00asw] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®
O106 - SIOI: avast [00avast] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

---\\ Image File Execution Options (4) - 0s
O50 - IFEO:C:\Windows\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\\256] =>.Microsoft Corporation

---\\ System Drivers List (66) - 29s
O58 - SDL:2009/07/14 02:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440] =>.Microsoft Windows®
O58 - SDL:2011/03/11 07:41:12 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128] =>.Microsoft Windows®
O58 - SDL:2011/03/11 07:41:12 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856] =>.Microsoft Windows®
O58 - SDL:2017/06/14 21:27:31 A . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) -- C:\Windows\System32\drivers\aswbidsdrivera.sys [311808] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/14 21:27:32 A . (.AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) -- C:\Windows\System32\drivers\aswbidsha.sys [190256] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/14 21:27:33 A . (.AVAST Software s.r.o. - Logging Driver.) -- C:\Windows\System32\drivers\aswbloga.sys [334576] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/14 21:27:34 A . (.AVAST Software s.r.o. - Universal Driver.) -- C:\Windows\System32\drivers\aswbuniva.sys [49016] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/14 21:31:59 A . (.AVAST Software - Avast HWID.) -- C:\Windows\System32\drivers\aswHwid.sys [38296] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/06/14 21:28:20 A . (.AVAST Software - Avast Keyboard Filter Driver.) -- C:\Windows\System32\drivers\aswKbd.sys [32600] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/14 21:31:59 A . (.AVAST Software - Avast File System Minifilter for Windows 20.) -- C:\Windows\System32\drivers\aswMonFlt.sys [128648] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/14 21:31:56 A . (.AVAST Software - Avast WFP Redirect Driver.) -- C:\Windows\System32\drivers\aswRdr2.sys [101152] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/14 21:31:59 A . (.AVAST Software - Avast Revert.) -- C:\Windows\System32\drivers\aswRvrt.sys [75704] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/06/14 21:28:22 A . (.AVAST Software - Avast Virtualization Driver.) -- C:\Windows\System32\drivers\aswSnx.sys [1007160] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/14 21:32:00 A . (.AVAST Software - Avast self protection module.) -- C:\Windows\System32\drivers\aswSP.sys [569192] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/14 21:34:52 A . (.AVAST Software - Stream Filter.) -- C:\Windows\System32\drivers\aswstm.sys [158880] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/14 21:32:01 A . (.AVAST Software - Avast VM Monitor.) -- C:\Windows\System32\drivers\aswVmm.sys [339696] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2009/06/10 21:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848] =>.Broadcom Corporation
O58 - SDL:2009/06/10 21:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432] =>.Brother Industries, Ltd.
O58 - SDL:2009/06/10 21:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/14 02:19:07 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 21:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 21:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 21:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 21:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480] =>.Broadcom Corporation
O58 - SDL:2009/07/14 02:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496] =>.Microsoft Windows®
O58 - SDL:2009/06/10 21:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016] =>.Broadcom Corporation
O58 - SDL:2009/06/10 21:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2010/11/21 04:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720] =>.Microsoft Windows®
O58 - SDL:2011/03/11 07:41:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776] =>.Microsoft Windows®
O58 - SDL:2015/10/05 10:50:06 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [25816] =>.Malwarebytes Corporation®
O58 - SDL:2015/10/05 10:50:10 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) -- C:\Windows\System32\drivers\mbamchameleon.sys [109272] =>.Malwarebytes Corporation®
O58 - SDL:2015/10/26 21:07:32 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216] =>.Malwarebytes Corporation®
O58 - SDL:2009/07/14 02:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736] =>.Microsoft Windows®
O58 - SDL:2015/10/05 10:50:18 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) -- C:\Windows\System32\drivers\mwac.sys [63704] =>.Malwarebytes Corporation®
O58 - SDL:2011/04/28 14:20:30 A . (.Ralink Technology Corp. - Ralink 802.11n Wireless Adapter Driver.) -- C:\Windows\System32\drivers\netr28ux.sys [1617472] =>.Ralink Technology Corporation®
O58 - SDL:2009/07/14 02:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264] =>.Microsoft Windows®
O58 - SDL:2016/11/14 13:30:58 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\System32\drivers\nvlddmkm.sys [12905016] =>.NVIDIA Corporation®
O58 - SDL:2009/06/10 21:35:35 A . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\System32\drivers\nvm62x64.sys [408960] =>.NVIDIA Corporation
O58 - SDL:2011/03/11 07:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352] =>.Microsoft Windows®
O58 - SDL:2011/03/11 07:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272] =>.Microsoft Windows®
O58 - SDL:2017/05/03 21:16:38 A . (.NVIDIA Corporation - NVIDIA Virtual Audio Driver.) -- C:\Windows\System32\drivers\nvvad64v.sys [48064] =>.NVIDIA Corporation®
O58 - SDL:2017/05/03 21:16:38 A . (.NVIDIA Corporation - Virtual USB Host Controller driver.) -- C:\Windows\System32\drivers\nvvhci.sys [57792] =>.NVIDIA Corporation®
O58 - SDL:2006/12/05 11:34:26 A . (.PixArt Imaging Inc. - PFC027.) -- C:\Windows\System32\drivers\PFC027.SYS [572416] =>.PixArt Imaging Inc.
O58 - SDL:2009/07/14 02:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592] =>.Microsoft Windows®
O58 - SDL:2009/06/10 21:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/14 02:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656] =>.Microsoft Windows®
O58 - SDL:2012/10/22 18:09:58 A . (.VIA Technologies, Inc. - VIA High Definition Audio Function Driver.) -- C:\Windows\System32\drivers\viahduaa.sys [2206864] =>.VIA Technologies Inc.®
O58 - SDL:2009/07/14 02:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/07/31 11:40:34 A . (.Creative Technology Ltd. - Creative Audio Driver.) -- C:\Windows\System32\drivers\VMfilt64.sys [25600] =>.Creative Technology Ltd.
O58 - SDL:2009/07/14 02:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872] =>.Microsoft Windows®

---\\ Last modified or created user files (1) - 26s
O61 - LFC: 2017/06/15 23:08:05 A . (..) -- C:\Users\Allan\Saved Games\MechWarrior Online\Shaders\Cache\D3D9\lookupdata.bin [7944]

---\\ File Associations Shell Spawning (11) - 1s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®

---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software

---\\ Search Browser Infection (2) - 9s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com

---\\ Search Svchost Services (32) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [72192] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\system32\srvsvc.dll [236032] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [794624] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [859648] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [680448] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [99328] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [344064] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [64512] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [359424] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316928] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [683520] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [2651136] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [849920] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [370688] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [569344] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [30720] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [70144] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\system32\iscsiexe.dll [156672] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\system32\mmcss.dll [67584] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [242688] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [121856] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [136704] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [111104] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\system32\schedsvc.dll [1110016] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\system32\kmsvc.dll [90624] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [84480] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [210432] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\system32\themeservice.dll [44544] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [100864] =>.Microsoft Corporation

---\\ Firewall Active Exception List (18) - 10s
O87 - FAEL: "{82C77AB4-2B8F-4956-9DBF-6F3807D92D99}" [In-None-P6-TRUE] .(...) -- C:\Users\Allan\AppData\Local\Temp\nsnE38B.tmp\CnetInstaller-186857.exe (.not file.) =>.Temporary file not necessary
O87 - FAEL: "{1C779C57-AB6E-4F08-AEEE-2941C63D4850}" [Out-None-P6-TRUE] .(...) -- C:\Users\Allan\AppData\Local\Temp\nsnE38B.tmp\CnetInstaller-186857.exe (.not file.) =>.Temporary file not necessary
O87 - FAEL: "{E581B28A-CC46-4010-9F2C-AC89ABE22DDB}" [In-None-P6-TRUE] .(...) -- C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe (.not file.)
O87 - FAEL: "{CBC8ACB4-981B-4C48-96DA-823C5915E136}" [In-None-P17-TRUE] .(...) -- C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe (.not file.)
O87 - FAEL: "{323F265C-033D-4E3B-B983-9673AA7FD262}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (.not file.)
O87 - FAEL: "{4A890ECD-128A-4B3D-9710-84789C6056DE}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (.not file.)
O87 - FAEL: "{383DFFA6-898D-4921-A3E5-D9D1C2E52AAF}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\SteamApps\common\AirMech\AirMech.exe {00E8B84DB1CFF63269} =>.Steam Games
O87 - FAEL: "{BEA8C877-7D70-45E0-870D-2C33633DC157}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\SteamApps\common\AirMech\AirMech.exe {00E8B84DB1CFF63269} =>.Steam Games
O87 - FAEL: "TCP Query User{294D9D9A-ACE3-49E4-9606-B1EF488EE206}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe" [In-None-P6-TRUE] .(.Bluehole GinnoGames, Inc. - TslGame.) -- C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe {1DB53A04F3FE510FE386FACDFCAB1C76}
O87 - FAEL: "UDP Query User{25A49C35-A9E2-4D4C-89FB-99351F595D63}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe" [In-None-P17-TRUE] .(.Bluehole GinnoGames, Inc. - TslGame.) -- C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe {1DB53A04F3FE510FE386FACDFCAB1C76}
O87 - FAEL: "TCP Query User{7ADE218C-97C7-4869-ACB2-B4CD125BE235}C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe" [In-None-P6-TRUE] .(.Bluehole GinnoGames, Inc. - TslGame.) -- C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe {1DB53A04F3FE510FE386FACDFCAB1C76}
O87 - FAEL: "UDP Query User{0870F85A-E748-401D-9598-CD73A8CC7D11}C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe" [In-None-P17-TRUE] .(.Bluehole GinnoGames, Inc. - TslGame.) -- C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe {1DB53A04F3FE510FE386FACDFCAB1C76}
O87 - FAEL: "{111A0642-CB05-4DEA-B749-D4157A7805B2}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\SteamApps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe {4BA0D219E39C3B8C593F253918172027} =>.Steam Games
O87 - FAEL: "{FEE19554-6D67-463D-9862-55EBE5E24CDC}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\SteamApps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe {4BA0D219E39C3B8C593F253918172027} =>.Steam Games
O87 - FAEL: "{34A9291E-F031-41D9-B1B1-2EC7E06664AF}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\SteamApps\common\MechWarrior Online\Bin64\MWOClient.exe
O87 - FAEL: "{13BE6242-6A0D-48F7-A15F-AD64B5211F7E}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\SteamApps\common\MechWarrior Online\Bin64\MWOClient.exe
O87 - FAEL: "{D3BC8E22-A02B-4917-BC17-1F0296A5F778}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\SteamApps\common\The Pirate Caribbean Hunt\ThePirate.exe =>.Steam Games
O87 - FAEL: "{FDD23B6E-6161-4D27-830A-D65F48092487}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\SteamApps\common\The Pirate Caribbean Hunt\ThePirate.exe =>.Steam Games

---\\ List of CD/DVD Emulators (MBR Hook) (2) - 1s
HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASAPI32 =>PUP.Optional.DriverSupport
HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASMANCS =>PUP.Optional.DriverSupport

---\\ Additional Scan (O88) (3) - 0s
C:\Users\Allan\AppData\Local\CrashRpt =>.Superfluous.CrashReports
HKLM64\SOFTWARE\Microsoft\Tracing\DriverSupport_RASAPI32 =>PUP.Optional.DriverSupport
HKLM64\SOFTWARE\Microsoft\Tracing\DriverSupport_RASMANCS =>PUP.Optional.DriverSupport

---\\ Summary of the elements found (3) - 0s
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.CrashReports
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.DriverSupport

~ Unselected Options:
~ End of the scan, 27503 items in 02mn46s (905)(0)
Anddddd HiJack This

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.24

Platform: x64 Windows 7 (Home Premium), 6.1.7601, Service Pack: 1
Time: 18.06.2017 - 02:40
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x809)
Elevated: Yes
Ran by: Allan (group: Administrator) on PROTOTYPE

