Solved Frst & addition logs for networking problem

maxim123 · Aug 2, 2017

Hi, when I got the router, I could login to admin panel anytime I wanted and easily too. After months, I could login only after resetting the router. Now, even after resetting, it seems to be very difficult.

I looked into the internet and saw the various suggestions there, but none of them worked for me.
Please help me.
Thank you.

Here is the ipconfig log:

Code:

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ADMIN
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 76-29-AF-2C-90-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 68-F7-28-50-6E-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bdc8:b551:9d4e:5491%7(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, August 2, 2017 10:04:34 PM
   Lease Expires . . . . . . . . . . : Saturday, August 5, 2017 10:17:50 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 90765096
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-58-95-B0-68-F7-28-50-6E-46
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-C9-62-3B-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 74-29-AF-2C-90-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4cd:13e8:3f57:fefa(Preferred)
   Link-local IPv6 Address . . . . . : fe80::4cd:13e8:3f57:fefa%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 218103808
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-58-95-B0-68-F7-28-50-6E-46
   NetBIOS over Tcpip. . . . . . . . : Disabled

C:\WINDOWS\system32>

veeg · Aug 2, 2017

Hello
Have you tried a factory reset on your router? It should be in your manual and or listed on the router itself.
Hopefully some of our other members will chime in soon.

@Samuria @phillpower2 @gus

Malnutrition · Aug 2, 2017

How to Factory Reset A Home Router.

Malnutrition · Aug 2, 2017

Also, are you having issues logging into the router with just one machine? Is there a reason you want to log into the Admin Panel?

maxim123 · Aug 3, 2017

vger said:
Hello
Have you tried a factory reset on your router? It should be in your manual and or listed on the router itself.
Hopefully some of our other members will chime in soon.

@Samuria @phillpower2 @gus

Malnutrition said:
How to Factory Reset A Home Router.

Malnutrition said:
Also, are you having issues logging into the router with just one machine? Is there a reason you want to log into the Admin Panel?

Hi, I have factory reset my router. But just like with resetting the router, it worked only for once and after that, I would have to reset to login to the admin panel.
Well, I only have a laptop right now, so I haven't checked the router with other pcs.
Main reason for me to log into the admin panel is to change wifi password.

Malnutrition · Aug 3, 2017

Eliminate restrictive settings with this tool.

Temporarily disable your antivirus --- Your antivirus may flag this tool as malware, it is safe to run I assure you.
Download SupRestric.exe save to your desktop. ( Unzip it there)
Close all running programs.
Double click the file to launch it.
Windows: 7/8/10 Vista and run as administrator
Click Yes at any prompt.
The analysis takes only a few moments.
The report is on the desktop ( CTR.txt )
Copy paste report in next reply.
A reboot is needed to complete the repairs.

MiniToolBox

Please download MINITOOLBOX and run it.

Checkmark following boxes:

Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)

Click Go and post the result.

HijackThis.

1- Please Click HERE to download HijackThis. -- Unzip to your desktop.
2- Right click run as admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

maxim123 · Aug 3, 2017

suprestrict report.

Code:

Report of Restrictions Control Pierre13 (CTR version 2.4.0.0) of the 03 \ 08 \ 2017 with 12:05:18 PC of Max Windows 10 Pro (64 bits) repair error 2203 impossible.
Control presence restrictions [TROJ_POWELIKS.B] feature_browser_emulation key deleted.
[BKDR_BLACKEN.A] key Check_Associations deleted. Authorization installation Java (x86) deleted.
Authorization installation Java (x64) deleted.
Restriction Display Recent documents deleted.
Restriction Display Documents deleted.
Restriction Synchronization Background Information Streams and Web Slices Removed.
Restriction discovery of RSS feeds and Web Slices deleted.
Numeric keypad active.
User Restriction for Windows Installer Removed.
Windows Update Search Reverted.
Windows Firewall service enabled.
Windows Firewall settings restored by default and enabled.
 238 controlled restrictions. 12 Restricted Restriction (s).
Reboot the PC to take the repair (s) into account.
The report is on the desktop (C: \ Users \ USER \ Desktop \ CTR.txt)

maxim123 · Aug 3, 2017

minitoolbox report:

Code:

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Max (administrator) on 03-08-2017 at 12:13:57
Running from "C:\Users\USER\Desktop"
Microsoft Windows 10 Pro  (X64)
Model: 20369 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
127.0.0.1 rosettastone.com
127.0.0.1 launch.rosettastone.com
127.0.0.1 amp.rosettastone.com
127.0.0.1 resources.rosettastone.com
127.0.0.1 updates.rosettastone.com0.0.0.0 anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 www.mefeedia.com
0.0.0.0 delivery.anchorfree.us/land.php
0.0.0.0 www.mefeedia.com
0.0.0.0 www.mefeedia.com
0.0.0.0 delivery.anchorfree.us/land.php
========================= IP Configuration: ================================

Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Connected)
Anchorfree HSS VPN Adapter = Ethernet 4 (Media disconnected)
Realtek PCIe GBE Family Controller = Ethernet 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 24" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ppp_2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_16" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_14" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="Ethernet 4" address=192.168.172.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : ADMIN
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 68-F7-28-50-6E-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 76-29-AF-2C-90-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-C9-62-3B-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 74-29-AF-2C-90-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bd3b:30c4:6d62:2524%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, August 3, 2017 12:09:19 PM
   Lease Expires . . . . . . . . . . : Sunday, August 6, 2017 12:09:19 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 477374895
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-58-95-B0-68-F7-28-50-6E-46
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:280d:1b77:3f57:fef9(Preferred)
   Link-local IPv6 Address . . . . . : fe80::280d:1b77:3f57:fef9%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 184549376
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-58-95-B0-68-F7-28-50-6E-46
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2404:6800:4003:c01::8b
      172.217.27.110


Pinging google.com [74.125.200.113] with 32 bytes of data:
Reply from 74.125.200.113: bytes=32 time=155ms TTL=44
Reply from 74.125.200.113: bytes=32 time=154ms TTL=44

Ping statistics for 74.125.200.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 154ms, Maximum = 155ms, Average = 154ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      98.139.180.149
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=275ms TTL=40
Reply from 98.139.180.149: bytes=32 time=271ms TTL=40

Ping statistics for 98.139.180.149:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 271ms, Maximum = 275ms, Average = 273ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...68 f7 28 50 6e 46 ......Realtek PCIe GBE Family Controller
 19...76 29 af 2c 90 55 ......Microsoft Wi-Fi Direct Virtual Adapter
 15...00 ff c9 62 3b 62 ......Anchorfree HSS VPN Adapter
  5...74 29 af 2c 90 55 ......Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    311
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    311
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    311
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    331 ::/0                     On-link
  1    331 ::1/128                  On-link
 11    331 2001::/32                On-link
 11    331 2001:0:4137:9e76:280d:1b77:3f57:fef9/128
                                    On-link
  5    311 fe80::/64                On-link
 11    331 fe80::/64                On-link
 11    331 fe80::280d:1b77:3f57:fef9/128
                                    On-link
  5    311 fe80::bd3b:30c4:6d62:2524/128
                                    On-link
  1    331 ff00::/8                 On-link
  5    311 ff00::/8                 On-link
 11    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/03/2017 12:12:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/03/2017 10:19:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.15156.1008, time stamp: 0x0413a786
Faulting module name: KERNELBASE.dll, version: 10.0.15063.483, time stamp: 0xaa6457d1
Exception code: 0xc06d007e
Fault offset: 0x0000000000069e08
Faulting process id: 0x2178
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
Faulting package full name: CompatTelRunner.exe4
Faulting package-relative application ID: CompatTelRunner.exe5

Error: (08/02/2017 10:11:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/02/2017 12:24:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.15156.1008, time stamp: 0x0413a786
Faulting module name: KERNELBASE.dll, version: 10.0.15063.483, time stamp: 0xaa6457d1
Exception code: 0xc06d007e
Fault offset: 0x0000000000069e08
Faulting process id: 0x16d0
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
Faulting package full name: CompatTelRunner.exe4
Faulting package-relative application ID: CompatTelRunner.exe5

Error: (08/01/2017 11:46:57 AM) (Source: Application Error) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.15156.1008, time stamp: 0x0413a786
Faulting module name: KERNELBASE.dll, version: 10.0.15063.483, time stamp: 0xaa6457d1
Exception code: 0xc06d007e
Fault offset: 0x0000000000069e08
Faulting process id: 0x270c
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
Faulting package full name: CompatTelRunner.exe4
Faulting package-relative application ID: CompatTelRunner.exe5

Error: (07/31/2017 08:40:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.15156.1008, time stamp: 0x0413a786
Faulting module name: KERNELBASE.dll, version: 10.0.15063.483, time stamp: 0xaa6457d1
Exception code: 0xc06d007e
Fault offset: 0x0000000000069e08
Faulting process id: 0x24f8
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
Faulting package full name: CompatTelRunner.exe4
Faulting package-relative application ID: CompatTelRunner.exe5

Error: (07/31/2017 08:37:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: ADMIN)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/30/2017 07:18:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ADMIN)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/30/2017 08:25:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.15156.1008, time stamp: 0x0413a786
Faulting module name: KERNELBASE.dll, version: 10.0.15063.483, time stamp: 0xaa6457d1
Exception code: 0xc06d007e
Fault offset: 0x0000000000069e08
Faulting process id: 0x2d7c
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
Faulting package full name: CompatTelRunner.exe4
Faulting package-relative application ID: CompatTelRunner.exe5

Error: (07/29/2017 09:05:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ADMIN)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/03/2017 12:13:29 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/03/2017 12:12:42 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (08/03/2017 12:10:09 PM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x1f000000047757.  The name of the file is "\Windows\System32\linkinfo.dll".

Error: (08/03/2017 12:09:31 PM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error:
%%126 = The specified module could not be found.


Error: (08/03/2017 12:09:19 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/03/2017 12:09:18 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/03/2017 12:09:17 PM) (Source: Service Control Manager) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
%%126 = The specified module could not be found.


Error: (08/03/2017 12:09:17 PM) (Source: Service Control Manager) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error:
%%126 = The specified module could not be found.


Error: (08/03/2017 12:09:17 PM) (Source: Service Control Manager) (User: )
Description: The WAS service terminated with the following error:
%%126 = The specified module could not be found.


Error: (08/03/2017 12:09:17 PM) (Source: Service Control Manager) (User: )
Description: The AppHostSvc service terminated with the following error:
%%126 = The specified module could not be found.