Firefox: 53.0.3.6347
Internet Explorer: 11.0.9600.18698

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
1 C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
1 C:\Program Files (x86)\BlueStacks\HD-Agent.exe
1 C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
1 C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
2 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
1 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
1 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
1 C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
1 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
1 C:\Program Files (x86)\Steam\Steam.exe
3 C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
1 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
1 C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
1 C:\Users\Allan\HiJackThis.exe
1 C:\Users\Allan\ZHPDiag3.exe
1 C:\Windows\PixArt\Pac207\Monitor.exe
1 C:\Windows\SysWOW64\notepad.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\ViakaraokeSrv.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
2 C:\Windows\System32\nvvsvc.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
11 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
2 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O2-32 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2-32 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2-32 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKCU\..\Run: [Gaijin.Net Agent] C:\Users\Allan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe (file missing)
O4 - HKCU\..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe -silent
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
O4 - HKU\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4 - HKU\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4-32 - HKLM\..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true
O4-32 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O15 - Trusted Zone: http://apps.driversupport.com
O17 - DHCP DNS - 1: 192.168.1.1
O21 - ShellIconOverlayIdentifiers: AccExtIco1 - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O21 - ShellIconOverlayIdentifiers: AccExtIco2 - {853B7E05-C47D-4985-909A-D0DC5C6D7303} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O21 - ShellIconOverlayIdentifiers: AccExtIco3 - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O21 - ShellIconOverlayIdentifiers: 00asw - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShA64.dll
O21 - ShellIconOverlayIdentifiers: 00avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShA64.dll
O22 - Task (Disabled): \OfficeSoftwareProtectionPlatform\SvcRestartTask - C:\Windows\system32\sc.exe start osppsvc
O22 - Task (Queued): NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
O22 - Task (Queued): NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
O22 - Task (Queued): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance
O22 - Task (Ready): Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (Ready): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task (Ready): Microsoft_Hardware_Launch_ipoint_exe - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
O22 - Task (Ready): Microsoft_Hardware_Launch_itype_exe - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
O22 - Task (Ready): Microsoft_Hardware_Launch_mousekeyboardcenter_exe - c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
O22 - Task (Ready): NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
O22 - Task (Ready): NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
O22 - Task (Ready): NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task (Ready): NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task (Ready): NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
O22 - Task (Ready): NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
O22 - Task (Ready): SafeZone scheduled Autoupdate 1497547532 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe
O22 - Task (Ready): \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\Windows\system32\Wat\WatAdminSvc.exe /run
O22 - Task (Ready): \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\Windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
O22 - Task (Ready): {93E3722E-7795-4E87-87B3-5C42114B32F0} - C:\Windows\system32\pcalua.exe -a C:\Windows\UniFish3.exe -c C:\Program Files (x86)\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
O22 - Task (Running): Microsoft_MKC_Logon_Task_ipoint.exe - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
O22 - Task (Running): Microsoft_MKC_Logon_Task_itype.exe - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: BlueStacks Log Rotator Service - (BstHdLogRotatorSvc) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service R2: BlueStacks Updater Service - (BstHdUpdaterSvc) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service R2: NVIDIA Display Driver Service - (nvsvc) - C:\Windows\system32\nvvsvc.exe
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service R2: NVIDIA Stereoscopic 3D Driver Service - (Stereo Service) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service R2: VIA Karaoke digital mixer Service - (VIAKaraokeService) - C:\Windows\system32\viakaraokesrv.exe
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service S2: BlueStacks Android Service - (BstHdAndroidSvc) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service S2: MBAMService - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service S3: Origin Client Service - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service S3: Windows Defender - (WinDefend) - C:\Windows\System32\svchost.exe; "ServiceDll" = C:\Program Files\Windows Defender\mpsvc.dll
O23 - Service S3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

--
End of file - Time spent: 9 sec. - 24778 bytes, CRC32: FFFFFFFF. Sign: 桭䫁
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,397
552
ZHP Diag Fix.


ZHP Fix

  • Disable your antivirus prior to this fix!
  • Download ZHP-Fix from here.
  • UnZip it to your desktop -- Tool Here if needed.... 7-Zip
  • Install it.
  • Click Suivant 5 Times.
  • Then Installer.
  • Then Terminer.
  • Then right clcick the ZHP Fix icon Run as admin.
  • Copy the entire content of the code box below, the next step will grab it from your clipboard.
  • Then click on import.
  • Then click GO.
  • If you see any Prompts like the one below, select Oui. = Yes in French.

  • Allow completion.
  • A log file will appear on your desktop.
  • Post it here in your next reply.
Code:
Script Zhpfix
SysRestore
EmptyFlash
ProxyFix
EmptyCLSID
HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASAPI32 =>PUP.Optional.DriverSupport
HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASMANCS =>PUP.Optional.DriverSupport
C:\Users\Allan\AppData\Local\CrashRpt =>.Superfluous.CrashReports
HKLM64\SOFTWARE\Microsoft\Tracing\DriverSupport_RASAPI32 =>PUP.Optional.DriverSupport
HKLM64\SOFTWARE\Microsoft\Tracing\DriverSupport_RASMANCS =>PUP.Optional.DriverSupport
O23 - Service: (AdobeUpdateService) . (.Adobe Systems Incorporated - Adobe Update Service.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe =>.Adobe Systems Incorporated®
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe =>.NVIDIA Corporation®
SS - Demand [17/06/2017] [ 272384] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SR - Auto [09/06/2015] [ 680112] (AdobeUpdateService) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe =>.Adobe Systems Incorporated®
SS - Demand [16/06/2017] [ 173512] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
SR - Auto [03/05/2017] [ 449984] NVIDIA Telemetry Container (NvTelemetryContainer) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe =>.NVIDIA Corporation®
[MD5.7DE8B8AC559E16AEB388E7D098E7C288] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384] (.Activate.) =>.Adobe Systems Incorporated®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [4312] =>.Adobe Systems Incorporated®
O39 - APT: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [4146] =>.NVIDIA Corporation®
O39 - APT: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3814] =>.NVIDIA Corporation®
O39 - APT: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3852] =>.NVIDIA Corporation®
O39 - APT: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3738] =>.NVIDIA Corporation®
O39 - APT: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3494] =>.NVIDIA Corporation®
O39 - APT: NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3730] =>.NVIDIA Corporation®
O39 - APT: NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3554] =>.NVIDIA Corporation®
O39 - APT: NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3738] =>.NVIDIA Corporation®
O39 - APT: {93E3722E-7795-4E87-87B3-5C42114B32F0} - (...) -- C:\Windows\System32\Tasks\{93E3722E-7795-4E87-87B3-5C42114B32F0} [3224]
O4 - HKCU\..\Run: [Gaijin.Net Agent] C:\Users\Allan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe (.not file.)
O4 - HKUS\S-1-5-21-2771956393-836798383-2307004672-1000\..\Run: [Gaijin.Net Agent] C:\Users\Allan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe (.not file.)
P2 - EXT FILE: (.Avast SafePrice - Avast SafePrice - safe shopping extens.) -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\extensions\[email protected] =>.Avast SafePrice
O3 - Toolbar: 0xB1C218236549D4119B18009027A5CD4F - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} . (...) -- (.not file.)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: NVIDIA Telemetry Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer =>.NVIDIA Corporation
O42 - Logiciel: NvTelemetry - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry =>.NVIDIA Corporation
O42 - Logiciel: SafeZone Stable 3.55.2393.607 - (.Avast Software.) [HKLM][64Bits] -- SafeZone 3.55.2393.607 =>.AVAST Software s.r.o.®
HKLM\SOFTWARE\Wow6432Node\MSPG32
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\MSPG32
C:\Program Files\Windows Defender
O43 - CFD: 15/04/2015 - [0] D -- C:\Program Files (x86)\Driver Downloader
O43 - CFD: 17/06/2017 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla
O43 - CFD: 15/06/2017 - [] D -- C:\Users\Allan\AppData\Local\CrashRpt =>.Superfluous.CrashReports
O43 - CFD: 12/06/2015 - [] D -- C:\Users\Allan\AppData\Local\GWX =>.GWX
O43 - CFD: 27/04/2015 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE} =>Heuristic.Suspect
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
EmptyPrefetch
ShortcutFix
EmptyTemp


Hijack This Fix.


Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!

Click System Scan Only.
Then check mark the items listed below.

O4 - HKCU\..\Run: [Gaijin.Net Agent] C:\Users\Allan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe (file missing)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
O4 - HKU\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4-32 - HKLM\..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true
O4-32 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
O15 - Trusted Zone: http://apps.driversupport.com
O22 - Task (Disabled): \OfficeSoftwareProtectionPlatform\SvcRestartTask - C:\Windows\system32\sc.exe start osppsvc
O22 - Task (Queued): NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
O22 - Task (Queued): NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
O22 - Task (Queued): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance
O22 - Task (Ready): Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (Ready): NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
O22 - Task (Ready): NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
O22 - Task (Ready): NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task (Ready): NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task (Ready): NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
O22 - Task (Ready): NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
O22 - Task (Ready): SafeZone scheduled Autoupdate 1497547532 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe
O22 - Task (Ready): \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\Windows\system32\Wat\WatAdminSvc.exe /run
O22 - Task (Ready): \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\Windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
O22 - Task (Ready): {93E3722E-7795-4E87-87B3-5C42114B32F0} - C:\Windows\system32\pcalua.exe -a C:\Windows\UniFish3.exe -c C:\Program Files (x86)\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Windows Defender - (WinDefend) - C:\Windows\System32\svchost.exe; "ServiceDll" = C:\Program Files\Windows Defender\mpsvc.dll



Now click on fix checked.
After the fix is complete, then reboot your machine.


Rogue Killer Scan.


Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all other the running programs
  • Disable ALL Antivirus -- Antimalware -- Applications.
  • Right Click Rogue Killer and Run as Administrator.
  • Click the Start Scan button.
  • Allow the scan to run -- it can take ten minutes or more.
  • Once the scan is complete check All items for removal.

  • After All items are checked then press Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on open report -- then open txt
  • Copy the content of the report and paste it here in your next reply.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 

FreeBooter

Banned
Jun 2, 2017
60
27
43
Turkey
V-Sync (Vertical Synchronisation) is a feature you can switch on in an individual game to limit its framerate so that it doesn’t exceed your monitor’s refresh rate. Most standard monitors have a refresh rate of 60 hz or 75 hz (check this by going to the Display section of AMD Catalyst Control Center or Nvidia Control Panel). If you have a game that’s running at a much higher frame-rate than your monitor’s refresh rate, then the graphics card sends frames too fast for the monitor to respond, causing tearing.

If you’re suffering from this badly, then turn V-Sync on. Plenty of gamers – particularly those into online shooters – are happy to suffer the occasional screen tear and leave v-sync off because it causes slight input lag on the mouse. While this is barely noticeable in most cases, in the realm of online shooters in can cost you your life. V-Sync also limits your frame-rate to factors of your monitor’s refresh rate, so if your frame-rate is 57 fps and your monitor refresh rate is 60 hz, then v-sync will knock your frame-rate down to 30 fps. For that reason, it’s best to leave v-sync off unless you get noticeable tearing.

For example, enabling anti-aliasing within some games can cause the framerate to slow down drastically, while using one of the anti-aliasing methods in AMD Catalyst works much more effectively.
 

Allan.T

PCHF Member
PCHF Member
Jun 17, 2017
132
19
30
U.K, North West.
@Malnutrition I've performed the tasks you've asked, there have been some anomalies however. Nevertheless here are the results.