Microsoft Office Sessions:
=========================
Error: (08/03/2017 12:12:03 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestD:\Program Files (x86)\Audacity\audacity.exe

Error: (08/03/2017 10:19:28 AM) (Source: Application Error)(User: )
Description: CompatTelRunner.exe10.0.15156.10080413a786KERNELBASE.dll10.0.15063.483aa6457d1c06d007e0000000000069e08217801d30c11c1ac3744C:\WINDOWS\system32\CompatTelRunner.exeC:\WINDOWS\System32\KERNELBASE.dll27d72f41-77dd-4f7c-b682-417f93634c80

Error: (08/02/2017 10:11:50 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestD:\Program Files (x86)\Audacity\audacity.exe

Error: (08/02/2017 12:24:39 PM) (Source: Application Error)(User: )
Description: CompatTelRunner.exe10.0.15156.10080413a786KERNELBASE.dll10.0.15063.483aa6457d1c06d007e0000000000069e0816d001d30b5a167d81fdC:\WINDOWS\system32\CompatTelRunner.exeC:\WINDOWS\System32\KERNELBASE.dll296ae2e1-d7a0-4bfe-912a-015a3898c2e1

Error: (08/01/2017 11:46:57 AM) (Source: Application Error)(User: )
Description: CompatTelRunner.exe10.0.15156.10080413a786KERNELBASE.dll10.0.15063.483aa6457d1c06d007e0000000000069e08270c01d30a8ba950a0b8C:\WINDOWS\system32\CompatTelRunner.exeC:\WINDOWS\System32\KERNELBASE.dlla1c21dad-2938-4f4e-9bf7-c9d9b158f11a

Error: (07/31/2017 08:40:45 AM) (Source: Application Error)(User: )
Description: CompatTelRunner.exe10.0.15156.10080413a786KERNELBASE.dll10.0.15063.483aa6457d1c06d007e0000000000069e0824f801d309a87488bc26C:\WINDOWS\system32\CompatTelRunner.exeC:\WINDOWS\System32\KERNELBASE.dll9eeba943-64d6-4162-938b-de10ef088d28

Error: (07/31/2017 08:37:26 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: ADMIN)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147023170

Error: (07/30/2017 07:18:52 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ADMIN)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147023170

Error: (07/30/2017 08:25:37 AM) (Source: Application Error)(User: )
Description: CompatTelRunner.exe10.0.15156.10080413a786KERNELBASE.dll10.0.15063.483aa6457d1c06d007e0000000000069e082d7c01d308dd341f2f39C:\WINDOWS\system32\CompatTelRunner.exeC:\WINDOWS\System32\KERNELBASE.dlle016fe34-4585-4ba9-8d16-74c85a0b038e

Error: (07/29/2017 09:05:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ADMIN)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147023170


CodeIntegrity Errors:
===================================
  Date: 2017-08-02 17:24:43.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-02 17:24:42.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-30 19:31:29.572
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-30 19:31:28.404
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-27 11:52:28.251
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-27 11:52:27.706
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-26 18:56:40.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-26 18:56:39.780
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-19 21:07:36.232
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-19 21:07:34.977
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.5.0.43900 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Anvi Folder Locker 1.2.1370.0 (HKLM-x32\...\Anvi Folder Locker) (Version: 1.2.1370.0 - Anvisoft)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AutoHotkey 1.1.23.01 (HKLM\...\AutoHotkey) (Version: 1.1.23.01 - Lexikos)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
calibre (HKLM-x32\...\{CEAD2735-F47D-4E9C-88B2-D1DBACF7BFFF}) (Version: 2.25.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM\...\{15EEB07A-3FB9-FA4C-8EFF-697728CB1E5C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{D6823E97-B396-927D-D651-AFB82BE03523}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A63E3031-0522-18C6-F18F-7EE80973315F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{A2966D0F-43BB-116D-C9C7-49612FBFD0AE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{4C608ED2-535B-2119-3661-9E6F7DDB600F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{BF26ACAF-6D09-023B-5FB7-8A848874A724}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9005C809-497A-FD45-CB96-76A3338E35B9}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DB37D05-F855-5D7D-08C2-25E00E2CCDBC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{87250370-0A99-4ED9-DCE4-970DAC325FA5}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D84300A6-72F1-5771-B3B1-8FC71184AB38}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{1F815C78-D31E-53FD-C8BF-3215E4F022A3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{56D13277-FA9F-2842-682D-DD7298973585}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{79F58747-D616-4CDB-7D8B-4BC580D99153}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{8D0C7788-D519-7B65-36F6-D0D21296F173}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{02E80355-64BF-6C1E-B0B7-76857D62A86D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{930FD2C7-D026-197D-94E4-CB5917CE7420}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{086D11E3-9CA4-DBEF-2B48-5A2EFFD53145}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{77158555-E271-A561-ECDA-611639388B5C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{97673BD1-8CA0-53EF-C4E7-282CD8748F1C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D0C1EAB6-92F1-EE91-04C2-5947EE150593}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{57EAA61A-CD02-DF34-0839-2549F57A334C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{F1AD64B3-4114-8EF7-407C-F9F9122EDA68}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{AA477FD2-347B-1732-5D8C-AF35AF1B9703}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED28D75F-557C-39C9-5004-F8F17C8BC279}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{41268A73-D680-48C5-DE5E-CF67C05CBBBB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{BBFC5953-2CB9-5932-1D47-52E4AA99737B}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{01E7D692-D785-743F-5A55-F00162D26A1C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9655DE76-0987-9159-5A7E-FCE18409D004}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{5D8BA452-1264-7D13-E4EC-8236EC5B83FE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CD73EC8B-9F04-5EA1-8FD4-AEE4DAC51267}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{397C2EE5-B514-0CC5-53C3-2FBE46CE6EDF}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F49BA906-83DA-3F5A-5B24-03C8DE2A3936}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{45FA39D2-8AEB-AFF8-2FA6-96891732CB80}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{5A466CAA-F071-D9EF-A799-EF63552DBE70}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{D7DC4DDB-3E0D-6F79-4258-4A461654B689}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{ACDFF800-6015-BEEC-8A27-7B1A80915273}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A28B1FC5-3947-9D39-7FE5-A3CB18E16358}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
DCX Trader 1.8.15 (HKLM-x32\...\DCX_Deploy_0) (Version:  - )
Discord PTB (HKCU\...\DiscordPTB) (Version: 0.0.32 - Hammer & Chisel, Inc.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.1.21155 - Foxit Software Inc.)
Free Stopwatch (HKLM-x32\...\{A1FAC1AF-5615-47FE-B5C8-5E981EC8522B}_is1) (Version: 4.0.0.0 - Comfort Software Group)
FreeUndelete 2.1.36867.1 (HKLM-x32\...\{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}) (Version: 2.1.36867.1 - Recoveronix)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hotspot Shield 7.20.5 (HKLM-x32\...\{429c8d3a-6089-4020-a3be-bf075ed5d5aa}) (Version: 7.20.5.9941 - AnchorFree Inc.)
Hotspot Shield 7.20.5 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C267F9F8}) (Version: 7.20.5.9941 - AnchorFree Inc.) Hidden
Hotspot Shield 7.20.5 (HKLM-x32\...\HotspotShield) (Version: 7.20.5 - AnchorFree Inc.) Hidden
IDM Crack 6.28 build 9 (HKLM-x32\...\IDM Crack 6.28 build 9) (Version: build 14 - Crackingpatching.com Team)
InstaTrader (HKLM-x32\...\InstaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IP Camera Adapter (HKLM-x32\...\{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.8.1.0 - QFX Software Corporation)
K-Lite Codec Pack 11.4.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
KMPFaster (HKLM-x32\...\simplitec POWER SUITE_is1) (Version: 2.3.2.902 - simplitec GmbH)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo Solution Center (HKLM\...\{49277B39-D2E8-4342-9CE8-FC080C3FA344}) (Version: 2.8.007.00 - Lenovo Group Limited)
Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MetaTrader - EXNESS (HKLM-x32\...\MetaTrader - EXNESS) (Version: 6.00 - MetaQuotes Software Corp.)
Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCEL) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Firefox 47.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
Network Recording Player (HKLM-x32\...\{79417ECE-DA9D-49B3-B1C9-83AA3EAE6AE0}) (Version: 31.9.3.13 - Cisco WebEx LLC)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PS TO PC CONVERTER (HKLM-x32\...\{A483F88A-41E9-45B2-AAC9-A823DD9B4873}) (Version: 2007.01.01 - )
PX Profile Update (HKLM-x32\...\{954CFDDE-AF07-2AF9-9600-706E798D42BA}) (Version: 1.00.1. - AMD) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.1-r113066-release - Raptr, Inc)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version:  - )
Subtitle Edit 3.4.6 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.6.544 - Nikse)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Virtual DJ Home - Atomix Productions (HKLM-x32\...\Virtual DJ Home - Atomix Productions) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wise Data Recovery 3.82 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.82 - WiseCleaner.com, Inc.)
YTD Video Downloader 5.8.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.8.2 - GreenTree Applications SRL)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 3992.36 MB
Available physical RAM: 1864.79 MB
Total Virtual: 4888.36 MB
Available Virtual: 2746.96 MB

========================= Partitions: =====================================

1 Drive c: (SYSTEM) (Fixed) (Total:116.37 GB) (Free:54.12 GB) NTFS
2 Drive d: () (Fixed) (Total:348.57 GB) (Free:0.54 GB) NTFS

========================= Users: ========================================

User accounts for \\ADMIN

Administrator            DefaultAccount           Guest                   
Max                     


**** End of log ****

maxim123 · Aug 3, 2017

hijack this logfile:

Code:

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform:  x64 Windows 10 (Pro), 10.0.15063 (ReleaseId: 1703), Service Pack: 0
Time:      03.08.2017 - 12:17
Language:  OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated:  Yes
Ran by:    Max    (group: Administrator) on ADMIN

Chrome:  59.0.3071.115
Firefox: 47.0.1.6018
Edge:    11.0.15063.447
Internet Explorer: 11.0.15063.0

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
   1  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
   1  C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
   1  C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
   1  C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
   1  C:\Program Files\Elantech\ETDCtrl.exe
   1  C:\Program Files\Elantech\ETDCtrlHelper.exe
   1  C:\Program Files\Elantech\ETDIntelligent.exe
   1  C:\Program Files\Elantech\ETDService.exe
   1  C:\Program Files\Intel\iCLS Client\HeciServer.exe
   1  C:\Program Files\Windows Defender\MSASCuiL.exe
   1  C:\Program Files\Windows Defender\MsMpEng.exe
   1  C:\Program Files\Windows Defender\NisSrv.exe
   1  C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
   1  C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
   2  C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
   1  C:\Program Files\lenovo\iMController\Service\Lenovo.Modern.ImController.exe
   1  C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
   1  C:\Users\USER\Desktop\HiJackThis.exe
   1  C:\Users\USER\Desktop\MemCompression
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
   1  C:\Windows\SysWOW64\notepad.exe
   1  C:\Windows\System32\CxAudMsg64.exe
   1  C:\Windows\System32\InputMethod\CHS\ChsIME.exe
   1  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\Taskmgr.exe
   2  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\System32\atieclxx.exe
   1  C:\Windows\System32\atiesrxx.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dasHost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\msiexec.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  62  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\explorer.exe
   1  D:\Program Files (x86)\Internet Download Manager\IDMan.exe
   1  D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
   1  D:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
   1  D:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
   1  D:\Program Files (x86)\Mozilla Firefox\firefox.exe
   1  D:\Program Files\Sandboxie\SbieSvc.exe

R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - Google - http://www.google.com/search?q={searchTerms}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURL = http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURLFallback = http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: TopResultURL = http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - Google - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
O1 - Hosts: Reset contents to default
O1 - Hosts: 127.0.0.1 rosettastone.com
O1 - Hosts: 127.0.0.1 launch.rosettastone.com
O1 - Hosts: 127.0.0.1 amp.rosettastone.com
O1 - Hosts: 127.0.0.1 resources.rosettastone.com
O1 - Hosts: 127.0.0.1 updates.rosettastone.com0.0.0.0 anchorfree.net
O1 - Hosts: 0.0.0.0 www.mefeedia.com
O1 - Hosts: 0.0.0.0 www.mefeedia.com
O1 - Hosts: 0.0.0.0 delivery.anchorfree.us/land.php
O1 - Hosts: 0.0.0.0 www.mefeedia.com
O1 - Hosts: 0.0.0.0 www.mefeedia.com
O1 - Hosts: 0.0.0.0 delivery.anchorfree.us/land.php
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
O2 - BHO: PwdHelperExplorerMonitor - {A5426DC0-48FC-4BBD-A4DB-1E8641B3459C} - d:\Program Files (x86)\Anvisoft\Anvi Folder Locker\x64\PwdHelper64.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
O2-32 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - d:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2-32 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O2-32 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2-32 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
O4 - HKCU\..\StartupApproved\Run: [CCleaner Monitoring]  (2016/04/26)C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\StartupApproved\Run: [IDMan]  (2014/08/18)D:\Program Files (x86)\Internet Download Manager\IDMan.exe  /onboot
O4 - HKCU\..\StartupApproved\Run: [PeerBlock]  (2016/10/13)d:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\StartupApproved\Run: [SandboxieControl]  (2015/04/30)d:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKCU\..\StartupApproved\Run: [Skype]  (2014/08/18)C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [LenovoUtility] C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\StartupApproved\Run32: [AdobeCS6ServiceManager]  (2014/08/18)C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin
O4 - HKLM\..\StartupApproved\Run32: [BCSSync]  (2017/02/18)D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices
O4 - HKLM\..\StartupApproved\Run32: [PowerDVD14Agent]  (2015/06/28)C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
O4 - HKLM\..\StartupApproved\Run32: [Raptr]  (2017/02/18)C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe --startup
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched]  (2014/08/18)C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\StartupApproved\Run32: [SwitchBoard]  (2014/08/18)C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\StartupApproved\Run32: [USB Security]  (2015/03/09)C:\Users\USER\AppData\Roaming\Zbshareware Lab\USBGuard.exe
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0]  (2014/08/18)C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\StartupApproved\Run: [ForteConfig]  (2017/02/18)C:\Program Files\Conexant\ForteConfig\fmapp.exe
O4 - HKLM\..\StartupApproved\Run: [IgfxTray]  (2014/08/18)C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\StartupApproved\Run: [Lenovo Utility]  (2016/04/25)C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth]  (1601/01/01)C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKLM\..\StartupApproved\Run: [SmartAudio]  (2015/05/17)C:\Program Files\CONEXANT\SAII\SACpl.exe /t
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe  /thfirstsetup
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe  /thfirstsetup
O4-32 - HKLM\..\Run: [KeyScrambler] d:\Program Files (x86)\KeyScrambler\keyscrambler.exe  /a
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr (file missing)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O8 - Extra context menu item: Download all links with IDM - D:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
O8 - Extra context menu item: Se&nd to OneNote - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (HKLM)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (HKLM)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (HKLM)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (HKLM)
O16-32 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - DHCP DNS - 1: 192.168.1.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Protocol: WSISAllmytubechrome - {4724F5AF-4E6D-41CA- - (no file)
O20 - AppInit_DLLs: C:\Windows\system32\nvinitx.dll
O22 - Task (Disabled): \Microsoft\Windows\Subscription\LicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe
O22 - Task (Disabled): \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - C:\WINDOWS\system32\usoclient.exe ScanInstallWait
O22 - Task (Disabled): \OfficeSoftwareProtectionPlatform\SvcRestartTask - C:\WINDOWS\system32\sc.exe start osppsvc
O22 - Task (Disabled): shutdown - C:\Windows\System32\shutdown.exe /h
O22 - Task (Ready): Adobe Flash Player PPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe -check pepperplugin
O22 - Task (Ready): Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task (Ready): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (Ready): OneDrive Standalone Update Task-S-1-5-21-900945925-988278395-3478122750-1001 - C:\Users\USER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
O22 - Task (Ready): StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay
O22 - Task (Ready): \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance - C:\WINDOWS\system32\sc.exe START ImControllerService
O22 - Task (Ready): \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask - C:\WINDOWS\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
O22 - Task (Ready): \Lenovo\ImController\TimeBasedEvents\1fab31b4-f13e-45d1-a093-e2843a4a2cc5 - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 1fab31b4-f13e-45d1-a093-e2843a4a2cc5
O22 - Task (Ready): \Lenovo\ImController\TimeBasedEvents\5d272505-f594-48c0-a473-aef997c09382 - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 5d272505-f594-48c0-a473-aef997c09382
O22 - Task (Ready): \Lenovo\ImController\TimeBasedEvents\a64f1ced-f198-47f2-8caa-321acb18e1d6 - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger a64f1ced-f198-47f2-8caa-321acb18e1d6
O22 - Task (Ready): \Lenovo\ImController\TimeBasedEvents\c585190e-226d-4d00-b112-e024dec1ed37 - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger c585190e-226d-4d00-b112-e024dec1ed37
O22 - Task (Ready): \Lenovo\LSC\LSCHardwareScan - C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe -diag HWScan
O22 - Task (Ready): \Lenovo\LSC\Lenovo Solution Center Notifications - C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe /show
O22 - Task (Ready): \Lenovo\Lenovo Customer Feedback Program 64 35 - C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
O22 - Task (Ready): \Lenovo\Lenovo Solution Center Launcher - C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe Actions UpdateStatus
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\compattelrunner.exe
O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\WINDOWS\system32\compattelrunner.exe -maintenance
O22 - Task (Ready): \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file)
O22 - Task (Ready): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP App Launch Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},AppLaunch - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Auth Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},ReAuth - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},MissingCredentials - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\StorageCardEncryption Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},SDCardEncryptionPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Cellular - C:\WINDOWS\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Logon - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source LogonIdleTask
O22 - Task (Ready): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Arg4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll
O22 - Task (Ready): \Microsoft\Windows\PLA\LSC Memory - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
O22 - Task (Ready): \Microsoft\Windows\Subscription\EnableLicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe -e
O22 - Task (Ready): \Microsoft\Windows\UNP\RunCampaignManager - C:\WINDOWS\System32\UNP\UNPCampaignManager.exe
O22 - Task (Ready): \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
O22 - Task (Ready): \Microsoft\Windows\WwanSvc\NotificationTask - C:\WINDOWS\System32\WiFiTask.exe wwan
O22 - Task (Ready): \WiseCleaner\WDRSkipUAC - d:\Program Files (x86)\Wise\Wise Data Recovery\WiseDataRecovery.exe $UAC
O22 - Task (Ready): {1E6113B1-6320-42D6-98F3-9B2BBA5E0C28} - d:\program files (x86)\mozilla firefox\firefox.exe http://ui.skype.com/ui/0/7.4.0.102/en/go/help.faq.installer?LastError=1638
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service R2: Conexant Audio Message Service - (CxAudMsg) - C:\WINDOWS\system32\CxAudMsg64.exe
O23 - Service R2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service R2: Hotspot Shield Service - (hshld) - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
O23 - Service R2: Intel(R) Capability Licensing Service Interface - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: Sandboxie Service - (SbieSvc) - d:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service R2: System Interface Foundation Service - (ImControllerService) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service R2: Windows Defender Antivirus Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe
O23 - Service R3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S2: Conexant SmartAudio service - (SAService) - C:\WINDOWS\SysWow64\SAsrv.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: FLEXnet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: LSCWinService - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: SwitchBoard - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - Time spent: 33 sec. - 40648 bytes, CRC32: FFFFFFFF. Sign: ⲛ넛

Malnutrition · Aug 3, 2017

Uninstall the programs below with Geek Uninstaller.

µTorrent (HKCU\...\uTorrent) (Version: 3.5.0.43900 - BitTorrent Inc.)
Hotspot Shield 7.20.5 (HKLM-x32\...\{429c8d3a-6089-4020-a3be-bf075ed5d5aa}) (Version: 7.20.5.9941 - AnchorFree Inc.)
IDM Crack 6.28 build 9 (HKLM-x32\...\IDM Crack 6.28 build 9) (Version: build 14 - Crackingpatching.com Team)
KMPFaster (HKLM-x32\...\simplitec POWER SUITE_is1) (Version: 2.3.2.902 - simplitec GmbH)
Lenovo Solution Center (HKLM\...\{49277B39-D2E8-4342-9CE8-FC080C3FA344}) (Version: 2.8.007.00 - Lenovo Group Limited)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
YTD Video Downloader 5.8.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.8.2 - GreenTree Applications SRL)

Reset Host File

Click here to download RstHosts v2.0
Save the file to your desktop.
Right Click and Run as Administrator.
Click on Restaurer, then click OK at the prompt.
This will restore the default host file.
Next Click on Creer Un Rapport.
This will open a logfile, post that in your next reply.

Update your old programs with Patch MY PC @gus has written a nice guide to show how the program works.

Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.

O4 - HKCU\..\StartupApproved\Run: [CCleaner Monitoring] (2016/04/26)C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\StartupApproved\Run: [IDMan] (2014/08/18)D:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\StartupApproved\Run: [PeerBlock] (2016/10/13)d:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\StartupApproved\Run: [Skype] (2014/08/18)C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [LenovoUtility] C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
O4 - HKLM\..\StartupApproved\Run32: [AdobeCS6ServiceManager] (2014/08/18)C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin
O4 - HKLM\..\StartupApproved\Run32: [BCSSync] (2017/02/18)D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices
O4 - HKLM\..\StartupApproved\Run32: [PowerDVD14Agent] (2015/06/28)C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
O4 - HKLM\..\StartupApproved\Run32: [Raptr] (2017/02/18)C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe --startup
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] (2014/08/18)C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\StartupApproved\Run32: [SwitchBoard] (2014/08/18)C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\StartupApproved\Run: [ForteConfig] (2017/02/18)C:\Program Files\Conexant\ForteConfig\fmapp.exe
O4 - HKLM\..\StartupApproved\Run: [IgfxTray] (2014/08/18)C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\StartupApproved\Run: [Lenovo Utility] (2016/04/25)C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O18 - Protocol: WSISAllmytubechrome - {4724F5AF-4E6D-41CA- - (no file)
O22 - Task (Ready): Adobe Flash Player PPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe -check pepperplugin
O22 - Task (Ready): Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (Ready): OneDrive Standalone Update Task-S-1-5-21-900945925-988278395-3478122750-1001 - C:\Users\USER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
O22 - Task (Ready): StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay
O22 - Task (Ready): \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance - C:\WINDOWS\system32\sc.exe START ImControllerService
O22 - Task (Ready): \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask - C:\WINDOWS\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
O22 - Task (Ready): \Lenovo\ImController\TimeBasedEvents\1fab31b4-f13e-45d1-a093-e2843a4a2cc5 - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 1fab31b4-f13e-45d1-a093-e2843a4a2cc5
O22 - Task (Ready): \Lenovo\ImController\TimeBasedEvents\5d272505-f594-48c0-a473-aef997c09382 - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 5d272505-f594-48c0-a473-aef997c09382
O22 - Task (Ready): \Lenovo\ImController\TimeBasedEvents\a64f1ced-f198-47f2-8caa-321acb18e1d6 - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger a64f1ced-f198-47f2-8caa-321acb18e1d6
O22 - Task (Ready): \Lenovo\ImController\TimeBasedEvents\c585190e-226d-4d00-b112-e024dec1ed37 - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger c585190e-226d-4d00-b112-e024dec1ed37
O22 - Task (Ready): \Lenovo\LSC\LSCHardwareScan - C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe -diag HWScan
O22 - Task (Ready): \Lenovo\LSC\Lenovo Solution Center Notifications - C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe /show
O22 - Task (Ready): \Lenovo\Lenovo Customer Feedback Program 64 35 - C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
O22 - Task (Ready): \Lenovo\Lenovo Solution Center Launcher - C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe Actions UpdateStatus
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\compattelrunner.exe
O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\WINDOWS\system32\compattelrunner.exe -maintenance
O22 - Task (Ready): \WiseCleaner\WDRSkipUAC - d:\Program Files (x86)\Wise\Wise Data Recovery\WiseDataRecovery.exe $UAC
O22 - Task (Ready): {1E6113B1-6320-42D6-98F3-9B2BBA5E0C28} - d:\program files (x86)\mozilla firefox\firefox.exe http://ui.skype.com/ui/0/7.4.0.102/en/go/help.faq.installer?LastError=1638
O23 - Service R2: Hotspot Shield Service - (hshld) - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe

Now click on fix checked.
After the fix is complete, then reboot your machine.