ZHPFix
Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by Allan at 18/06/2017 03:30:58
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (00mn 06s)
Prefetcher emptied
Repair of browser shortcuts

========== Software ==========
ABSENT Uninstall Process: c:\program files (x86)\mozilla maintenance service\uninstall.exe
ABSENT Uninstall Process: c:\program files\avast software\szbrowser\launcher.exe

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SafeZone 3.55.2393.607]
REMOVES:* HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASAPI32
REMOVES:* HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASMANCS
REMOVES: Service: NvTelemetryContainer
REMOVES: HKLM\SOFTWARE\Wow6432Node\MSPG32
REMOVES: HKCU\SOFTWARE\Chromium
REMOVES: HKCU\SOFTWARE\MSPG32

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value
REMOVES RunValue: Gaijin.Net Agent

========== Folders ==========
No folders empty CLSID Local user
REMOVES: c:\users\allan\appdata\local\crashrpt
REMOVES Reboot:** c:\program files\windows defender
REMOVES: C:\Program Files (x86)\Driver Downloader
REMOVES: C:\Program Files (x86)\Mozilla Maintenance Service
REMOVES: C:\Users\Allan\AppData\Local\GWX
REMOVES: C:\Windows\System32\Config\systemprofile\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
Deletes temporary Windows (1004)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\program files (x86)\common files\adobe\adobe desktop common\elevationmanager\adobeupdateservice.exe
REMOVES Reboot: c:\windows\system32\tasks\nvdriverupdatecheckdaily_{b2fe1952-0186-46c3-baec-a80aa35ac5b8}
REMOVES Reboot: c:\windows\system32\tasks\nvidia geforce experience selfupdate_{b2fe1952-0186-46c3-baec-a80aa35ac5b8}
REMOVES Reboot: c:\windows\system32\tasks\nvnodelauncher_{b2fe1952-0186-46c3-baec-a80aa35ac5b8}
REMOVES Reboot: c:\windows\system32\tasks\nvprofileupdaterdaily_{b2fe1952-0186-46c3-baec-a80aa35ac5b8}
REMOVES Reboot: c:\windows\system32\tasks\nvprofileupdateronlogon_{b2fe1952-0186-46c3-baec-a80aa35ac5b8}
REMOVES Reboot: c:\windows\system32\tasks\nvtmmon_{b2fe1952-0186-46c3-baec-a80aa35ac5b8}
REMOVES Reboot: c:\windows\system32\tasks\nvtmreponlogon_{b2fe1952-0186-46c3-baec-a80aa35ac5b8}
REMOVES Reboot: c:\windows\system32\tasks\nvtmrep_{b2fe1952-0186-46c3-baec-a80aa35ac5b8}
REMOVES Reboot: c:\windows\system32\tasks\{93e3722e-7795-4e87-87b3-5c42114b32f0}
Deletes temporary Windows (2287) (1,073,197,698 octets)

========== Scheduled task ==========
REMOVES: Adobe Flash Player Updater

========== System restore ==========
The system successfully created restore point

========== Other ==========
NON-TREATY [HKLM64\SOFTWARE\Microsoft\Tracing\DriverSupport_RASAPI32]
NON-TREATY [HKLM64\SOFTWARE\Microsoft\Tracing\DriverSupport_RASMANCS]


========== Summary ==========
8 : Registry keys
7 : Registry values
8 : Folders
12 : Files
2 : Software
1 : Scheduled task
1 : System restore
2 : Other


End of clean in 06mn 36s

========== Path to file report ==========
C:\Users\Allan\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/06/2017 03:31:05 [3528]
HijackThis
I'd like to mention that the there were 4 items which wasn't on the list for checking they were;

O4 - HKCU\..\Run: [Gaijin.Net Agent] C:\Users\Allan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe (file missing)
O22 - Task (Ready): SafeZone scheduled Autoupdate 1497547532 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

RogueKiller Results


RogueKiller V12.11.2.0 (x64) [Jun 12 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Allan [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/18/2017 03:47:04 (Duration : 00:50:33)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\RK_Sean_ON_E_CA50\Software\APN PIP -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Sean_ON_E_CA50\Software\Myfree Codec -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Sean_ON_E_CA50\Software\APN PIP -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Sean_ON_E_CA50\Software\Myfree Codec -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_UpdatusUser_ON_E_04A6\Software\APN PIP -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_UpdatusUser_ON_E_04A6\Software\Myfree Codec -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_UpdatusUser_ON_E_04A6\Software\APN PIP -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_UpdatusUser_ON_E_04A6\Software\Myfree Codec -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Sean_ON_E_CA50\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Sean_ON_E_CA50\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {82C77AB4-2B8F-4956-9DBF-6F3807D92D99} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Allan\AppData\Local\Temp\nsnE38B.tmp\CnetInstaller-186857.exe|Name=proinstaller344824144| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1C779C57-AB6E-4F08-AEEE-2941C63D4850} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Allan\AppData\Local\Temp\nsnE38B.tmp\CnetInstaller-186857.exe|Name=proinstaller344824144| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {82C77AB4-2B8F-4956-9DBF-6F3807D92D99} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Allan\AppData\Local\Temp\nsnE38B.tmp\CnetInstaller-186857.exe|Name=proinstaller344824144| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1C779C57-AB6E-4F08-AEEE-2941C63D4850} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Allan\AppData\Local\Temp\nsnE38B.tmp\CnetInstaller-186857.exe|Name=proinstaller344824144| [x] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: MD10000- NSDW-RO SCSI Disk Device +++++
--- User ---
[MBR] 50d48109cfff44fa93bc1ba7b51027d8
[BSP] 103a0687227a91af8d1df4ae6744416a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Hitachi HDS721050CLA SCSI Disk Device +++++
--- User ---
[MBR] 08fc5354d7625dccd936db32566267f1
[BSP] 53e54b1e1a258e5377092410b7343565 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
JRT Results

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by Allan (Administrator) on 18/06/2017 at 4:45:21.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 16

Successfully deleted: C:\Users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WYQJIGB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D0JG2O1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCRWIA4C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM65RX3B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WYQJIGB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D0JG2O1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCRWIA4C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM65RX3B (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/06/2017 at 4:47:30.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adware Cleaner

I can say now that the scan yielded 0 items, though when the computer went to re-boot after the scan the boot up loaded in windows 10, which I'm sure I cancelled the installation earlier this evening whilst I ran these scans etc. However, when it started it wanted to install it, so I'm now actually running windows 10. I hope this doesn't cause any complications.

Also when searching for the log, the computer doesn't want find it.


@FreeBooter I'll give it a try when I'm next booting up a game, I generally don't have too many problems when playing my older games. Like you said though, I do notice bad "lag" and "tearing" whilst playing online FPS. So I'll give it a bash next time I'm on, thanks for the info!
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,397
552
though when the computer went to re-boot after the scan the boot up loaded in windows 10, which I'm sure I cancelled the installation earlier this evening whilst I ran these scans etc. However, when it started it wanted to install it, so I'm now actually running windows 10. I hope this doesn't cause any complications.

Terrible how MS forces that crap onto people.

Eliminate restrictive settings with this tool.
  • Temporarily disable your antivirus --- Your antivirus may flag this tool as malware, it is safe to run I assure you.
  • Download SupRestric.exe save to your desktop.
  • Close all running programs.
  • Double click the file to launch it.
  • Windows: 7/8/10 Vista and run as administrator
  • Click Yes at any prompt.
  • The analysis takes only a few moments.
  • The report is on the desktop ( CTR.txt )
  • Copy paste report in next reply.
  • A reboot is needed to complete the repairs.
Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (XP Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;


Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.


Clean up temp files and reduce startup load with CCleaner.


Note: This tool will clean your browsing history as well.

  • Download CCleaner from here.
  • After install Click Options.
  • Go to monitoring.
  • Uncheck All Monitoring items.
  • Go to advanced -- Click close program after cleaning.
  • Go to settings -- click run ccleaner when the computer starts.
  • Now that you have ccleaner installed and set-up:
  • Open the program.
  • Go to Tools
  • Go to Startup
  • Now double click each item. To Disable.
  • Leave only your antivirus enabled.
  • Then disable All items in your scheduled task as well.
  • Unless they are related to windows defender.Or your antivirus.
  • Reboot the machine.





ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.






2. Once you have started the program, you will need to click the scanner button.



The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.
 

Allan.T

PCHF Member
PCHF Member
Jun 17, 2017
132
19
30
U.K, North West.
Hey again, had a problem with z o e k, the link wouldn't take me to the DL, I did try googling it as well but I had exactly the same problem, the sites couldn't be found. Do you have another link for Z o e k?

restrictive settings

Rapport de Contrôle restrictions Pierre13 (CTR version 2.5.0.0 ) du 18\06\2017 à 11:23:10
PC de Allan
Microsoft Windows 10 Home (64 bits) [10.0.15063]

Réparation erreur 2203 effectuée.

Contrôle présence restrictions

[TROJ_POWELIKS.B] clé feature_browser_emulation supprimée.
[BKDR_BLACKEN.A] clé WarnOnClose corrigée.
Autorisation installation sponsor Java(x86) supprimée.
Autorisation installation sponsor Java(x64) supprimée.
Restriction Affichage Documents récents supprimée.
Restriction Affichage Documents supprimée.
Restriction synchronisation en arrière-plan des flux d'informations et des Web Slices supprimée.
Restriction découverte des flux RSS et des Web Slices supprimée.
Pavé numérique activé.
Restriction utilisateur pour Windows Installer supprimée.
Recherche Windows Update rétablie.
Configuration Windows Update rétablie.
Service Pare feu Windows activé.
Paramètres Pare feu Windows rétablis par défaut et activés.

240 restrictions contrôlées.

13 restriction(s) réparée(s).
Re démarrer le PC pour prendre en compte la ou les réparations.


Le rapport est sur le bureau (C:\Users\Allan\Desktop\CTR.txt)
CCleaner

I set-up the CCleaner like you asked.

ZHP Scan

~ ZHPCleaner v2017.6.15.99 by Nicolas Coolman (2017/06/15)
~ Run by Allan (Administrator) (18/06/2017 11:48:19)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate: Legal
~ Type : Repair
~ Report : C:\Users\Allan\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Allan\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 15063)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (21)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (65)
MOVED file: C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\storage\temporary\https+++zdnwoz0-a.akamaihd.net\.metadata =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\storage\temporary\https+++zdnwoz0-a.akamaihd.net\.metadata-v2 =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\storage\temporary\https+++zdnwoz0-a.akamaihd.net\asmjs\metadata =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\storage\temporary\https+++zdnwoz0-a.akamaihd.net\asmjs\module14 =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\storage\temporary\https+++zdnwoz0-a.akamaihd.net\asmjs\module15 =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Allan\AppData\Local\Temp\IconePierre13.ico =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20170618_065133088-MSI_vc_red.msi.txt =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20170618_065133088.html =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.00D57B0F-01FA-B79F-08D6-878ED20C4C9B_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.0116DC02-781B-D1D1-FC1C-C80195511E17_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.0251D65D-E887-28BD-A226-3ECD72FB59C6_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.0862A72D-A96C-83E5-AD0F-78B6AA06F9C6_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.0C8CF327-9D17-CCDE-18AF-DFF4F20070E5_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.18DDC675-D472-0DB4-9563-7DF7C34F512C_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.1FE89C0B-9BED-CC5D-7426-9E4025D6BDD9_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.3BFD26C9-8DA9-B940-F638-55890012AAB4_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.49F33C48-B2DE-F82A-56F2-64425F298B84_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.50611331-FE19-D366-B049-694B8AC9D758_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.557EA3BB-623E-ADD9-4DFB-629A8648A038_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.558F5D32-0827-EB7B-6AD6-D5DB4138B3AA_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.62B49C0A-499E-A02D-EBCB-EB168E148E52_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.664AA17A-2D25-0823-3315-3708FE16147A_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.674C4C14-7BAA-F782-E214-956DC3BEDF39_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.68BC3251-2D8B-A604-92BA-893638CA72EA_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.68E019EB-0B92-5E08-5D86-9BFE6DBA8517_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.69F3BCAB-8975-C526-30F5-39FA70C77AD9_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.6D151227-6BD9-726D-B30E-A8A018DCC82B_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.6EA6FC2E-9305-586B-3411-02826D151533_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.70BC17F8-0AA7-CB35-CEE0-EF1B47A0FD3E_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.97612282-D1E8-1D6A-9E92-C271E7F177EF_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9D4DED89-CABC-F4FB-8133-BC5EDB1C7EDA_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9NBLGGH1ZRPV_0_0010_.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9NBLGGH1ZRPV_0__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9NBLGGH33ZDV_0_0010_.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9NBLGGH33ZDV_0__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9WZDNCRCWFTB_0_0010_.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9WZDNCRCWFTB_0__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9WZDNCRDMPT6_0_0010_.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9WZDNCRDMPT6_0__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9WZDNCRFHVFW_0_0010_.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9WZDNCRFHVFW_0__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9WZDNCRFJ140_0_0010_.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.9WZDNCRFJ140_0__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.A715D489-C343-F20B-B22E-F8D749061B0C_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.A90B8400-D36D-8235-8BF2-A21A53D3FB65_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.DFBE09D0-1F22-A9C0-2D3D-3F4C6351E58F_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.E336BB8F-16ED-7CBE-AFEE-971DD3041585_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.E6658C19-4221-2EBE-763A-F0493FBA2BB0_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.E6D3B497-80AF-7F14-F9E6-9606EE369FC3_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\sa.FACF9DDE-1FF1-B57D-4D1D-CE479FDD42AF_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Allan\AppData\Local\Temp\wmsetup.log =>.Superfluous.Temporary.Empty
MOVED folder: C:\WINDOWS\Installer\MSI1665.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI17FD.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI1DDA.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI2B29.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI2DE9.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI2F87.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI301C.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI3248.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI37EE.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI3F27.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI4831.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI7D8A.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIE9A6.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIEE4B.tmp- =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (2)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\atwola.com [] =>.Superfluous.Atwola
DELETED key*: [X64] HKLM\SOFTWARE\Classes\S [] =>Toolbar.Agent


---\\ Summary of the elements found (6)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.AkamaiHD
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty
https://nicolascoolman.eu/2017/02/04/superfluous-atwola/ =>.Superfluous.Atwola
https://www.nicolascoolman.com/fr/?p=5143 =>Toolbar.Agent


---\\ Other deletions. (6)
~ Registry Keys Tracing deleted (6)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 904
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 67


~ End of clean in 00h00mn16s
~====================
ZHPCleaner-[R]-18062017-11_48_35.txt
ZHPCleaner--18062017-11_46_28.txt
End line has the strike out code before the digits so its ZHPCleaner -[ s ] (with no spaces of course).
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,397
552
Do you have another link for Z o e k?

Here is the link.

After you run the Zoek tool.



Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked, as well as Shortcut.txt
  • Press Scan button and wait.
  • The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt
Please Copy & Paste them into your next reply. But attach Shortcut.txt
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,397
552
After you have completed the Zoek scan and posted the FRST logs, please let me know how the machine is performing. :)
 

Allan.T

PCHF Member
PCHF Member
Jun 17, 2017
132
19
30
U.K, North West.
Hey there, sorry for the late reply, I was out visiting family yesterday afternoon, by the time I got back I was mentally exhausted (my family is a bunch of nut-jobs, anybody would be mentally drained after going there haha).

Z o e k

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Allan on Mon 06/19/2017 at 19:44:07.00.
Microsoft Windows 10 Home 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Allan\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6/19/2017 7:45:15 PM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Belarc deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow deleted successfully
C:\Users\Allan\AppData\Local\ArmA 2 OA deleted successfully
C:\Users\Allan\AppData\Local\DBG deleted successfully
C:\Users\Allan\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Allan\AppData\Local\EmieSiteList deleted successfully
C:\Users\Allan\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2771956393-836798383-2307004672-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B6A4AD4-D6EE-47dd-B308-0E0930A43853} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2771956393-836798383-2307004672-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\Belarc not found
C:\PROGRA~3\Package Cache deleted
C:\Users\Allan\ZHPDiag3.exe deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default
- Undetermined - %ProfilePath%\extensions\[email protected]
- Undetermined - %ProfilePath%\extensions\[email protected]

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default
9BF98236C009EB0A5571E9CA96847269 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll - Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Allan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Allan\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Allan\AppData\Local\Mozilla\Firefox\Profiles\ogyprs22.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=38 folders=43 46993683 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot
Farbar Recovery Scan Tool

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-06-2017 01
Ran by Allan (administrator) on PROTOTYPE (19-06-2017 20:21:17)
Running from C:\Users\Allan\Downloads
Loaded Profiles: Allan (Available Profiles: Allan)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-14] (AVAST Software)
HKU\S-1-5-21-2771956393-836798383-2307004672-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-2771956393-836798383-2307004672-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-14] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-14] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0c5d3712-b4d6-4552-9145-29d1c9023246}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c522ff4-bdfb-476f-adb6-a2fda8d78087}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2771956393-836798383-2307004672-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2771956393-836798383-2307004672-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2771956393-836798383-2307004672-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-06-14] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-14] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-06-14] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-14] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default [2017-06-19]
FF Extension: (Avast SafePrice) - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\Extensions\[email protected] [2017-06-19]
FF Extension: (Avast Online Security) - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\Extensions\[email protected] [2017-06-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-19] (Adobe Systems)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-14] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-14] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2017-06-17] ()
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [116224 2017-05-14] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-29] (Electronic Arts)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-06-14] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-06-14] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-06-14] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-06-14] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-06-14] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-06-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-06-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-06-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-06-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-06-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-06-14] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-06-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-06-14] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-03] (NVIDIA Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 Sftfs; C:\WINDOWS\System32\DRIVERS\Sftfswin7.sys [765288 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\WINDOWS\System32\DRIVERS\Sftplaywin7.sys [268648 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\WINDOWS\System32\DRIVERS\Sftredirwin7.sys [25960 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\WINDOWS\System32\DRIVERS\Sftvolwin7.sys [22376 2011-10-01] (Microsoft Corporation)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-19 20:21 - 2017-06-19 20:21 - 00012271 _____ C:\Users\Allan\Downloads\FRST.txt
2017-06-19 20:20 - 2017-06-19 20:21 - 00000000 ____D C:\FRST
2017-06-19 20:17 - 2017-06-19 20:18 - 02439680 _____ (Farbar) C:\Users\Allan\Downloads\FRST64.exe
2017-06-19 20:06 - 2017-06-19 20:06 - 00000000 ___HD C:\$AV_ASW
2017-06-19 19:59 - 2017-06-19 19:59 - 00000000 ____D C:\zoek
2017-06-19 19:41 - 2017-06-19 20:00 - 00000000 ____D C:\zoek_backup
2017-06-18 14:13 - 2017-06-18 14:13 - 00000000 ____D C:\Windows.old
2017-06-18 14:11 - 2017-06-18 14:11 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-18 14:11 - 2017-06-18 14:11 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-18 14:11 - 2017-06-18 14:11 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-18 14:11 - 2017-06-18 14:11 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-18 14:11 - 2017-06-18 14:11 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-18 14:11 - 2017-06-18 14:11 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-18 14:11 - 2017-06-18 14:11 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-18 14:11 - 2017-06-18 14:11 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-18 14:11 - 2017-06-18 14:11 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-18 14:11 - 2017-06-18 14:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-18 14:05 - 2017-06-18 14:05 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\Program Files\MSBuild
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\inetpub
2017-06-18 14:01 - 2017-02-10 20:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-18 14:01 - 2017-02-10 20:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-18 14:01 - 2017-02-10 20:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-18 14:01 - 2017-02-10 20:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-18 14:01 - 2017-02-10 20:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-18 14:01 - 2017-02-10 20:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-18 14:00 - 2017-06-18 14:00 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-18 11:57 - 2017-06-18 11:57 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-18 11:50 - 2017-06-18 11:52 - 00002278 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-06-18 11:50 - 2017-06-18 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-18 11:50 - 2017-06-18 11:50 - 00000000 ____D C:\Program Files\CCleaner
2017-06-18 11:49 - 2017-06-18 11:49 - 09598376 _____ (Piriform Ltd) C:\Users\Allan\Downloads\ccsetup531.exe
2017-06-18 11:40 - 2017-06-18 11:40 - 02794880 _____ C:\Users\Allan\Downloads\ZHPCleaner.exe
2017-06-18 11:13 - 2017-06-18 11:13 - 01181184 _____ C:\Users\Allan\Downloads\SupRestric.exe
2017-06-18 07:52 - 2017-06-18 07:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-18 07:51 - 2017-06-18 07:51 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-18 06:54 - 2017-06-18 06:54 - 00000000 ____D C:\Games
2017-06-18 06:46 - 2017-06-18 06:52 - 00000000 ____D C:\Users\Allan\AppData\Local\Skyrim
2017-06-18 06:39 - 2017-06-18 06:54 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2017-06-18 06:39 - 2017-06-18 06:46 - 00000000 ____D C:\Users\Allan\Documents\Nexus Mod Manager
2017-06-18 06:39 - 2017-06-18 06:39 - 00000000 ____D C:\Users\Allan\AppData\Local\Black_Tree_Gaming
2017-06-18 06:39 - 2017-06-18 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2017-06-18 06:37 - 2017-06-18 06:37 - 06441096 _____ (Black Tree Gaming ) C:\Users\Allan\Downloads\Nexus Mod Manager-0.63.14.exe
2017-06-18 06:13 - 2017-06-18 06:13 - 00000000 ____D C:\Users\Allan\AppData\Local\MicrosoftEdge
2017-06-18 06:08 - 2017-06-18 08:52 - 00000000 ____D C:\Users\Allan\AppData\Local\Comms
2017-06-18 05:58 - 2017-06-18 11:52 - 00002830 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-18 05:58 - 2017-06-18 11:52 - 00000000 ___RD C:\Users\Allan\OneDrive
2017-06-18 05:58 - 2017-06-18 05:59 - 00002363 _____ C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-18 05:58 - 2017-06-18 05:58 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Skype
2017-06-18 05:53 - 2017-06-18 05:53 - 00001047 _____ C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-06-18 05:53 - 2017-06-18 05:53 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-18 05:51 - 2017-06-18 05:51 - 00000000 ____D C:\Users\Allan\AppData\Local\Publishers
2017-06-18 05:50 - 2017-06-18 06:58 - 00000000 ____D C:\Users\Allan\AppData\Local\Packages
2017-06-18 05:50 - 2017-06-18 05:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-18 05:49 - 2017-06-19 19:34 - 00000000 ____D C:\Users\Allan\AppData\Local\ConnectedDevicesPlatform
2017-06-18 05:49 - 2017-06-18 05:49 - 00000020 ___SH C:\Users\Allan\ntuser.ini
2017-06-18 05:49 - 2017-06-18 05:49 - 00000000 ____D C:\Users\Allan\AppData\Local\TileDataLayer
2017-06-18 05:46 - 2017-06-18 05:46 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-18 05:44 - 2017-06-18 05:45 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-06-18 05:44 - 2017-06-18 05:45 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-06-18 05:43 - 2017-06-19 20:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-18 05:43 - 2017-06-19 19:36 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-06-18 05:43 - 2017-06-18 11:52 - 00002998 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-18 05:43 - 2017-06-18 05:43 - 00023356 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-18 05:43 - 2017-06-18 05:43 - 00003270 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2017-06-18 05:43 - 2017-06-18 05:43 - 00003244 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2017-06-18 05:43 - 2017-06-18 05:43 - 00003242 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2017-06-18 05:43 - 2017-06-18 05:43 - 00003214 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2017-06-18 05:43 - 2017-06-18 05:43 - 00003212 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2017-06-18 05:43 - 2017-06-18 05:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-06-18 05:43 - 2017-06-18 05:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-06-18 05:43 - 2017-06-18 05:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-06-18 05:32 - 2017-06-18 05:32 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-18 05:29 - 2017-06-18 05:29 - 00000000 ____D C:\ProgramData\USOShared
2017-06-18 05:29 - 2017-06-18 05:29 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-06-18 05:27 - 2017-06-19 20:00 - 00000000 ____D C:\Users\Allan
2017-06-18 05:27 - 2017-06-18 05:27 - 00000000 _SHDL C:\Users\Allan\My Documents
2017-06-18 05:27 - 2017-06-18 05:27 - 00000000 _SHDL C:\Users\Allan\Documents\My Videos
2017-06-18 05:27 - 2017-06-18 05:27 - 00000000 _SHDL C:\Users\Allan\Documents\My Pictures
2017-06-18 05:27 - 2017-06-18 05:27 - 00000000 _SHDL C:\Users\Allan\Documents\My Music
2017-06-18 05:26 - 2017-06-19 20:17 - 01030624 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-18 05:26 - 2017-06-18 05:26 - 00939752 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-06-18 05:22 - 2017-06-19 20:12 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-18 05:22 - 2016-11-14 12:15 - 06789056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-06-18 05:22 - 2016-11-14 12:15 - 03528128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-06-18 05:22 - 2016-11-14 12:15 - 02558512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-06-18 05:22 - 2016-11-14 12:15 - 00932728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2017-06-18 05:22 - 2016-11-14 12:15 - 00384888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-06-18 05:22 - 2016-11-14 12:15 - 00062328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-06-18 05:22 - 2016-11-14 10:09 - 07513855 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-06-18 05:21 - 2017-06-18 06:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-18 05:21 - 2017-06-18 05:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-18 05:21 - 2017-03-18 21:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-18 05:20 - 2017-06-18 05:20 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-06-18 05:20 - 2017-06-18 05:20 - 00000000 ____D C:\Program Files\VIA
2017-06-18 05:18 - 2017-06-18 11:27 - 00247712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-18 05:18 - 2017-06-18 05:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-18 05:18 - 2017-06-18 05:18 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-18 04:48 - 2017-06-18 04:50 - 00000000 ____D C:\AdwCleaner
2017-06-18 04:48 - 2017-06-18 04:48 - 04110280 _____ C:\Users\Allan\Downloads\adwcleaner_6.047.exe
2017-06-18 04:44 - 2017-06-18 04:44 - 01663672 _____ (Malwarebytes) C:\Users\Allan\Downloads\JRT.exe
2017-06-18 03:47 - 2017-06-18 03:47 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-06-18 03:46 - 2017-06-18 04:44 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-18 03:45 - 2017-06-18 05:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-18 03:44 - 2017-06-18 03:45 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-18 03:43 - 2017-06-18 03:43 - 35421992 _____ (Adlice Software ) C:\Users\Allan\Downloads\setup.exe
2017-06-18 03:42 - 2017-06-18 05:49 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-18 03:42 - 2017-06-18 04:07 - 00000000 ___HD C:\$WINDOWS.~BT
2017-06-18 03:40 - 2017-06-18 03:40 - 00000000 ____D C:\Users\Allan\Documents\backups
2017-06-18 03:37 - 2017-06-18 03:42 - 00000036 _____ C:\WINDOWS\progress.ini
2017-06-18 03:22 - 2017-06-19 20:01 - 00000000 ____D C:\Users\Allan\Desktop\System Tools
2017-06-18 03:22 - 2017-06-18 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2017-06-18 03:22 - 2017-06-18 03:23 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2017-06-18 03:14 - 2017-06-18 05:50 - 00000000 ____D C:\Windows10Upgrade
2017-06-18 03:14 - 2017-06-18 05:48 - 00000000 ___HD C:\$GetCurrent
2017-06-18 03:14 - 2017-06-18 03:14 - 00000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-06-18 03:13 - 2017-06-18 03:14 - 06394488 _____ (Microsoft Corporation) C:\Users\Allan\Downloads\Windows10Upgrade24074.exe
2017-06-18 03:02 - 2017-06-18 03:03 - 03615504 _____ C:\Users\Allan\Downloads\advisorinstaller.exe
2017-06-18 02:56 - 2017-06-18 02:56 - 00000221 _____ C:\Users\Allan\Desktop\The Elder Scrolls V Skyrim.url
2017-06-18 02:36 - 2017-06-18 05:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-06-18 02:36 - 2017-06-18 02:36 - 01110564 _____ (Igor Pavlov) C:\Users\Allan\Downloads\7z1604.exe
2017-06-18 02:36 - 2017-06-18 02:36 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-06-18 02:27 - 2017-06-18 11:48 - 00000000 ____D C:\Users\Allan\AppData\Roaming\ZHP
2017-06-18 02:27 - 2017-06-18 11:40 - 00000000 ____D C:\Users\Allan\AppData\Local\ZHP
2017-06-18 02:26 - 2017-06-18 02:26 - 02750848 _____ C:\Users\Allan\Downloads\ZHPDiag3.exe
2017-06-17 22:10 - 2017-06-18 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2017-06-17 22:10 - 2017-06-18 05:28 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2017-06-17 22:10 - 2017-06-17 22:11 - 00000000 ____D C:\Users\Allan\AppData\Local\ArmA 2
2017-06-17 22:00 - 2017-06-17 22:11 - 00000000 ____D C:\Users\Allan\Documents\ArmA 2
2017-06-17 22:00 - 2017-06-17 22:00 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2017-06-17 20:36 - 2017-06-17 20:36 - 00466520 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2017-06-17 20:36 - 2017-06-17 20:36 - 00445016 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2017-06-17 20:36 - 2017-06-17 20:36 - 00123480 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2017-06-17 20:36 - 2017-06-17 20:36 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2017-06-17 20:36 - 2017-06-17 20:36 - 00000000 ____D C:\Program Files (x86)\OpenAL
2017-06-17 20:34 - 2017-06-19 20:15 - 00000000 ____D C:\Users\Allan\AppData\LocalLow\Mozilla
2017-06-16 23:48 - 2017-06-17 20:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-16 00:58 - 2017-06-16 00:58 - 00000000 ____D C:\Users\Allan\AppData\Local\Gaijin
2017-06-16 00:58 - 2017-06-16 00:58 - 00000000 ____D C:\ProgramData\Gaijin
2017-06-16 00:19 - 2017-06-18 03:21 - 00000000 ____D C:\Users\Allan\Documents\My Games
2017-06-15 23:36 - 2017-06-18 01:56 - 00000000 ____D C:\Users\Allan\AppData\Local\CrashDumps
2017-06-15 20:05 - 2017-06-15 20:52 - 00000000 ____D C:\Users\Public\Documents\stalker-shoc
2017-06-15 00:22 - 2017-06-15 00:22 - 00000000 ____D C:\NVIDIA
2017-06-14 23:54 - 2017-06-15 18:45 - 00000000 ____D C:\Users\Allan\AppData\Local\NVIDIA Corporation
2017-06-14 23:54 - 2017-05-03 21:16 - 01893312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-06-14 23:54 - 2017-05-03 21:16 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-06-14 23:54 - 2017-05-03 21:16 - 01477056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-06-14 23:54 - 2017-05-03 21:16 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-06-14 23:54 - 2017-05-03 21:16 - 00121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-06-14 23:53 - 2017-05-03 21:16 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-06-14 23:53 - 2017-05-03 21:16 - 00143296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-06-14 23:53 - 2017-05-03 21:16 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-06-14 23:53 - 2017-05-03 21:16 - 00048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-06-14 23:53 - 2017-05-03 20:28 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-06-14 23:53 - 2017-05-03 16:41 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-06-14 23:45 - 2017-06-14 23:45 - 00000000 ____D C:\Users\Allan\AppData\LocalLow\Sun
2017-06-14 23:44 - 2017-06-18 05:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-14 23:44 - 2017-06-14 23:47 - 00000000 ____D C:\ProgramData\Oracle
2017-06-14 23:44 - 2017-06-14 23:44 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-06-14 23:44 - 2017-06-14 23:44 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Sun
2017-06-14 23:44 - 2017-06-14 23:44 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-14 23:42 - 2017-06-14 23:43 - 00738880 _____ (Oracle Corporation) C:\Users\Allan\Downloads\jxpiinstall.exe
2017-06-14 22:25 - 2017-05-14 21:46 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2017-06-14 22:25 - 2017-05-14 21:27 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2017-06-14 22:25 - 2017-05-14 21:10 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-06-14 22:25 - 2017-05-14 21:01 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2017-06-14 22:25 - 2017-05-14 20:18 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2017-06-14 22:25 - 2017-05-14 19:38 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00011608 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-06-14 22:25 - 2016-09-15 15:56 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2017-06-14 22:24 - 2017-05-14 20:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2017-06-14 22:24 - 2017-05-10 16:13 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2017-06-14 22:21 - 2017-06-14 22:21 - 00000000 ____D C:\Users\Allan\AppData\Local\UnrealEngine
2017-06-14 22:21 - 2017-06-14 22:21 - 00000000 ____D C:\Users\Allan\AppData\Local\TslGame
2017-06-14 22:12 - 2016-12-31 16:36 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-06-14 21:33 - 2017-06-14 21:28 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-06-14 21:33 - 2017-06-14 21:27 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-06-14 21:33 - 2017-06-14 21:27 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-06-14 21:33 - 2017-06-14 21:27 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-06-14 21:33 - 2017-06-14 21:27 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-06-14 21:32 - 2017-06-14 21:31 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-25 03:12 - 2017-05-25 03:12 - 00000000 ____D C:\Users\Allan\ZHPFix