Create and run batch file.

Open a notepad and copy the entire content of the code box below.
Paste the txt into the notepad. Save the file to your desktop as InternetFlush.bat
Now you will right click the on InternetFlush.bat and run as administrator.
Note: If you are using a third party firewall -- you will want to leave out the top two lines of the script.
At the end of the batch file there will be a prompt to
Warning: This batch file will reboot your machine when complete! Save all work prior to running!!

Code:

netsh advfirewall reset
netsh advfirewall set allprofiles state ON
ipconfig /flushdns
netsh winsock reset catalog
netsh int ip reset c:\resetlog.txt
ipconfig /release
ipconfig /renew
netsh int ipv4 reset
netsh int ipv6 reset
bitsadmin /reset /allusers
reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
netsh interface ipv6 6to4 set state state=disabled undoonstop=disabled
netsh interface ipv6 isatap set state state=disabled
netsh interface teredo set state disabled
netsh interface tcp set global autotuning=disabled
reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 0xFFFFFFFF
for /F "tokens=*" %%a in ('wevtutil.exe el') DO wevtutil.exe cl "%%a"
shutdown -r

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

After Adware Cleaner reboot the machine, please tell me what issues remain,.

Malnutrition · Aug 3, 2017

Once you have completed the above instructions, I highly suggest that you run a checkdisk on your machine. There are some errors that indicate that you need to do so ASAP.

HTML:

Error: (08/03/2017 12:10:09 PM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

You may want to run this overnight, as it may take a long time to run. If checkdisk seems to stall, just allow it to run. This scan may take several hours. Prior to running the check disk, please let me know how things are with your machine.

Run chkdsk /f /r from elevated command prompt.

maxim123 · Aug 3, 2017

reset host logfile:

Code:

-|x| RstHosts v2.0 - Rapport créé le 03/08/2017 à 15:24:42
-|x| Système d'exploitation : Windows 10 Pro  (64 bits)
-|x| Nom d'utilisateur : Max - ADMIN (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\WINDOWS\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 26/03/2015 - 08:15:53
Date de modification : 03/08/2017 - 15:24:30
Date de dernier accès : 03/08/2017 - 15:24:30

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1       localhost
::1             localhost

-|x|- E.O.F - C:\RstHosts.txt - 597 bytes -|x|-

maxim123 · Aug 3, 2017

adwcleaner report

Code:

# AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 03 11:58:50 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-02-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
PUP.Optional.Legacy, C:\ProgramData\ytd video downloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\ytd video downloader
PUP.Optional.Legacy, C:\Users\All Users\ytd video downloader


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\All Users\Desktop\YTD Video Downloader.lnk
PUP.Optional.Legacy, C:\Users\Public\Desktop\YTD Video Downloader.lnk


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, WiseCleaner


***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [5637 B] - [2017/2/18 15:57:30]
C:/AdwCleaner/AdwCleaner[S0].txt - [5054 B] - [2017/2/18 10:49:52]
C:/AdwCleaner/AdwCleaner[S1].txt - [5126 B] - [2017/2/18 15:39:49]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

maxim123 · Aug 3, 2017

Hi, everything works fine right now, except being able to log into the admin panel of the router. yesterday, before I created the thread, I had tried some winsock command advice given in the internet. and it gave:
the following helper dll cannot be loaded: peerdistsh.dll

Malnutrition · Aug 3, 2017

How are you trying to log into the router?
Are you pasting 192.168.1.1 into your browser and hitting enter?
Or 192.168.1.6 and hitting enter?
Have you tried all of your browsers to log into the router?
Can you please post a new Minitoolbox log; so that I can see what is going on now that some things have been taken care of please.

maxim123 · Aug 4, 2017

Malnutrition said:
How are you trying to log into the router?
Are you pasting 192.168.1.1 into your browser and hitting enter?
Or 192.168.1.6 and hitting enter?
Have you tried all of your browsers to log into the router?
Can you please post a new Minitoolbox log; so that I can see what is going on now that some things have been taken care of please.

Hi, I was out for the day and just returned.
I have tried both of the above router login link and even looked into 192.168.0.1 (or something like that) but none of them loads. I have tried all three browser (IE, GC, FF) but it is the same in all of them.
Here is the minitoolbox log:

Code:

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Max (administrator) on 04-08-2017 at 21:33:44
Running from "C:\Users\USER\Desktop"
Microsoft Windows 10 Pro  (X64)
Model: 20369 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet 2 (Connected)
Anchorfree HSS VPN Adapter = Ethernet 4 (Media disconnected)
Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : ADMIN
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 76-29-AF-2C-90-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 68-F7-28-50-6E-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, August 3, 2017 6:03:51 PM
   Lease Expires . . . . . . . . . . : Monday, August 7, 2017 9:27:03 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-C9-62-3B-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 74-29-AF-2C-90-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2404:6800:4003:c02::66
      74.125.200.101
      74.125.200.138
      74.125.200.113
      74.125.200.100
      74.125.200.139
      74.125.200.102


Pinging google.com [74.125.200.100] with 32 bytes of data:
Reply from 74.125.200.100: bytes=32 time=144ms TTL=45
Reply from 74.125.200.100: bytes=32 time=144ms TTL=45

Ping statistics for 74.125.200.100:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 144ms, Maximum = 144ms, Average = 144ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      2001:4998:44:204::a7
      98.139.180.149
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=375ms TTL=48
Reply from 98.138.253.109: bytes=32 time=376ms TTL=48

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 375ms, Maximum = 376ms, Average = 375ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...76 29 af 2c 90 55 ......Microsoft Wi-Fi Direct Virtual Adapter
  7...68 f7 28 50 6e 46 ......Realtek PCIe GBE Family Controller
 14...00 ff c9 62 3b 62 ......Anchorfree HSS VPN Adapter
  5...74 29 af 2c 90 55 ......Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.5     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link       192.168.1.5    291
      192.168.1.5  255.255.255.255         On-link       192.168.1.5    291
    192.168.1.255  255.255.255.255         On-link       192.168.1.5    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       192.168.1.5    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       192.168.1.5    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  1    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/04/2017 08:25:03 PM) (Source: ESENT) (User: )
Description: qmgr.dll (3456) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090).



Internal Timing Sequence:
[1] 0.000007 +J(0)
[2] 0.000028 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000003 +J(0)
[4] 0.000005 +J(0)
[5] 0.0 +J(0)
[6] 0.000073 +J(0) +M(C:0K, Fs:2, WS:-72K # 0K, PF:-80K # 0K, P:-80K)
[7] -
[8] 0.000007 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[9] 0.005162 +J(0) +M(C:0K, Fs:4, WS:-32K # 0K, PF:-40K # 0K, P:-40K)
[10] -
[11] 0.000303 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[12] -
[13] 0.000054 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.000795 +J(0) +M(C:0K, Fs:0, WS:-12K # 0K, PF:-12K # 0K, P:-12K)
[15] 0.000031 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K)
[16] 0.000006 +J(0).

Error: (08/04/2017 08:25:03 PM) (Source: ESENT) (User: )
Description: qmgr.dll (3456) QmgrDatabaseInstance: Unable to rollback operation #-75 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected.

Error: (08/04/2017 08:25:03 PM) (Source: ESENT) (User: )
Description: qmgr.dll (3456) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.

Error: (08/04/2017 08:25:03 PM) (Source: ESENT) (User: )
Description: qmgr.dll (3456) QmgrDatabaseInstance: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (08/04/2017 08:25:03 PM) (Source: ESENT) (User: )
Description: qmgr.dll (3456) QmgrDatabaseInstance: An attempt to create the file "C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log" failed with system error 80 (0x00000050): "The file exists. ".  The create file operation will fail with error -1814 (0xfffff8ea).


System errors:
=============
Error: (08/04/2017 09:27:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/04/2017 11:08:27 AM) (Source: Service Control Manager) (User: )
Description: The Delivery Optimization service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/04/2017 10:53:50 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/03/2017 09:09:24 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/03/2017 06:23:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/03/2017 06:07:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (08/03/2017 06:04:27 PM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x1f000000047757.  The name of the file is "\Windows\System32\linkinfo.dll".

Error: (08/03/2017 06:03:53 PM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error:
%%126 = The specified module could not be found.


Error: (08/03/2017 06:03:53 PM) (Source: Service Control Manager) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
%%126 = The specified module could not be found.


Error: (08/03/2017 06:03:53 PM) (Source: Service Control Manager) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error:
%%126 = The specified module could not be found.



Microsoft Office Sessions:
=========================
Error: (08/04/2017 08:25:03 PM) (Source: ESENT)(User: )
Description: qmgr.dll3456QmgrDatabaseInstance: 0-1090
[1] 0.000007 +J(0)
[2] 0.000028 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000003 +J(0)
[4] 0.000005 +J(0)
[5] 0.0 +J(0)
[6] 0.000073 +J(0) +M(C:0K, Fs:2, WS:-72K # 0K, PF:-80K # 0K, P:-80K)
[7] -
[8] 0.000007 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[9] 0.005162 +J(0) +M(C:0K, Fs:4, WS:-32K # 0K, PF:-40K # 0K, P:-40K)
[10] -
[11] 0.000303 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[12] -
[13] 0.000054 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.000795 +J(0) +M(C:0K, Fs:0, WS:-12K # 0K, PF:-12K # 0K, P:-12K)
[15] 0.000031 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K)
[16] 0.000006 +J(0).

Error: (08/04/2017 08:25:03 PM) (Source: ESENT)(User: )
Description: qmgr.dll3456QmgrDatabaseInstance: -75C:\ProgramData\Microsoft\Network\Downloader\qmgr.db-510

Error: (08/04/2017 08:25:03 PM) (Source: ESENT)(User: )
Description: qmgr.dll3456QmgrDatabaseInstance: C:\ProgramData\Microsoft\Network\Downloader\

Error: (08/04/2017 08:25:03 PM) (Source: ESENT)(User: )
Description: qmgr.dll3456QmgrDatabaseInstance: -1032

Error: (08/04/2017 08:25:03 PM) (Source: ESENT)(User: )
Description: qmgr.dll3456QmgrDatabaseInstance: C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log-1814 (0xfffff8ea)80 (0x00000050)The file exists.


CodeIntegrity Errors:
===================================
  Date: 2017-08-04 16:57:44.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-04 16:57:43.803
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
calibre (HKLM-x32\...\{A253C2A7-FD66-43AA-9EA7-D30E5041F391}) (Version: 3.5.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM\...\{15EEB07A-3FB9-FA4C-8EFF-697728CB1E5C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{D6823E97-B396-927D-D651-AFB82BE03523}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A63E3031-0522-18C6-F18F-7EE80973315F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{A2966D0F-43BB-116D-C9C7-49612FBFD0AE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{4C608ED2-535B-2119-3661-9E6F7DDB600F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{BF26ACAF-6D09-023B-5FB7-8A848874A724}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9005C809-497A-FD45-CB96-76A3338E35B9}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DB37D05-F855-5D7D-08C2-25E00E2CCDBC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{87250370-0A99-4ED9-DCE4-970DAC325FA5}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D84300A6-72F1-5771-B3B1-8FC71184AB38}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{1F815C78-D31E-53FD-C8BF-3215E4F022A3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{56D13277-FA9F-2842-682D-DD7298973585}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{79F58747-D616-4CDB-7D8B-4BC580D99153}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{8D0C7788-D519-7B65-36F6-D0D21296F173}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{02E80355-64BF-6C1E-B0B7-76857D62A86D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{930FD2C7-D026-197D-94E4-CB5917CE7420}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{086D11E3-9CA4-DBEF-2B48-5A2EFFD53145}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{77158555-E271-A561-ECDA-611639388B5C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{97673BD1-8CA0-53EF-C4E7-282CD8748F1C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D0C1EAB6-92F1-EE91-04C2-5947EE150593}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{57EAA61A-CD02-DF34-0839-2549F57A334C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{F1AD64B3-4114-8EF7-407C-F9F9122EDA68}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{AA477FD2-347B-1732-5D8C-AF35AF1B9703}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED28D75F-557C-39C9-5004-F8F17C8BC279}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{41268A73-D680-48C5-DE5E-CF67C05CBBBB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{BBFC5953-2CB9-5932-1D47-52E4AA99737B}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{01E7D692-D785-743F-5A55-F00162D26A1C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9655DE76-0987-9159-5A7E-FCE18409D004}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{5D8BA452-1264-7D13-E4EC-8236EC5B83FE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CD73EC8B-9F04-5EA1-8FD4-AEE4DAC51267}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{397C2EE5-B514-0CC5-53C3-2FBE46CE6EDF}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F49BA906-83DA-3F5A-5B24-03C8DE2A3936}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{45FA39D2-8AEB-AFF8-2FA6-96891732CB80}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{5A466CAA-F071-D9EF-A799-EF63552DBE70}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{D7DC4DDB-3E0D-6F79-4258-4A461654B689}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{ACDFF800-6015-BEEC-8A27-7B1A80915273}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A28B1FC5-3947-9D39-7FE5-A3CB18E16358}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
DCX Trader 1.8.15 (HKLM-x32\...\DCX_Deploy_0) (Version:  - )
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.1.21155 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
InstaTrader (HKLM-x32\...\InstaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IP Camera Adapter (HKLM-x32\...\{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.8.1.0 - QFX Software Corporation)
K-Lite Codec Pack 11.4.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MetaTrader - EXNESS (HKLM-x32\...\MetaTrader - EXNESS) (Version: 6.00 - MetaQuotes Software Corp.)
Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCEL) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Firefox 47.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
Network Recording Player (HKLM-x32\...\{79417ECE-DA9D-49B3-B1C9-83AA3EAE6AE0}) (Version: 31.9.3.13 - Cisco WebEx LLC)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PX Profile Update (HKLM-x32\...\{954CFDDE-AF07-2AF9-9600-706E798D42BA}) (Version: 1.00.1. - AMD) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.1-r113066-release - Raptr, Inc)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version:  - )
Subtitle Edit 3.4.6 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.6.544 - Nikse)
Subtitle Edit 3.5.3 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.3.0 - Nikse)
USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Virtual DJ Home - Atomix Productions (HKLM-x32\...\Virtual DJ Home - Atomix Productions) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Data Recovery 3.82 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.82 - WiseCleaner.com, Inc.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 3992.36 MB
Available physical RAM: 1687.54 MB
Total Virtual: 4888.36 MB
Available Virtual: 2039.4 MB

========================= Partitions: =====================================

1 Drive c: (SYSTEM) (Fixed) (Total:116.37 GB) (Free:54.32 GB) NTFS
2 Drive d: () (Fixed) (Total:348.57 GB) (Free:2.07 GB) NTFS

========================= Users: ========================================

User accounts for \\ADMIN

Administrator            DefaultAccount           Guest                
Max                  


**** End of log ****

I haven't run checkdisk yet, since you told me to first inform you before doing that. Also, while running checkdisk, can I use the browser or should I close all the programs to let it run?

Malnutrition · Aug 7, 2017

Windows Repair.

Install (use the direct download) the Tweaking.com - Windows all in one repair tool. Then boot Windows into Safe Mode, (Make Certain To Run This Program As Administrator) then run through the Prescan on step 2 tab. Then skip to step 5 and create a system restore point. Then go to the repair tab...

Notice create a registry backup is ticked by default, so no need to do so in step 5...

Now run the program, with the boxes ticked in the picture below.

Click Image Below For Better Resolution.

May want to save picture or write down what boxes need ticked, since you will run this in Safe Mode.

Important: Make certain to reboot twice after running this tool!!

maxim123 · Aug 7, 2017

Hi, here are the logs:
while repairing I got this error many time:
fsutil.exe - system error
the code execution cannot proceed becausethe ktmw32.dll was not found.

Malnutrition · Aug 7, 2017

Please read these instructions. Create FRST and Addition.txt logs, and post them in a new malware thread. We will come back to this thread once your machine is cleared for malware.
[Prework] Please Read Before Posting

Create a new thread here.

maxim123 · Aug 8, 2017

Hi, mod @Malnutrition suggested me to check for the malware problems before solving the other issue: https://pchelpforum.net/t/cant-connect-to-router-admin-panel.18895

Frst.txt

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2017
Ran by Max (administrator) on ADMIN (08-08-2017 09:24:23)
Running from C:\Users\USER\Desktop
Loaded Profiles: Max (Available Profiles: Max)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) D:\Program Files\Sandboxie\SbieSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\Service\Lenovo.Modern.ImController.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Tonec Inc.) D:\Program Files (x86)\Internet Download Manager\IDMan.exe
(QFX Software Corporation) D:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) D:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Tonec Inc.) D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() D:\Program Files (x86)\Calibre2\ebook-viewer.exe
(AppWork GmbH) D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\JDownloader2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Lenovo Group Limited) C:\Program Files\lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (MicrosoftCorporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (ConexantSystems,Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (ConexantSystems,Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (AdobeSystemsIncorporated)
HKLM-x32\...\Run: [KeyScrambler] => d:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-08-14] (QFXSoftwareCorporation)
HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\Run: [SandboxieControl] => d:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-06-06] (SandboxieHoldings,LLC)
HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\Run: [IDMan] => D:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2017-06-24] (TonecInc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{01068155-a52c-4740-b306-07578124303c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{29e036c1-4265-4952-8012-f43a55ab4933}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3ee4e1e4-47d5-4352-aec3-6f70569b12df}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F6C362E6-31CF-4394-9851-E5D33DF654FC}: [DhcpNameServer] 192.168.30.1