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-19 20:09 - 2017-03-18 12:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-19 19:42 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-19 19:42 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-19 19:38 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-18 14:17 - 2017-03-18 22:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-18 14:13 - 2017-03-18 22:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-18 14:13 - 2017-03-18 12:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-18 14:02 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-06-18 14:02 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-06-18 14:02 - 2017-03-18 21:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-06-18 14:02 - 2017-03-18 21:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-06-18 14:02 - 2017-03-18 21:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-06-18 14:02 - 2017-03-18 21:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-06-18 14:02 - 2017-03-18 21:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-06-18 14:02 - 2017-03-18 21:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-06-18 14:02 - 2017-03-18 21:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-06-18 14:02 - 2017-03-18 21:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-06-18 14:02 - 2017-03-18 21:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-06-18 14:02 - 2017-03-18 21:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-06-18 14:02 - 2017-03-18 21:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-06-18 14:01 - 2017-03-18 21:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-06-18 14:01 - 2017-03-18 21:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-06-18 14:01 - 2017-03-18 21:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-06-18 14:01 - 2017-03-18 21:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-06-18 14:01 - 2017-03-18 21:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-06-18 14:01 - 2017-03-18 21:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-06-18 14:01 - 2017-03-18 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-06-18 14:01 - 2017-03-18 21:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-06-18 14:01 - 2017-03-18 21:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-06-18 14:01 - 2017-03-18 21:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-06-18 14:01 - 2017-03-18 21:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-06-18 14:01 - 2017-03-18 21:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-06-18 14:01 - 2017-03-18 21:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-06-18 12:48 - 2017-03-18 22:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-18 12:38 - 2015-06-28 15:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-18 12:38 - 2015-06-28 14:48 - 00000000 ____D C:\ProgramData\Adobe
2017-06-18 11:31 - 2015-04-12 13:40 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-18 07:51 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-18 06:03 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-18 06:02 - 2015-04-15 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-06-18 05:57 - 2017-03-19 03:30 - 00000000 ____D C:\WINDOWS\OCR
2017-06-18 05:56 - 2015-05-27 18:04 - 00000000 ____D C:\Users\Allan\Documents\Leigh
2017-06-18 05:47 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-18 05:46 - 2017-03-18 12:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-18 05:45 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-18 05:44 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-18 05:44 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-18 05:42 - 2017-03-18 22:03 - 00000000 __RSD C:\WINDOWS\Media
2017-06-18 05:39 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-18 05:34 - 2015-07-25 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-18 05:34 - 2015-04-29 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima 8
2017-06-18 05:34 - 2015-04-29 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-06-18 05:34 - 2015-04-27 22:24 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2017-06-18 05:34 - 2015-04-17 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2017-06-18 05:34 - 2015-04-16 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2017-06-18 05:34 - 2015-04-15 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
2017-06-18 05:34 - 2015-04-15 16:37 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2017-06-18 05:34 - 2015-04-15 16:37 - 00000000 ____D C:\WINDOWS\system32\vbox
2017-06-18 05:34 - 2015-04-15 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-06-18 05:34 - 2015-04-12 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-18 05:34 - 2015-04-11 23:35 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-06-18 05:34 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-18 05:31 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-18 05:31 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-06-18 05:31 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-18 05:31 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-18 05:31 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-06-18 05:30 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\schemas
2017-06-18 05:30 - 2015-09-20 00:34 - 00000000 ____D C:\WINDOWS\PixArt
2017-06-18 05:29 - 2017-03-18 22:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-06-18 05:29 - 2017-03-18 22:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-06-18 05:29 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-18 05:29 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-18 05:29 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-18 05:29 - 2015-04-27 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2017-06-18 05:29 - 2015-04-15 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier
2017-06-18 05:29 - 2015-04-13 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2017-06-18 05:29 - 2015-04-12 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2017-06-18 05:29 - 2015-04-12 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2017-06-18 05:29 - 2015-04-11 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasbro Interactive
2017-06-18 05:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-06-18 05:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-06-18 05:26 - 2017-03-18 12:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-18 05:23 - 2017-03-18 22:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-06-18 05:23 - 2017-03-18 22:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-06-18 05:23 - 2017-03-18 22:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-18 05:22 - 2017-03-19 03:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-18 05:22 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Help
2017-06-18 04:10 - 2009-07-14 05:45 - 00028928 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-18 04:10 - 2009-07-14 05:45 - 00028928 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-18 02:35 - 2015-04-17 17:49 - 00000000 ____D C:\Users\Allan\AppData\Local\WinZip
2017-06-17 19:43 - 2015-06-28 14:48 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-06-16 19:38 - 2015-04-17 03:28 - 00000000 ____D C:\Users\Allan\AppData\Local\Adobe
2017-06-15 19:00 - 2015-04-15 16:30 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-15 00:04 - 2015-04-15 15:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-14 23:54 - 2015-04-15 15:43 - 00000000 ____D C:\Users\Allan\AppData\Local\NVIDIA
2017-06-14 21:34 - 2015-04-15 16:35 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-06-14 21:32 - 2015-04-15 16:35 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-06-14 21:32 - 2015-04-15 16:35 - 00158368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys.149747249259302
2017-06-14 21:32 - 2015-04-15 16:34 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-06-14 21:31 - 2015-04-15 16:34 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-06-14 21:31 - 2015-04-15 16:34 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-06-14 21:31 - 2015-04-15 16:34 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-06-14 21:31 - 2015-04-15 16:34 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-06-14 21:28 - 2015-04-15 16:34 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-06-14 21:28 - 2015-04-15 16:32 - 00000000 ____D C:\Program Files\AVAST Software
2017-06-14 20:40 - 2015-04-15 16:36 - 00000000 ____D C:\Users\Allan\AppData\Local\Steam

==================== Files in the root of some directories =======

2015-04-12 13:40 - 2015-04-12 13:40 - 0007602 _____ () C:\Users\Allan\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-18 05:18

==================== End of FRST.txt ============================
addition.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-06-2017 01
Ran by Allan (administrator) on PROTOTYPE (19-06-2017 20:21:17)
Running from C:\Users\Allan\Downloads
Loaded Profiles: Allan (Available Profiles: Allan)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-14] (AVAST Software)
HKU\S-1-5-21-2771956393-836798383-2307004672-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-2771956393-836798383-2307004672-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-14] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-14] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0c5d3712-b4d6-4552-9145-29d1c9023246}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c522ff4-bdfb-476f-adb6-a2fda8d78087}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2771956393-836798383-2307004672-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2771956393-836798383-2307004672-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2771956393-836798383-2307004672-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-06-14] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-14] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-06-14] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-14] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default [2017-06-19]
FF Extension: (Avast SafePrice) - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\Extensions\[email protected] [2017-06-19]
FF Extension: (Avast Online Security) - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\ogyprs22.default\Extensions\[email protected] [2017-06-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-19] (Adobe Systems)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-14] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-14] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2017-06-17] ()
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [116224 2017-05-14] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-29] (Electronic Arts)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-06-14] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-06-14] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-06-14] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-06-14] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-06-14] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-06-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-06-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-06-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-06-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-06-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-06-14] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-06-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-06-14] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-03] (NVIDIA Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 Sftfs; C:\WINDOWS\System32\DRIVERS\Sftfswin7.sys [765288 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\WINDOWS\System32\DRIVERS\Sftplaywin7.sys [268648 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\WINDOWS\System32\DRIVERS\Sftredirwin7.sys [25960 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\WINDOWS\System32\DRIVERS\Sftvolwin7.sys [22376 2011-10-01] (Microsoft Corporation)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-19 20:21 - 2017-06-19 20:21 - 00012271 _____ C:\Users\Allan\Downloads\FRST.txt
2017-06-19 20:20 - 2017-06-19 20:21 - 00000000 ____D C:\FRST
2017-06-19 20:17 - 2017-06-19 20:18 - 02439680 _____ (Farbar) C:\Users\Allan\Downloads\FRST64.exe
2017-06-19 20:06 - 2017-06-19 20:06 - 00000000 ___HD C:\$AV_ASW
2017-06-19 19:59 - 2017-06-19 19:59 - 00000000 ____D C:\zoek
2017-06-19 19:41 - 2017-06-19 20:00 - 00000000 ____D C:\zoek_backup
2017-06-18 14:13 - 2017-06-18 14:13 - 00000000 ____D C:\Windows.old
2017-06-18 14:11 - 2017-06-18 14:11 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-18 14:11 - 2017-06-18 14:11 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-18 14:11 - 2017-06-18 14:11 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-18 14:11 - 2017-06-18 14:11 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-18 14:11 - 2017-06-18 14:11 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-18 14:11 - 2017-06-18 14:11 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-18 14:11 - 2017-06-18 14:11 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-18 14:11 - 2017-06-18 14:11 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-18 14:11 - 2017-06-18 14:11 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-18 14:11 - 2017-06-18 14:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-18 14:11 - 2017-06-18 14:11 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-18 14:11 - 2017-06-18 14:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-18 14:11 - 2017-06-18 14:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-18 14:05 - 2017-06-18 14:05 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\Program Files\MSBuild
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-18 14:02 - 2017-06-18 14:02 - 00000000 ____D C:\inetpub
2017-06-18 14:01 - 2017-02-10 20:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-18 14:01 - 2017-02-10 20:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-18 14:01 - 2017-02-10 20:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-18 14:01 - 2017-02-10 20:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-18 14:01 - 2017-02-10 20:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-18 14:01 - 2017-02-10 20:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-18 14:00 - 2017-06-18 14:00 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-18 11:57 - 2017-06-18 11:57 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-18 11:50 - 2017-06-18 11:52 - 00002278 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-06-18 11:50 - 2017-06-18 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-18 11:50 - 2017-06-18 11:50 - 00000000 ____D C:\Program Files\CCleaner
2017-06-18 11:49 - 2017-06-18 11:49 - 09598376 _____ (Piriform Ltd) C:\Users\Allan\Downloads\ccsetup531.exe
2017-06-18 11:40 - 2017-06-18 11:40 - 02794880 _____ C:\Users\Allan\Downloads\ZHPCleaner.exe
2017-06-18 11:13 - 2017-06-18 11:13 - 01181184 _____ C:\Users\Allan\Downloads\SupRestric.exe
2017-06-18 07:52 - 2017-06-18 07:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-18 07:51 - 2017-06-18 07:51 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-18 06:54 - 2017-06-18 06:54 - 00000000 ____D C:\Games
2017-06-18 06:46 - 2017-06-18 06:52 - 00000000 ____D C:\Users\Allan\AppData\Local\Skyrim
2017-06-18 06:39 - 2017-06-18 06:54 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2017-06-18 06:39 - 2017-06-18 06:46 - 00000000 ____D C:\Users\Allan\Documents\Nexus Mod Manager
2017-06-18 06:39 - 2017-06-18 06:39 - 00000000 ____D C:\Users\Allan\AppData\Local\Black_Tree_Gaming
2017-06-18 06:39 - 2017-06-18 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2017-06-18 06:37 - 2017-06-18 06:37 - 06441096 _____ (Black Tree Gaming ) C:\Users\Allan\Downloads\Nexus Mod Manager-0.63.14.exe
2017-06-18 06:13 - 2017-06-18 06:13 - 00000000 ____D C:\Users\Allan\AppData\Local\MicrosoftEdge
2017-06-18 06:08 - 2017-06-18 08:52 - 00000000 ____D C:\Users\Allan\AppData\Local\Comms
2017-06-18 05:58 - 2017-06-18 11:52 - 00002830 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-18 05:58 - 2017-06-18 11:52 - 00000000 ___RD C:\Users\Allan\OneDrive
2017-06-18 05:58 - 2017-06-18 05:59 - 00002363 _____ C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-18 05:58 - 2017-06-18 05:58 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Skype
2017-06-18 05:53 - 2017-06-18 05:53 - 00001047 _____ C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-06-18 05:53 - 2017-06-18 05:53 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-18 05:51 - 2017-06-18 05:51 - 00000000 ____D C:\Users\Allan\AppData\Local\Publishers
2017-06-18 05:50 - 2017-06-18 06:58 - 00000000 ____D C:\Users\Allan\AppData\Local\Packages
2017-06-18 05:50 - 2017-06-18 05:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-18 05:49 - 2017-06-19 19:34 - 00000000 ____D C:\Users\Allan\AppData\Local\ConnectedDevicesPlatform
2017-06-18 05:49 - 2017-06-18 05:49 - 00000020 ___SH C:\Users\Allan\ntuser.ini
2017-06-18 05:49 - 2017-06-18 05:49 - 00000000 ____D C:\Users\Allan\AppData\Local\TileDataLayer
2017-06-18 05:46 - 2017-06-18 05:46 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-18 05:44 - 2017-06-18 05:45 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-06-18 05:44 - 2017-06-18 05:45 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-06-18 05:43 - 2017-06-19 20:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-18 05:43 - 2017-06-19 19:36 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-06-18 05:43 - 2017-06-18 11:52 - 00002998 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-18 05:43 - 2017-06-18 05:43 - 00023356 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-18 05:43 - 2017-06-18 05:43 - 00003270 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2017-06-18 05:43 - 2017-06-18 05:43 - 00003244 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2017-06-18 05:43 - 2017-06-18 05:43 - 00003242 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2017-06-18 05:43 - 2017-06-18 05:43 - 00003214 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2017-06-18 05:43 - 2017-06-18 05:43 - 00003212 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2017-06-18 05:43 - 2017-06-18 05:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-06-18 05:43 - 2017-06-18 05:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-06-18 05:43 - 2017-06-18 05:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-06-18 05:32 - 2017-06-18 05:32 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-18 05:29 - 2017-06-18 05:29 - 00000000 ____D C:\ProgramData\USOShared
2017-06-18 05:29 - 2017-06-18 05:29 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-06-18 05:27 - 2017-06-19 20:00 - 00000000 ____D C:\Users\Allan
2017-06-18 05:27 - 2017-06-18 05:27 - 00000000 _SHDL C:\Users\Allan\My Documents
2017-06-18 05:27 - 2017-06-18 05:27 - 00000000 _SHDL C:\Users\Allan\Documents\My Videos
2017-06-18 05:27 - 2017-06-18 05:27 - 00000000 _SHDL C:\Users\Allan\Documents\My Pictures
2017-06-18 05:27 - 2017-06-18 05:27 - 00000000 _SHDL C:\Users\Allan\Documents\My Music
2017-06-18 05:26 - 2017-06-19 20:17 - 01030624 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-18 05:26 - 2017-06-18 05:26 - 00939752 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-06-18 05:22 - 2017-06-19 20:12 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-18 05:22 - 2016-11-14 12:15 - 06789056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-06-18 05:22 - 2016-11-14 12:15 - 03528128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-06-18 05:22 - 2016-11-14 12:15 - 02558512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-06-18 05:22 - 2016-11-14 12:15 - 00932728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2017-06-18 05:22 - 2016-11-14 12:15 - 00384888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-06-18 05:22 - 2016-11-14 12:15 - 00062328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-06-18 05:22 - 2016-11-14 10:09 - 07513855 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-06-18 05:21 - 2017-06-18 06:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-18 05:21 - 2017-06-18 05:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-18 05:21 - 2017-03-18 21:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-18 05:20 - 2017-06-18 05:20 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-06-18 05:20 - 2017-06-18 05:20 - 00000000 ____D C:\Program Files\VIA
2017-06-18 05:18 - 2017-06-18 11:27 - 00247712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-18 05:18 - 2017-06-18 05:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-18 05:18 - 2017-06-18 05:18 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-18 04:48 - 2017-06-18 04:50 - 00000000 ____D C:\AdwCleaner
2017-06-18 04:48 - 2017-06-18 04:48 - 04110280 _____ C:\Users\Allan\Downloads\adwcleaner_6.047.exe
2017-06-18 04:44 - 2017-06-18 04:44 - 01663672 _____ (Malwarebytes) C:\Users\Allan\Downloads\JRT.exe
2017-06-18 03:47 - 2017-06-18 03:47 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-06-18 03:46 - 2017-06-18 04:44 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-18 03:45 - 2017-06-18 05:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-18 03:44 - 2017-06-18 03:45 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-18 03:43 - 2017-06-18 03:43 - 35421992 _____ (Adlice Software ) C:\Users\Allan\Downloads\setup.exe
2017-06-18 03:42 - 2017-06-18 05:49 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-18 03:42 - 2017-06-18 04:07 - 00000000 ___HD C:\$WINDOWS.~BT
2017-06-18 03:40 - 2017-06-18 03:40 - 00000000 ____D C:\Users\Allan\Documents\backups
2017-06-18 03:37 - 2017-06-18 03:42 - 00000036 _____ C:\WINDOWS\progress.ini
2017-06-18 03:22 - 2017-06-19 20:01 - 00000000 ____D C:\Users\Allan\Desktop\System Tools
2017-06-18 03:22 - 2017-06-18 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2017-06-18 03:22 - 2017-06-18 03:23 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2017-06-18 03:14 - 2017-06-18 05:50 - 00000000 ____D C:\Windows10Upgrade
2017-06-18 03:14 - 2017-06-18 05:48 - 00000000 ___HD C:\$GetCurrent
2017-06-18 03:14 - 2017-06-18 03:14 - 00000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-06-18 03:13 - 2017-06-18 03:14 - 06394488 _____ (Microsoft Corporation) C:\Users\Allan\Downloads\Windows10Upgrade24074.exe
2017-06-18 03:02 - 2017-06-18 03:03 - 03615504 _____ C:\Users\Allan\Downloads\advisorinstaller.exe
2017-06-18 02:56 - 2017-06-18 02:56 - 00000221 _____ C:\Users\Allan\Desktop\The Elder Scrolls V Skyrim.url
2017-06-18 02:36 - 2017-06-18 05:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-06-18 02:36 - 2017-06-18 02:36 - 01110564 _____ (Igor Pavlov) C:\Users\Allan\Downloads\7z1604.exe
2017-06-18 02:36 - 2017-06-18 02:36 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-06-18 02:27 - 2017-06-18 11:48 - 00000000 ____D C:\Users\Allan\AppData\Roaming\ZHP
2017-06-18 02:27 - 2017-06-18 11:40 - 00000000 ____D C:\Users\Allan\AppData\Local\ZHP
2017-06-18 02:26 - 2017-06-18 02:26 - 02750848 _____ C:\Users\Allan\Downloads\ZHPDiag3.exe
2017-06-17 22:10 - 2017-06-18 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2017-06-17 22:10 - 2017-06-18 05:28 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2017-06-17 22:10 - 2017-06-17 22:11 - 00000000 ____D C:\Users\Allan\AppData\Local\ArmA 2
2017-06-17 22:00 - 2017-06-17 22:11 - 00000000 ____D C:\Users\Allan\Documents\ArmA 2
2017-06-17 22:00 - 2017-06-17 22:00 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2017-06-17 20:36 - 2017-06-17 20:36 - 00466520 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2017-06-17 20:36 - 2017-06-17 20:36 - 00445016 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2017-06-17 20:36 - 2017-06-17 20:36 - 00123480 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2017-06-17 20:36 - 2017-06-17 20:36 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2017-06-17 20:36 - 2017-06-17 20:36 - 00000000 ____D C:\Program Files (x86)\OpenAL
2017-06-17 20:34 - 2017-06-19 20:15 - 00000000 ____D C:\Users\Allan\AppData\LocalLow\Mozilla
2017-06-16 23:48 - 2017-06-17 20:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-16 00:58 - 2017-06-16 00:58 - 00000000 ____D C:\Users\Allan\AppData\Local\Gaijin
2017-06-16 00:58 - 2017-06-16 00:58 - 00000000 ____D C:\ProgramData\Gaijin
2017-06-16 00:19 - 2017-06-18 03:21 - 00000000 ____D C:\Users\Allan\Documents\My Games
2017-06-15 23:36 - 2017-06-18 01:56 - 00000000 ____D C:\Users\Allan\AppData\Local\CrashDumps
2017-06-15 20:05 - 2017-06-15 20:52 - 00000000 ____D C:\Users\Public\Documents\stalker-shoc
2017-06-15 00:22 - 2017-06-15 00:22 - 00000000 ____D C:\NVIDIA
2017-06-14 23:54 - 2017-06-15 18:45 - 00000000 ____D C:\Users\Allan\AppData\Local\NVIDIA Corporation
2017-06-14 23:54 - 2017-05-03 21:16 - 01893312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-06-14 23:54 - 2017-05-03 21:16 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-06-14 23:54 - 2017-05-03 21:16 - 01477056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-06-14 23:54 - 2017-05-03 21:16 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-06-14 23:54 - 2017-05-03 21:16 - 00121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-06-14 23:53 - 2017-05-03 21:16 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-06-14 23:53 - 2017-05-03 21:16 - 00143296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-06-14 23:53 - 2017-05-03 21:16 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-06-14 23:53 - 2017-05-03 21:16 - 00048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-06-14 23:53 - 2017-05-03 20:28 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-06-14 23:53 - 2017-05-03 16:41 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-06-14 23:45 - 2017-06-14 23:45 - 00000000 ____D C:\Users\Allan\AppData\LocalLow\Sun
2017-06-14 23:44 - 2017-06-18 05:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-14 23:44 - 2017-06-14 23:47 - 00000000 ____D C:\ProgramData\Oracle
2017-06-14 23:44 - 2017-06-14 23:44 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-06-14 23:44 - 2017-06-14 23:44 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Sun
2017-06-14 23:44 - 2017-06-14 23:44 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-14 23:42 - 2017-06-14 23:43 - 00738880 _____ (Oracle Corporation) C:\Users\Allan\Downloads\jxpiinstall.exe
2017-06-14 22:25 - 2017-05-14 21:46 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2017-06-14 22:25 - 2017-05-14 21:27 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2017-06-14 22:25 - 2017-05-14 21:10 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-06-14 22:25 - 2017-05-14 21:01 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2017-06-14 22:25 - 2017-05-14 20:18 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2017-06-14 22:25 - 2017-05-14 19:38 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:36 - 00011608 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-06-14 22:25 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-06-14 22:25 - 2016-09-15 15:56 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2017-06-14 22:24 - 2017-05-14 20:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2017-06-14 22:24 - 2017-05-10 16:13 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2017-06-14 22:21 - 2017-06-14 22:21 - 00000000 ____D C:\Users\Allan\AppData\Local\UnrealEngine
2017-06-14 22:21 - 2017-06-14 22:21 - 00000000 ____D C:\Users\Allan\AppData\Local\TslGame
2017-06-14 22:12 - 2016-12-31 16:36 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-06-14 21:33 - 2017-06-14 21:28 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-06-14 21:33 - 2017-06-14 21:27 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-06-14 21:33 - 2017-06-14 21:27 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-06-14 21:33 - 2017-06-14 21:27 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-06-14 21:33 - 2017-06-14 21:27 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-06-14 21:32 - 2017-06-14 21:31 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-25 03:12 - 2017-05-25 03:12 - 00000000 ____D C:\Users\Allan\ZHPFix