Internet Explorer:
==================
HKU\S-1-5-21-900945925-988278395-3478122750-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-900945925-988278395-3478122750-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-06-23] (InternetDownloadManager,TonecInc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (MicrosoftCorporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> d:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-06-23] (InternetDownloadManager,TonecInc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-03] (OracleCorporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (MicrosoftCorporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-03] (OracleCorporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default [2017-08-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\z94n8t79.default -> Coolrom Search Engine
FF Homepage: Mozilla\Firefox\Profiles\z94n8t79.default -> about:home
FF Extension: (Activate Reader View) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions\@activatereaderview.xpi [2017-06-24]
FF Extension: (ADB Helper) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions\adbhelper@mozilla.org [2017-08-03]
FF Extension: (Perapera Chinese) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions\chineseperakun@gmail.com [2017-03-10]
FF Extension: (IDM integration) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions\mozilla_cc2@internetdownloadmanager.com [2017-05-18]
FF Extension: (Coolrom Search Engine) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions\{0fc22c4c-93ed-48ea-ad12-dc8039cf3795}.xpi [2016-09-11]
FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF SearchPlugin: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\z94n8t79.default\searchplugins\youtube-video-search.xml [2016-09-17]
FF HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-06-23]
FF HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5 [2017-06-26] [not signed]
FF HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @webex.com/npatgpc -> D:\ProgramData\WebEx\npatgpc.dll [2016-12-21] (Cisco WebEx LLC)
StartMenuInternet: FIREFOX.EXE - d:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2017-08-07]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (ChromeVox) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgejglhpjiefppelpmljglcjbhoiplfn [2017-05-03]
CHR Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2017-07-27]
CHR Extension: (Timer Loop) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdkfiefeoimmobmhdimachkfcpkgahlc [2017-05-09]
CHR Extension: (TTSReader - Unlimited Text-To-Speech) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\melfcogdhodeocnkdiplgdpkllopbhan [2017-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-02]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-03]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-04]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-06-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DsRoleSvc; C:\WINDOWS\system32\dsrolesrv.dll [288768 2017-06-05] (MicrosoftCorporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-24] (ELANMicroelectronicsCorp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373688 2017-06-12] (IntelCorporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (LenovoGroupLimited)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R)Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R)Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (IntelCorporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 SbieSvc; d:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-06-06] (SandboxieHoldings,LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (MicrosoftCorporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (AdobeSystemsIncorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (MicrosoftCorporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (MicrosoftCorporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmdag.sys [36558232 2017-05-04] (AdvancedMicroDevices,Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmpag.sys [528792 2017-05-04] (AdvancedMicroDevices,Inc.)
R2 AnviFPFltd; C:\WINDOWS\System32\DRIVERS\AnviFPFltd.sys [28568 2015-02-09] (AnviSoft.com)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (SamsungElectronicsCo.,Ltd.)
R3 ETD; C:\WINDOWS\system32\DRIVERS\ETD.sys [467032 2015-08-24] (ELANMicroelectronicsCorp.)
S3 fcdabus; C:\WINDOWS\System32\drivers\fcdabus.sys [24592 2008-10-29] (FarStoneInc.)
U5 FVXSCSI; C:\Windows\System32\Drivers\FVXSCSI.sys [118360 2009-12-23] (FarStoneInc.)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [224208 2015-06-03] (QFXSoftwareCorporation)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-01] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (IntelCorporation)
R1 MpKsld2a8e214; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{83FBC68C-5D13-4B04-8376-05C6EADE185E}\MpKsld2a8e214.sys [44928 2017-08-07] (MicrosoftCorporation)
S3 pbfilter; D:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-08-09] (Realtek)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [615728 2015-06-04] (RealtekSemiconductorCorporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-08-10] (RealsilSemiconductorCorporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-08-10] (RealtekSemiconductorCorp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-19] (RealtekSemiconductorCorporation)
R3 SbieDrv; d:\Program Files\Sandboxie\SbieDrv.sys [207496 2017-06-06] (SandboxieHoldings,LLC)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (SamsungElectronicsCo.,Ltd.)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-02-09] (AnchorfreeInc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (OracleCorporation)
S0 vsmraid; C:\WINDOWS\System32\drivers\vsmraid.sys [166816 2017-03-19] (VIATechnologiesInc.,Ltd)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (MicrosoftCorporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (MicrosoftCorporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (MicrosoftCorporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-17] (CyberLinkCorp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-08 09:24 - 2017-08-08 09:25 - 000019219 _____ C:\Users\USER\Desktop\FRST.txt
2017-08-08 09:24 - 2017-08-08 09:24 - 000000000 ____D C:\FRST
2017-08-08 09:23 - 2017-08-08 09:23 - 002381312 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2017-08-07 12:41 - 2017-08-07 12:41 - 000024338 _____ C:\Users\USER\Desktop\Tweaking.com - Windows Repair 2018 - Pre-Scan.txt
2017-08-07 12:22 - 2017-08-07 12:22 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-07 12:21 - 2017-08-07 12:29 - 000168798 _____ C:\WINDOWS\ntbtlog.txt
2017-08-07 12:17 - 2017-08-07 12:22 - 000002238 _____ C:\Users\USER\Desktop\Tweaking.com - Windows Repair.lnk
2017-08-07 12:15 - 2017-08-07 12:15 - 000003758 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-08-07 12:15 - 2017-08-07 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-08-07 12:14 - 2017-08-07 12:17 - 000194312 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-08-07 12:14 - 2017-08-07 12:14 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-08-04 21:33 - 2017-08-04 21:34 - 000033827 _____ C:\Users\USER\Desktop\MTB.txt
2017-08-03 17:23 - 2017-08-03 17:23 - 000000000 ____D C:\Users\USER\Desktop\backups
2017-08-03 17:00 - 2017-08-03 17:00 - 000000780 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2017-08-03 16:52 - 2017-08-03 16:52 - 000000000 ____D C:\Program Files\WinRAR
2017-08-03 16:51 - 2017-08-03 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit
2017-08-03 16:51 - 2017-08-03 16:51 - 000000000 ____D C:\Program Files\Subtitle Edit
2017-08-03 16:48 - 2017-08-03 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2017-08-03 16:48 - 2017-08-03 16:48 - 000000000 ____D C:\Program Files\AutoHotkey
2017-08-03 16:42 - 2017-08-03 16:42 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-03 16:42 - 2017-08-03 16:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-03 16:42 - 2017-08-03 16:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-03 15:38 - 2017-08-03 15:38 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-08-03 15:38 - 2017-08-03 15:38 - 000000000 ____D C:\Users\USER\AppData\Roaming\Sun
2017-08-03 15:38 - 2017-08-03 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-03 15:37 - 2017-08-03 15:37 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-03 15:29 - 2017-08-03 15:29 - 000000000 ____D C:\ProgramData\Sun
2017-08-03 15:27 - 2017-08-03 17:00 - 000000000 ____D C:\PatchMyPCUpdates
2017-08-03 15:24 - 2017-08-03 15:24 - 000000648 _____ C:\RstHosts.txt
2017-08-03 15:23 - 2017-08-03 15:23 - 000353632 _____ C:\Users\USER\Desktop\rsthosts_2.0.exe
2017-08-03 15:11 - 2017-08-03 15:11 - 000000000 ____D C:\Users\USER\AppData\Roaming\MAGIX
2017-08-03 15:11 - 2017-08-03 15:11 - 000000000 ____D C:\ProgramData\MAGIX
2017-08-03 15:03 - 2017-08-03 15:14 - 000000000 ____D C:\Users\USER\AppData\Roaming\Geek Uninstaller
2017-08-03 12:04 - 2017-08-03 12:04 - 000000000 ____D C:\Users\USER\Desktop\SupRestric
2017-08-03 12:03 - 2017-08-03 12:03 - 000633386 _____ C:\Users\USER\Desktop\SupRestric.zip
2017-07-30 08:31 - 2017-07-30 08:31 - 000554556 _____ C:\WINDOWS\Minidump\073017-23703-01.dmp
2017-07-29 19:57 - 2017-07-29 19:57 - 000000000 ____D C:\Users\USER\AppData\Roaming\Foxit AgentInformation
2017-07-29 19:57 - 2017-07-29 19:57 - 000000000 ____D C:\Users\Public\Foxit Software
2017-07-29 16:51 - 2017-07-29 16:51 - 000001141 _____ C:\Users\USER\Desktop\JDownloader 2.lnk
2017-07-29 16:51 - 2017-07-29 16:51 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2017-07-29 16:34 - 2017-07-29 16:34 - 000248946 _____ C:\Users\USER\Desktop\Install JDownloader.rar
2017-07-25 10:25 - 2017-07-25 10:25 - 000000000 ____D C:\Users\USER\Documents\Audacity
2017-07-18 10:23 - 2017-03-17 22:00 - 002963968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0804.dll
2017-07-18 10:23 - 2017-03-17 22:00 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0804.dll
2017-07-18 10:23 - 2017-03-17 21:54 - 000708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70804.dll
2017-07-18 10:23 - 2017-03-17 21:52 - 003423744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0804.dll
2017-07-18 10:23 - 2017-03-17 21:39 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70804.dll
2017-07-18 10:23 - 2017-03-17 21:38 - 003356672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0804.dll
2017-07-18 10:23 - 2017-02-10 11:22 - 000001696 _____ C:\WINDOWS\system32\NOISE.CHS
2017-07-18 10:17 - 2017-07-18 10:17 - 000000000 ____D C:\Users\USER\AppData\LocalLow\MSLiveStickerWhiteList
2017-07-18 10:17 - 2017-07-18 10:17 - 000000000 ____D C:\Users\USER\AppData\LocalLow\MSLiveSticker
2017-07-12 17:51 - 2017-07-07 13:09 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 17:51 - 2017-07-07 13:05 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 17:51 - 2017-07-07 12:58 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 17:51 - 2017-07-07 12:58 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 17:51 - 2017-07-07 12:56 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 17:51 - 2017-07-07 12:55 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 17:51 - 2017-07-07 12:55 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 17:51 - 2017-07-07 12:42 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 17:51 - 2017-07-07 12:42 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 17:51 - 2017-07-07 12:24 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 17:51 - 2017-07-07 12:24 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 17:51 - 2017-07-07 12:22 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 17:51 - 2017-07-07 12:22 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 17:51 - 2017-07-07 12:16 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 17:51 - 2017-07-07 12:16 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 17:51 - 2017-07-07 12:16 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 17:51 - 2017-07-07 12:15 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 17:51 - 2017-07-07 12:15 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 17:51 - 2017-07-07 12:15 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 17:51 - 2017-07-07 12:14 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 17:51 - 2017-07-07 12:14 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 17:51 - 2017-07-07 12:12 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 17:51 - 2017-07-07 12:11 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 17:51 - 2017-07-07 12:11 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 17:51 - 2017-07-07 12:11 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 17:51 - 2017-07-07 12:11 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 17:51 - 2017-07-07 12:10 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 17:51 - 2017-07-07 12:09 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-12 17:51 - 2017-07-07 12:08 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 17:51 - 2017-07-07 12:04 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 17:51 - 2017-07-07 12:03 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 17:51 - 2017-07-07 11:59 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 17:51 - 2017-07-07 11:59 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 17:51 - 2017-07-07 11:59 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 17:51 - 2017-07-07 11:59 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 17:51 - 2017-07-07 11:58 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 17:51 - 2017-07-07 11:57 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 17:51 - 2017-07-07 11:55 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 17:51 - 2017-07-07 11:55 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 17:51 - 2017-07-07 11:54 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 17:51 - 2017-07-07 11:54 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 17:51 - 2017-07-07 11:52 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 17:51 - 2017-07-07 11:52 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 17:51 - 2017-07-07 11:51 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 17:51 - 2017-07-07 11:50 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 17:51 - 2017-07-07 11:50 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 17:51 - 2017-07-07 11:50 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 17:51 - 2017-07-07 11:50 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 17:51 - 2017-07-07 11:49 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 17:51 - 2017-07-07 11:49 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 17:51 - 2017-07-07 11:49 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 17:51 - 2017-07-07 11:49 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 17:51 - 2017-07-07 11:49 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 17:51 - 2017-07-07 11:48 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 17:51 - 2017-07-07 11:48 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 17:51 - 2017-07-07 11:48 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 17:51 - 2017-07-07 11:47 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 17:51 - 2017-07-07 11:46 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 17:51 - 2017-07-07 11:45 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 17:51 - 2017-07-07 11:44 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 17:51 - 2017-07-07 11:44 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 17:51 - 2017-07-07 11:44 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 17:51 - 2017-07-07 11:44 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 17:51 - 2017-07-07 11:44 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 17:51 - 2017-07-07 11:43 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 17:51 - 2017-07-07 11:43 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 17:51 - 2017-07-07 11:43 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 17:51 - 2017-07-07 11:43 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 17:51 - 2017-07-07 11:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 17:51 - 2017-07-07 11:40 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 17:51 - 2017-07-07 11:38 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 17:51 - 2017-07-07 11:38 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 17:51 - 2017-06-20 11:51 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 17:51 - 2017-06-20 11:48 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 17:51 - 2017-06-20 11:47 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 17:51 - 2017-06-20 11:44 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 17:51 - 2017-06-20 11:42 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 17:51 - 2017-06-20 11:19 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 17:51 - 2017-06-20 11:00 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 17:51 - 2017-06-20 10:58 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 17:51 - 2017-06-20 10:58 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 17:51 - 2017-06-20 10:57 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 17:51 - 2017-06-20 10:57 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 17:51 - 2017-06-20 10:55 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 17:51 - 2017-06-20 10:54 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 17:51 - 2017-06-20 10:54 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 17:51 - 2017-06-20 10:53 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 17:51 - 2017-06-20 10:53 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 17:51 - 2017-06-20 10:53 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 17:51 - 2017-06-20 10:52 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 17:51 - 2017-06-20 10:52 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 17:51 - 2017-06-20 10:52 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 17:51 - 2017-06-20 10:52 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 17:51 - 2017-06-20 10:52 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 17:51 - 2017-06-20 10:51 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 17:51 - 2017-06-20 10:51 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 17:51 - 2017-06-20 10:51 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 17:51 - 2017-06-20 10:50 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 17:51 - 2017-06-20 10:50 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 17:51 - 2017-06-20 10:50 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 17:51 - 2017-06-20 10:50 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 17:51 - 2017-06-20 10:49 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 17:51 - 2017-06-20 10:49 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 17:51 - 2017-06-20 10:49 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 17:51 - 2017-06-20 10:49 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 17:51 - 2017-06-20 10:49 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 17:51 - 2017-06-20 10:49 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 17:51 - 2017-06-20 10:48 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 17:51 - 2017-06-20 10:48 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 17:51 - 2017-06-20 10:48 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 17:51 - 2017-06-20 10:47 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 17:51 - 2017-06-20 10:47 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 17:51 - 2017-06-20 10:47 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 17:51 - 2017-06-20 10:46 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 17:51 - 2017-06-20 10:45 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 17:51 - 2017-06-20 10:41 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 17:51 - 2017-06-20 10:34 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 17:51 - 2017-06-20 10:34 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 17:51 - 2017-06-20 10:31 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 17:51 - 2017-06-20 10:30 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 17:51 - 2017-06-20 10:28 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 17:51 - 2017-06-20 10:27 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 17:51 - 2017-06-20 10:27 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 17:51 - 2017-06-20 10:27 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 17:51 - 2017-06-20 10:27 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 17:51 - 2017-06-20 10:27 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 17:51 - 2017-06-20 10:26 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 17:51 - 2017-06-20 10:26 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 17:51 - 2017-06-20 10:26 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 17:51 - 2017-06-20 10:26 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 17:51 - 2017-06-20 10:26 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 17:51 - 2017-06-20 10:25 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 17:51 - 2017-06-20 10:25 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 17:51 - 2017-06-20 10:25 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 17:51 - 2017-06-20 10:25 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 17:51 - 2017-06-20 10:25 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 17:51 - 2017-06-20 10:25 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 17:51 - 2017-06-20 10:24 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 17:51 - 2017-06-20 10:24 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 17:51 - 2017-06-20 10:24 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 17:51 - 2017-06-20 10:24 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 17:51 - 2017-06-20 10:24 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 17:51 - 2017-06-20 10:24 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 17:51 - 2017-06-20 10:23 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 17:51 - 2017-06-20 10:23 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 17:51 - 2017-06-20 10:23 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 17:51 - 2017-06-20 10:23 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 17:51 - 2017-06-20 10:23 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 17:51 - 2017-06-20 10:23 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 17:51 - 2017-06-20 10:21 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 17:51 - 2017-06-20 10:20 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 17:51 - 2017-06-20 10:20 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 17:51 - 2017-06-20 10:20 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 17:51 - 2017-06-20 10:19 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 17:51 - 2017-06-20 10:19 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 17:51 - 2017-06-20 10:19 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 17:51 - 2017-06-20 10:19 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 17:51 - 2017-06-20 10:19 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 17:51 - 2017-06-20 10:16 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 17:51 - 2017-06-20 10:15 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 17:51 - 2017-06-20 10:15 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 17:51 - 2017-06-20 10:15 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 17:51 - 2017-06-20 10:13 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 17:50 - 2017-07-07 19:45 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 17:50 - 2017-07-07 13:12 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 17:50 - 2017-07-07 13:12 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 17:50 - 2017-07-07 13:12 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 17:50 - 2017-07-07 13:11 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 17:50 - 2017-07-07 13:10 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 17:50 - 2017-07-07 13:08 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 17:50 - 2017-07-07 13:07 