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-19 20:09 - 2017-03-18 12:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-19 19:42 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-19 19:42 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-19 19:38 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-18 14:17 - 2017-03-18 22:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-18 14:13 - 2017-03-18 22:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-18 14:13 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-18 14:13 - 2017-03-18 12:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-18 14:02 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-06-18 14:02 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-06-18 14:02 - 2017-03-18 21:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-06-18 14:02 - 2017-03-18 21:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-06-18 14:02 - 2017-03-18 21:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-06-18 14:02 - 2017-03-18 21:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-06-18 14:02 - 2017-03-18 21:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-06-18 14:02 - 2017-03-18 21:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-06-18 14:02 - 2017-03-18 21:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-06-18 14:02 - 2017-03-18 21:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-06-18 14:02 - 2017-03-18 21:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-06-18 14:02 - 2017-03-18 21:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-06-18 14:02 - 2017-03-18 21:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-06-18 14:02 - 2017-03-18 21:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-06-18 14:01 - 2017-03-18 21:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-06-18 14:01 - 2017-03-18 21:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-06-18 14:01 - 2017-03-18 21:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-06-18 14:01 - 2017-03-18 21:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-06-18 14:01 - 2017-03-18 21:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-06-18 14:01 - 2017-03-18 21:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-06-18 14:01 - 2017-03-18 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-06-18 14:01 - 2017-03-18 21:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-06-18 14:01 - 2017-03-18 21:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-06-18 14:01 - 2017-03-18 21:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-06-18 14:01 - 2017-03-18 21:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-06-18 14:01 - 2017-03-18 21:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-06-18 14:01 - 2017-03-18 21:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-06-18 12:48 - 2017-03-18 22:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-18 12:38 - 2015-06-28 15:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-18 12:38 - 2015-06-28 14:48 - 00000000 ____D C:\ProgramData\Adobe
2017-06-18 11:31 - 2015-04-12 13:40 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-18 07:51 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-18 06:03 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-18 06:02 - 2015-04-15 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-06-18 05:57 - 2017-03-19 03:30 - 00000000 ____D C:\WINDOWS\OCR
2017-06-18 05:56 - 2015-05-27 18:04 - 00000000 ____D C:\Users\Allan\Documents\Leigh
2017-06-18 05:47 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-18 05:46 - 2017-03-18 12:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-18 05:45 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-18 05:44 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-18 05:44 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-18 05:42 - 2017-03-18 22:03 - 00000000 __RSD C:\WINDOWS\Media
2017-06-18 05:39 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-18 05:34 - 2015-07-25 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-18 05:34 - 2015-04-29 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima 8
2017-06-18 05:34 - 2015-04-29 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-06-18 05:34 - 2015-04-27 22:24 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2017-06-18 05:34 - 2015-04-17 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2017-06-18 05:34 - 2015-04-16 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2017-06-18 05:34 - 2015-04-15 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
2017-06-18 05:34 - 2015-04-15 16:37 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2017-06-18 05:34 - 2015-04-15 16:37 - 00000000 ____D C:\WINDOWS\system32\vbox
2017-06-18 05:34 - 2015-04-15 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-06-18 05:34 - 2015-04-12 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-18 05:34 - 2015-04-11 23:35 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-06-18 05:34 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-18 05:31 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-18 05:31 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-06-18 05:31 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-18 05:31 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-18 05:31 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-06-18 05:30 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\schemas
2017-06-18 05:30 - 2015-09-20 00:34 - 00000000 ____D C:\WINDOWS\PixArt
2017-06-18 05:29 - 2017-03-18 22:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-06-18 05:29 - 2017-03-18 22:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-06-18 05:29 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-18 05:29 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-18 05:29 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-18 05:29 - 2015-04-27 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2017-06-18 05:29 - 2015-04-15 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier
2017-06-18 05:29 - 2015-04-13 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2017-06-18 05:29 - 2015-04-12 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2017-06-18 05:29 - 2015-04-12 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2017-06-18 05:29 - 2015-04-11 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasbro Interactive
2017-06-18 05:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-06-18 05:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-06-18 05:26 - 2017-03-18 12:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-18 05:23 - 2017-03-18 22:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-06-18 05:23 - 2017-03-18 22:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-06-18 05:23 - 2017-03-18 22:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-18 05:22 - 2017-03-19 03:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-18 05:22 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Help
2017-06-18 04:10 - 2009-07-14 05:45 - 00028928 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-18 04:10 - 2009-07-14 05:45 - 00028928 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-18 02:35 - 2015-04-17 17:49 - 00000000 ____D C:\Users\Allan\AppData\Local\WinZip
2017-06-17 19:43 - 2015-06-28 14:48 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-06-16 19:38 - 2015-04-17 03:28 - 00000000 ____D C:\Users\Allan\AppData\Local\Adobe
2017-06-15 19:00 - 2015-04-15 16:30 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-15 00:04 - 2015-04-15 15:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-14 23:54 - 2015-04-15 15:43 - 00000000 ____D C:\Users\Allan\AppData\Local\NVIDIA
2017-06-14 21:34 - 2015-04-15 16:35 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-06-14 21:32 - 2015-04-15 16:35 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-06-14 21:32 - 2015-04-15 16:35 - 00158368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys.149747249259302
2017-06-14 21:32 - 2015-04-15 16:34 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-06-14 21:31 - 2015-04-15 16:34 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-06-14 21:31 - 2015-04-15 16:34 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-06-14 21:31 - 2015-04-15 16:34 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-06-14 21:31 - 2015-04-15 16:34 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-06-14 21:28 - 2015-04-15 16:34 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-06-14 21:28 - 2015-04-15 16:32 - 00000000 ____D C:\Program Files\AVAST Software
2017-06-14 20:40 - 2015-04-15 16:36 - 00000000 ____D C:\Users\Allan\AppData\Local\Steam

==================== Files in the root of some directories =======

2015-04-12 13:40 - 2015-04-12 13:40 - 0007602 _____ () C:\Users\Allan\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-18 05:18

==================== End of FRST.txt ============================
Also on a little sidenote, when I was running, there was a huge lag spike in my system, and then it popped up saying DAS21 has encountered a problem, and to click okay to terminate the programe, I don't know if theres a link but I though I should share it.

Also so far so good, I've noticed the computer starts quicker, but is a lot less responsive if I want to do something in boot up. otherwise, everything is running smoother, still got to try a game yet, but I shall do later on in the evening and let you know.[/U]
 

Attachments

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,397
552
You have two FRST logs, I need the addition.txt as well please.

Security Check Scan.

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

Adware Removal Tool Scan.


Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.




Hit Ok.




Hit next make sure to leave all items checked, for removal.




The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.


9-Lab Scan.



  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Disable your antivirus prior to this scan.
  • Install the program onto your computer, then right click the icon run as administrator.
  • Update the program and then run a Full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


Zemana Deep Scan
    • Right click on Zemana and run as admin.
    • Click the Cog/Sproket Wheel, at the top right of Zemana
    • Select Advanced - I have read the warning and wish to proceed.
    • Place a tick next to Detect Suspicious (Root CA) Certificates.
    • Then click the house icon in Zemana.
    • Then hit your start button at the lower left hand corner of your desktop.
    • Then left click on Computer.
    • Drag Local Disk C: or whichever drive you decide to check first.
    • Into the area of Zemana that reads Drag and drop files here to scan them.
    • Once the scan has completed click graph icon on the top right of the programs User interface.
    • Double click to open the latest log-file.
    • Copy it to your clipboard.
    • Post the log here in your next reply.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,397
552
Also, would you like to try and downgrade back to windows 7 at all? Or are you liking windows 10?
 

Allan.T

PCHF Member
PCHF Member
Jun 17, 2017
132
19
30
U.K, North West.
Hmm, thats something I'm not sure about to be honest, windows ten helps with my XboxOne streaming, and I kinda like the techy feel to the windows 10, I always moaned about windows 7 lol
 

Allan.T

PCHF Member
PCHF Member
Jun 17, 2017
132
19
30
U.K, North West.
Security Check Scan

SecurityCheck by glax24 & Severnyj v.1.4.0.51 [13.06.17]
WebSite: www.safezone.cc
DateLog: 22.06.2017 14:58:18
Path starting: C:\Users\Allan\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Allan
VersionXML: 4.39is-20.06.2017
___________________________________________________________________________

Windows 10(6.3.15063) (x64) Core Release: 1703 Lang: English(0409)
Installation date OS: 18.06.2017 04:49:22
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [931 Gb] Used: [224 Gb] Free: [707 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.413.15063.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------- [ HotFix ] --------------------------------
HotFix KB4016871 Warning! Download Update
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
Avast Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.17.4.2294
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.0.1024 v.2.2.0.1024
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 16.04 v.16.04
OpenOffice 4.1.1 v.4.11.9775 Warning! Download Update
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 131 v.8.0.1310.11
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 26 NPAPI v.26.0.0.131
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 53.0.3 (x86 en-US) v.53.0.3 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.53.0.3.6347
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.17.4.3482.0
aswbIDSAgent (aswbIDSAgent) - The service is running
C:\Program Files\AVAST Software\Avast\AvastUI.exe v.17.4.3482.0
MBAMService (MBAMService) - The service has stopped
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0
Windows Defender Antivirus Service (WinDefend) - The service has stopped
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
Windows Font Cache Service (FontCache) - The service is running
----------------------------- [ End of Log ] ------------------------------
Adware Removal Tool

The programme found 0 items, and told me to click the button to finish, I clicked it anticipating a log, but nothing showed up.

9-Lab Removal Tool

I downloaded the program, I ran the program, I updated, then rebooted. 9-Lab said it was up to date but couldn't "connect to database". I've attached an image to show you the error screen I'm getting. I downloaded the 64-bit version (as that's what it tells me in the properties of "this PC"), and I can't fathom what I've done wrong, I've uninstalled and re-installed the program followed the same steps and yet I get the same error pop-up. Anti-virus has been off throughout my problems.

Zemana
This scan took forever, been sat waiting to post for over 2 hours lol.

Zemana AntiMalware 2.74.2.76 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/6/22
Operating System : Windows 10 64-bit
Processor : 4X AMD FX(tm)-4100 Quad-Core Processor
BIOS Mode : Legacy
CUID : 12A3BFC942EDD02A46501E
Scan Type : Custom Scan
Duration : 171m 9s
Scanned Objects : 446772
Detected Objects : 0
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

No threats detected
 

Attachments

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,397
552
I downloaded the program, I ran the program, I updated, then rebooted. 9-Lab said it was up to date but couldn't "connect to database". I've attached an image to show you the error screen I'm getting. I downloaded the 64-bit version (as that's what it tells me in the properties of "this PC"), and I can't fathom what I've done wrong, I've uninstalled and re-installed the program followed the same steps and yet I get the same error pop-up. Anti-virus has been off throughout my problems.

No worries, this tool will sometimes not run on some machines for whatever reason.

Make sure and update these programs, listed by Security Check



HotFix KB4016871 Warning! Download Update
OpenOffice 4.1.1 v.4.11.9775 Warning! Download Update
Mozilla Firefox 53.0.3 (x86 en-US) v.53.0.3 Warning! Download Update

Can you please post a fresh Hijack this log for me to review.


Then Tweak some services to boost performance a bit more.


Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select Tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.




You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.





Clean your machine With Privazer

Then defrag it with Toolwhiz Defrag



Now reboot your machine and let me know how things are running.
 

Allan.T

PCHF Member
PCHF Member
Jun 17, 2017
132
19
30
U.K, North West.
Hijack This

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.24

Platform: x64 Windows 10 (Home), 10.0.15063 (ReleaseId: 1703), Service Pack: 0
Time: 23.06.2017 - 16:21
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x809)
Elevated: Yes
Ran by: Allan (group: Administrator) on PROTOTYPE

Firefox: 54.0.0.6368
Edge: 11.0.15063.332
Internet Explorer: 11.0.15063.0

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
1 C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
3 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
2 C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
1 C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
1 C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
1 C:\Program Files\Windows Defender\MSASCuiL.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
1 C:\Users\Allan\Desktop\MemCompression
1 C:\Users\Allan\Desktop\System Tools\HiJackThis.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\TiltWheelMouse.exe
1 C:\Windows\System32\ViakaraokeSrv.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mqsvc.exe
1 C:\Windows\System32\msiexec.exe
2 C:\Windows\System32\nvvsvc.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
64 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - Google - http://www.google.com/search?q={searchTerms}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - Google - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O2-32 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2-32 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2-32 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKCU\..\StartupApproved\Run: [CCleaner] (2017/06/18)C:\Program Files\CCleaner\CCleaner64.exe /AUTO
O4 - HKCU\..\StartupApproved\Run: [OneDrive] (2017/06/18)C:\Users\Allan\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKCU\..\StartupApproved\Run: [Steam] (2017/06/18)C:\Program Files (x86)\Steam\Steam.exe -silent
O4 - HKLM\..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [ZAM] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe /minimized
O4 - HKLM\..\StartupApproved\Run: [HDAudDeck] (2017/06/18)C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\StartupApproved\Run: [MouseDriver] C:\WINDOWS\system32\TiltWheelMouse.exe
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O17 - DHCP DNS - 1: 192.168.1.1
O21 - ShellIconOverlayIdentifiers: AccExtIco1 - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O21 - ShellIconOverlayIdentifiers: AccExtIco2 - {853B7E05-C47D-4985-909A-D0DC5C6D7303} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O21 - ShellIconOverlayIdentifiers: AccExtIco3 - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O21 - ShellIconOverlayIdentifiers: 00asw - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShA64.dll
O21 - ShellIconOverlayIdentifiers: 00avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShA64.dll
O22 - Task (Disabled): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task (Disabled): NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
O22 - Task (Disabled): \Microsoft\Windows\Media Center\PeriodicScanRetry - C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (file missing)
O22 - Task (Disabled): \Microsoft\Windows\Media Center\RecordingRestart - C:\WINDOWS\ehome\ehrec /RestartRecording (file missing)
O22 - Task (Disabled): \Microsoft\Windows\Shell\WindowsParentalControls - {DFA14C43-F385-4170-99CC-1B7765FA0E4A} - C:\Windows\SysWOW64\wpcumi.dll (file missing)
O22 - Task (Disabled): \Microsoft\Windows\Shell\WindowsParentalControlsMigration - {343D770D-7788-47C2-B62A-B7C4CED925CB} - C:\Windows\SysWOW64\wpcmig.dll (file missing)
O22 - Task (Disabled): \Microsoft\Windows\Subscription\LicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe
O22 - Task (Disabled): \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - C:\WINDOWS\system32\usoclient.exe ScanInstallWait
O22 - Task (Ready): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task (Ready): Microsoft_Hardware_Launch_ipoint_exe - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
O22 - Task (Ready): Microsoft_Hardware_Launch_itype_exe - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
O22 - Task (Ready): Microsoft_Hardware_Launch_mousekeyboardcenter_exe - c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
O22 - Task (Ready): \Microsoft\Windows Defender\MpIdleTask - c:\program files\windows defender\MpCmdRun.exe -IdleTask -TaskName MpIdleTask
O22 - Task (Ready): \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file)
O22 - Task (Ready): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP App Launch Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},AppLaunch - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Auth Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},ReAuth - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},MissingCredentials - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\StorageCardEncryption Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},SDCardEncryptionPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Cellular - C:\WINDOWS\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Logon - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source LogonIdleTask
O22 - Task (Ready): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Arg4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll
O22 - Task (Ready): \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -MediaCenterRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -ObjectStoreRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -PvrRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -PvrSchedule (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -SqlLiteRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\RAC\RacTask - {42060D27-CA53-41F5-96E4-B1E8169308A6},$(Arg0) - C:\WINDOWS\system32\RacEngn.dll
O22 - Task (Ready): \Microsoft\Windows\Subscription\EnableLicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe -e
O22 - Task (Ready): \Microsoft\Windows\Tcpip\IpAddressConflict1 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
O22 - Task (Ready): \Microsoft\Windows\Tcpip\IpAddressConflict2 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
O22 - Task (Ready): \Microsoft\Windows\WwanSvc\NotificationTask - C:\WINDOWS\System32\WiFiTask.exe wwan
O22 - Task (Running): Microsoft_MKC_Logon_Task_ipoint.exe - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
O22 - Task (Running): Microsoft_MKC_Logon_Task_itype.exe - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
O23 - Service R2: @oem34.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service - (VIAKaraokeService) - C:\WINDOWS\system32\viakaraokesrv.exe
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: NVIDIA Display Driver Service - (nvsvc) - C:\WINDOWS\system32\nvvsvc.exe
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service R2: Windows Defender Security Center Service - (SecurityHealthService) - C:\WINDOWS\system32\SecurityHealthService.exe
O23 - Service R2: ZAM Controller Service - (ZAMSvc) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service S2: MBAMService - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service S2: Origin Web Helper Service - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: Internet Explorer ETW Collector Service - (IEEtwCollectorService) - C:\Windows\system32\IEEtwCollector.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service S3: Origin Client Service - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service S3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S3: Windows Defender Antivirus Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe

--
End of file - Time spent: 29 sec. - 30736 bytes, CRC32: FFFFFFFF. Sign: 垢䰡
I've done all you asked, rebooted the machine and it seems a little quicker to load everything, tried out a few games (may have got carried away and spent a bit more time than I was meant to :p . All Seems well, running smoother on some games!
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,397
552
Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!

Click System Scan Only.
Then check mark the items listed below.

O4 - HKCU\..\StartupApproved\Run: [OneDrive] (2017/06/18)C:\Users\Allan\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKLM\..\Run: [ZAM] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe /minimized
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O22 - Task (Ready): \Microsoft\Windows Defender\MpIdleTask - c:\program files\windows defender\MpCmdRun.exe -IdleTask -TaskName MpIdleTask
O22 - Task (Ready): \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -MediaCenterRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -ObjectStoreRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -PvrRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -PvrSchedule (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -SqlLiteRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing)
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service R2: Windows Defender Security Center Service - (SecurityHealthService) - C:\WINDOWS\system32\SecurityHealthService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S3: Windows Defender Antivirus Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe



Now click on fix checked.
After the fix is complete, then reboot your machine.



Your machine is clean... :thumbsup:

Glad to have helped!! Please tell a friend ...... or two about us.


Optimize your internet connection.

Click here for instructions.


suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.



Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.





Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.

Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 
Status
Not open for further replies.