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 17:50 - 2017-07-07 13:07 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 17:50 - 2017-07-07 13:06 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 17:50 - 2017-07-07 13:06 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 17:50 - 2017-07-07 13:05 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 17:50 - 2017-07-07 13:05 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 17:50 - 2017-07-07 13:05 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 17:50 - 2017-07-07 13:00 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 17:50 - 2017-07-07 12:59 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 17:50 - 2017-07-07 12:59 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 17:50 - 2017-07-07 12:59 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 17:50 - 2017-07-07 12:58 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 17:50 - 2017-07-07 12:57 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 17:50 - 2017-07-07 12:57 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 17:50 - 2017-07-07 12:56 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 17:50 - 2017-07-07 12:55 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 17:50 - 2017-07-07 12:55 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 17:50 - 2017-07-07 12:55 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 17:50 - 2017-07-07 12:54 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 001458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 000848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-12 17:50 - 2017-07-07 12:53 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-12 17:50 - 2017-07-07 12:52 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 17:50 - 2017-07-07 12:52 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 17:50 - 2017-07-07 12:25 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 17:50 - 2017-07-07 12:22 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 17:50 - 2017-07-07 12:12 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 17:50 - 2017-07-07 12:12 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 17:50 - 2017-07-07 12:12 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 17:50 - 2017-07-07 12:12 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 17:50 - 2017-07-07 12:11 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 17:50 - 2017-07-07 12:10 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 17:50 - 2017-07-07 12:08 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 17:50 - 2017-07-07 12:08 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 17:50 - 2017-07-07 12:07 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 17:50 - 2017-07-07 12:07 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 17:50 - 2017-07-07 12:06 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 17:50 - 2017-07-07 12:05 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 17:50 - 2017-07-07 12:05 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 17:50 - 2017-07-07 12:05 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 17:50 - 2017-07-07 12:04 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 17:50 - 2017-07-07 12:04 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 17:50 - 2017-07-07 12:04 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 17:50 - 2017-07-07 12:03 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 17:50 - 2017-07-07 12:03 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 17:50 - 2017-07-07 12:03 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 17:50 - 2017-07-07 12:02 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 17:50 - 2017-07-07 12:02 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 17:50 - 2017-07-07 12:02 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 17:50 - 2017-07-07 12:02 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 17:50 - 2017-07-07 12:02 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 17:50 - 2017-07-07 12:01 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 17:50 - 2017-07-07 12:01 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 17:50 - 2017-07-07 12:01 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 17:50 - 2017-07-07 12:00 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 17:50 - 2017-07-07 12:00 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 17:50 - 2017-07-07 11:59 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 17:50 - 2017-07-07 11:59 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 17:50 - 2017-07-07 11:59 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 17:50 - 2017-07-07 11:58 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 17:50 - 2017-07-07 11:58 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 17:50 - 2017-07-07 11:57 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 17:50 - 2017-07-07 11:57 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 17:50 - 2017-07-07 11:56 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 17:50 - 2017-07-07 11:56 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 17:50 - 2017-07-07 11:56 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 17:50 - 2017-07-07 11:56 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 17:50 - 2017-07-07 11:55 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 17:50 - 2017-07-07 11:55 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 17:50 - 2017-07-07 11:55 - 004052480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsai.dll
2017-07-12 17:50 - 2017-07-07 11:55 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 17:50 - 2017-07-07 11:51 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 17:50 - 2017-07-07 11:51 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 17:50 - 2017-07-07 11:50 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 17:50 - 2017-07-07 11:50 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 17:50 - 2017-07-07 11:49 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 17:50 - 2017-07-07 11:47 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 17:50 - 2017-07-07 11:46 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 17:50 - 2017-07-02 04:37 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 17:50 - 2017-06-20 12:02 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 17:50 - 2017-06-20 12:01 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 17:50 - 2017-06-20 12:00 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 17:50 - 2017-06-20 11:56 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 17:50 - 2017-06-20 11:56 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 17:50 - 2017-06-20 11:55 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 17:50 - 2017-06-20 11:55 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 17:50 - 2017-06-20 11:53 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 17:50 - 2017-06-20 11:50 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 17:50 - 2017-06-20 11:49 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 17:50 - 2017-06-20 11:48 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 17:50 - 2017-06-20 11:47 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 17:50 - 2017-06-20 11:45 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 17:50 - 2017-06-20 11:45 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 17:50 - 2017-06-20 11:44 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 17:50 - 2017-06-20 11:44 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 17:50 - 2017-06-20 11:43 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 17:50 - 2017-06-20 11:42 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 17:50 - 2017-06-20 11:00 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 17:50 - 2017-06-20 10:59 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 17:50 - 2017-06-20 10:57 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 17:50 - 2017-06-20 10:56 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 17:50 - 2017-06-20 10:56 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 17:50 - 2017-06-20 10:55 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 17:50 - 2017-06-20 10:55 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 17:50 - 2017-06-20 10:55 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 17:50 - 2017-06-20 10:54 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 17:50 - 2017-06-20 10:54 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 17:50 - 2017-06-20 10:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 17:50 - 2017-06-20 10:54 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 17:50 - 2017-06-20 10:54 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 17:50 - 2017-06-20 10:53 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 17:50 - 2017-06-20 10:53 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 17:50 - 2017-06-20 10:53 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 17:50 - 2017-06-20 10:53 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 17:50 - 2017-06-20 10:52 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-07-12 17:50 - 2017-06-20 10:52 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 17:50 - 2017-06-20 10:52 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 17:50 - 2017-06-20 10:51 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 17:50 - 2017-06-20 10:51 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 17:50 - 2017-06-20 10:51 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 17:50 - 2017-06-20 10:51 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 17:50 - 2017-06-20 10:50 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 17:50 - 2017-06-20 10:50 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 17:50 - 2017-06-20 10:50 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 17:50 - 2017-06-20 10:50 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 17:50 - 2017-06-20 10:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 17:50 - 2017-06-20 10:49 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 17:50 - 2017-06-20 10:49 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 17:50 - 2017-06-20 10:49 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 17:50 - 2017-06-20 10:49 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 17:50 - 2017-06-20 10:49 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 17:50 - 2017-06-20 10:48 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 17:50 - 2017-06-20 10:47 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 17:50 - 2017-06-20 10:47 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 17:50 - 2017-06-20 10:46 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 17:50 - 2017-06-20 10:46 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 17:50 - 2017-06-20 10:46 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 17:50 - 2017-06-20 10:46 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 17:50 - 2017-06-20 10:46 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 17:50 - 2017-06-20 10:45 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 17:50 - 2017-06-20 10:44 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 17:50 - 2017-06-20 10:44 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 17:50 - 2017-06-20 10:44 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 17:50 - 2017-06-20 10:39 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-12 17:50 - 2017-06-20 10:30 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-12 17:50 - 2017-06-20 10:27 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 17:50 - 2017-06-20 10:22 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 17:49 - 2017-07-07 13:12 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 17:49 - 2017-07-07 13:12 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 17:49 - 2017-07-07 13:07 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 17:49 - 2017-07-07 13:02 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 17:49 - 2017-07-07 12:59 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 17:49 - 2017-07-07 12:58 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 17:49 - 2017-07-07 12:57 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 17:49 - 2017-07-07 12:55 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 001100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 000992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 000846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-12 17:49 - 2017-07-07 12:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 000672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 000506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-12 17:49 - 2017-07-07 12:53 - 000399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-12 17:49 - 2017-07-07 12:12 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 17:49 - 2017-07-07 12:12 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 17:49 - 2017-07-07 12:12 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 17:49 - 2017-07-07 12:12 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 17:49 - 2017-07-07 12:09 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 17:49 - 2017-07-07 12:08 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 17:49 - 2017-07-07 12:08 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 17:49 - 2017-07-07 12:06 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 17:49 - 2017-07-07 12:04 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 17:49 - 2017-07-07 12:03 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 17:49 - 2017-07-07 12:02 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 17:49 - 2017-07-07 12:02 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 17:49 - 2017-07-07 11:59 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 17:49 - 2017-07-07 11:57 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 17:49 - 2017-07-07 11:57 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 17:49 - 2017-07-07 11:56 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 17:49 - 2017-07-07 11:56 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 17:49 - 2017-07-07 11:56 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 17:49 - 2017-07-07 11:56 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 17:49 - 2017-07-07 11:52 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 17:49 - 2017-07-07 11:52 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 17:49 - 2017-07-07 11:50 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 17:49 - 2017-07-07 11:49 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 17:49 - 2017-07-07 11:49 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 17:49 - 2017-06-20 12:03 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 17:49 - 2017-06-20 12:03 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 17:49 - 2017-06-20 12:02 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 17:49 - 2017-06-20 12:02 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 17:49 - 2017-06-20 12:02 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 17:49 - 2017-06-20 12:02 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 17:49 - 2017-06-20 12:01 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 17:49 - 2017-06-20 11:49 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 17:49 - 2017-06-20 11:48 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 17:49 - 2017-06-20 11:47 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 17:49 - 2017-06-20 11:45 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 17:49 - 2017-06-20 11:44 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 17:49 - 2017-06-20 11:44 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 17:49 - 2017-06-20 11:43 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 17:49 - 2017-06-20 11:43 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 17:49 - 2017-06-20 11:01 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 17:49 - 2017-06-20 11:01 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 17:49 - 2017-06-20 10:59 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 17:49 - 2017-06-20 10:58 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 17:49 - 2017-06-20 10:58 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 17:49 - 2017-06-20 10:58 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 17:49 - 2017-06-20 10:57 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 17:49 - 2017-06-20 10:57 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 17:49 - 2017-06-20 10:55 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 17:49 - 2017-06-20 10:55 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 17:49 - 2017-06-20 10:54 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 17:49 - 2017-06-20 10:53 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 17:49 - 2017-06-20 10:53 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 17:49 - 2017-06-20 10:52 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 17:49 - 2017-06-20 10:52 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 17:49 - 2017-06-20 10:52 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 17:49 - 2017-06-20 10:52 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 17:49 - 2017-06-20 10:51 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 17:49 - 2017-06-20 10:51 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 17:49 - 2017-06-20 10:51 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 17:49 - 2017-06-20 10:51 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 17:49 - 2017-06-20 10:50 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 17:49 - 2017-06-20 10:50 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 17:49 - 2017-06-20 10:50 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 17:49 - 2017-06-20 10:50 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 17:49 - 2017-06-20 10:49 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 17:49 - 2017-06-20 10:48 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 17:49 - 2017-06-20 10:47 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 17:49 - 2017-06-20 10:47 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 17:49 - 2017-06-20 10:47 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 17:49 - 2017-06-20 10:46 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 17:49 - 2017-06-20 10:46 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 17:49 - 2017-06-20 10:46 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 17:49 - 2017-06-20 10:45 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 17:49 - 2017-06-20 10:43 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 17:49 - 2017-06-20 10:42 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 17:49 - 2017-06-20 10:42 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-12 17:49 - 2017-06-20 10:41 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 17:49 - 2017-06-20 10:41 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-08 09:25 - 2017-03-19 02:48 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-08 09:23 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-08 09:17 - 2017-03-08 02:10 - 000000000 ____D C:\Users\USER\AppData\Roaming\vlc
2017-08-07 23:59 - 2017-06-04 15:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-07 15:39 - 2015-06-07 08:27 - 000000399 _____ C:\Users\USER\Desktop\mod 2 (.txt
2017-08-07 14:04 - 2017-06-26 14:23 - 000000000 ____D C:\Users\USER\AppData\Roaming\DMCache
2017-08-07 14:02 - 2016-11-24 15:20 - 000102000 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-08-07 14:01 - 2017-06-04 15:14 - 000433486 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-07 13:57 - 2017-06-04 15:10 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-07 13:56 - 2017-06-04 15:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-07 13:56 - 2017-03-18 17:25 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-07 13:29 - 2017-06-04 15:07 - 005042424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-07 13:23 - 2017-03-19 02:48 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-08-07 13:23 - 2017-03-19 02:48 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-08-07 13:03 - 2017-06-04 15:14 - 001418990 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-08-03 18:01 - 2017-02-18 16:31 - 000000000 ____D C:\AdwCleaner
2017-08-03 18:01 - 2016-07-16 17:32 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-08-03 17:23 - 2017-06-04 15:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2017-08-03 17:00 - 2015-04-18 23:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2017-08-03 16:52 - 2015-03-25 06:48 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-03 16:52 - 2015-03-25 06:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-03 16:51 - 2015-05-05 18:21 - 000001923 _____ C:\Users\USER\Desktop\Subtitle Edit.lnk
2017-08-03 16:51 - 2015-05-05 18:21 - 000000000 ____D C:\Users\USER\AppData\Roaming\Subtitle Edit
2017-08-03 16:50 - 2017-06-26 13:54 - 000000869 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-03 16:48 - 2016-04-27 12:06 - 000000000 ____D C:\WINDOWS\ShellNew
2017-08-03 16:47 - 2017-03-08 02:08 - 000000818 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-08-03 16:36 - 2015-04-09 09:14 - 000000000 ____D C:\Users\USER\AppData\Roaming\PrimoPDF
2017-08-03 16:28 - 2015-10-03 12:48 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-03 15:24 - 2015-03-26 08:15 - 000000089 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_512
2017-08-03 15:22 - 2015-05-27 07:14 - 000000000 ____D C:\WINDOWS\USB Vibration
2017-08-03 15:22 - 2015-05-27 07:14 - 000000000 ____D C:\Program Files (x86)\USB Vibration
2017-08-03 15:22 - 2014-08-17 21:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-03 15:17 - 2016-03-04 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2017-08-03 15:16 - 2017-06-04 15:13 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-03 15:13 - 2016-10-24 21:21 - 000000000 ____D C:\Users\USER\Documents\samsung
2017-08-03 15:12 - 2016-10-24 21:20 - 000000000 ____D C:\Users\USER\AppData\Roaming\Samsung
2017-08-03 15:12 - 2016-03-27 23:19 - 000000000 ____D C:\Program Files (x86)\simplitec
2017-08-03 15:05 - 2015-08-09 19:58 - 000000000 ____D C:\Program Files\lenovo
2017-08-03 15:04 - 2014-12-07 14:36 - 000000000 ____D C:\Program Files (x86)\Lenovo
2017-08-03 12:13 - 2017-06-26 14:23 - 000000000 ____D C:\Users\USER\AppData\Roaming\IDM
2017-08-03 12:04 - 2015-03-23 18:33 - 000007601 _____ C:\Users\USER\AppData\Local\resmon.resmoncfg
2017-08-02 21:34 - 2017-06-04 15:41 - 000004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4D12BD10-5D48-44A7-8697-AC286599C1AE}
2017-07-30 23:08 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-30 08:31 - 2017-06-30 08:31 - 608181504 _____ C:\WINDOWS\MEMORY.DMP
2017-07-30 08:31 - 2017-06-30 08:31 - 000000000 ____D C:\WINDOWS\Minidump
2017-07-29 19:57 - 2015-04-15 22:32 - 000000000 ____D C:\Users\USER\AppData\Roaming\Foxit Software
2017-07-28 21:55 - 2017-05-12 12:33 - 000000000 ____D C:\Users\USER\AppData\Roaming\MusicBee
2017-07-28 20:23 - 2015-10-30 19:01 - 000000000 ____D C:\Users\USER\Downloads\Compressed
2017-07-28 09:22 - 2016-07-16 10:23 - 000000000 ___RD C:\Users\USER\OneDrive
2017-07-27 10:56 - 2017-04-28 16:48 - 000000000 ____D C:\Users\USER\AppData\Roaming\audacity
2017-07-23 19:54 - 2017-02-12 12:46 - 000002160 _____ C:\WINDOWS\Sandboxie.ini
2017-07-18 10:57 - 2017-03-19 08:15 - 000000000 ____D C:\WINDOWS\OCR
2017-07-18 10:57 - 2017-03-19 02:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-07-17 13:32 - 2016-01-15 00:38 - 000003164 _____ C:\Users\USER\Desktop\manga lists.txt
2017-07-15 17:11 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\rescache
2017-07-12 20:27 - 2017-03-19 02:46 - 000000000 ____D C:\WINDOWS\INF
2017-07-12 19:45 - 2016-11-21 00:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-12 18:21 - 2017-03-19 02:48 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-12 17:56 - 2015-02-15 19:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 17:52 - 2015-02-15 19:22 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-12 11:05 - 2017-02-26 13:42 - 000000000 ____D C:\ProgramData\Foxit Software
2017-07-11 18:45 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 18:44 - 2017-03-19 02:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed

==================== Files in the root of some directories =======

2015-10-10 00:28 - 2015-10-10 00:28 - 000000132 _____ () C:\Users\USER\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-11-25 22:45 - 2016-11-29 09:54 - 000000724 _____ () C:\Users\USER\AppData\Local\BlackToText907.tif
2015-02-02 14:12 - 2015-08-08 10:01 - 3941910743 _____ () C:\Users\USER\AppData\Local\BTServer.log
2016-11-25 22:53 - 2016-11-29 09:54 - 000000026 _____ () C:\Users\USER\AppData\Local\gt-props
2015-03-23 18:33 - 2017-08-03 12:04 - 000007601 _____ () C:\Users\USER\AppData\Local\resmon.resmoncfg
2016-06-18 10:14 - 2016-06-18 10:14 - 000000000 _____ () C:\Users\USER\AppData\Local\{0F5721C5-C3C8-48A3-8C8E-0FF32FF6C759}
2017-06-04 15:10 - 2017-06-04 15:10 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-07-29 16:35 - 2017-07-29 16:36 - 000079736 _____ (AppWork GmbH) C:\Users\USER\AppData\Local\Temp\131457990538232782.exe
2017-07-29 16:36 - 2017-07-29 16:36 - 001411636 _____ (Tulofeh                                                     ) C:\Users\USER\AppData\Local\Temp\13145799062384430900.exe
2017-07-12 11:05 - 2014-11-26 18:03 - 004856544 _____ (Foxit Corporation) C:\Users\USER\AppData\Local\Temp\FoxitUpdater.exe
2017-08-03 15:03 - 2017-08-03 15:03 - 004043712 _____ (Geek Unіnstaller) C:\Users\USER\AppData\Local\Temp\geek64.exe
2017-08-05 19:49 - 2017-08-05 19:49 - 000040448 _____ () C:\Users\USER\AppData\Local\Temp\proxy_vole4575658297680175100.dll
2017-08-05 19:49 - 2017-08-05 19:49 - 000040448 _____ () C:\Users\USER\AppData\Local\Temp\proxy_vole6487281428690232988.dll
2017-08-05 19:49 - 2017-08-05 19:49 - 000040448 _____ () C:\Users\USER\AppData\Local\Temp\proxy_vole6869256519616214492.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-07 16:23

==================== End of FRST.txt ============================

Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2017
Ran by Max (08-08-2017 09:27:05)
Running from C:\Users\USER\Desktop
Windows 10 Pro Version 1703 (X64) (2017-06-04 10:08:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-900945925-988278395-3478122750-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-900945925-988278395-3478122750-503 - Limited - Disabled)
Guest (S-1-5-21-900945925-988278395-3478122750-501 - Limited - Disabled)
Max (S-1-5-21-900945925-988278395-3478122750-1001 - Administrator - Enabled) => C:\Users\USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
calibre (HKLM-x32\...\{A253C2A7-FD66-43AA-9EA7-D30E5041F391}) (Version: 3.5.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (HKLM\...\{15EEB07A-3FB9-FA4C-8EFF-697728CB1E5C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{D6823E97-B396-927D-D651-AFB82BE03523}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A63E3031-0522-18C6-F18F-7EE80973315F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{A2966D0F-43BB-116D-C9C7-49612FBFD0AE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{4C608ED2-535B-2119-3661-9E6F7DDB600F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{BF26ACAF-6D09-023B-5FB7-8A848874A724}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9005C809-497A-FD45-CB96-76A3338E35B9}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DB37D05-F855-5D7D-08C2-25E00E2CCDBC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{87250370-0A99-4ED9-DCE4-970DAC325FA5}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D84300A6-72F1-5771-B3B1-8FC71184AB38}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{1F815C78-D31E-53FD-C8BF-3215E4F022A3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{56D13277-FA9F-2842-682D-DD7298973585}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{79F58747-D616-4CDB-7D8B-4BC580D99153}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{8D0C7788-D519-7B65-36F6-D0D21296F173}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{02E80355-64BF-6C1E-B0B7-76857D62A86D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{930FD2C7-D026-197D-94E4-CB5917CE7420}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{086D11E3-9CA4-DBEF-2B48-5A2EFFD53145}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{77158555-E271-A561-ECDA-611639388B5C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{97673BD1-8CA0-53EF-C4E7-282CD8748F1C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D0C1EAB6-92F1-EE91-04C2-5947EE150593}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{57EAA61A-CD02-DF34-0839-2549F57A334C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{F1AD64B3-4114-8EF7-407C-F9F9122EDA68}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{AA477FD2-347B-1732-5D8C-AF35AF1B9703}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED28D75F-557C-39C9-5004-F8F17C8BC279}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{41268A73-D680-48C5-DE5E-CF67C05CBBBB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{BBFC5953-2CB9-5932-1D47-52E4AA99737B}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{01E7D692-D785-743F-5A55-F00162D26A1C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9655DE76-0987-9159-5A7E-FCE18409D004}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{5D8BA452-1264-7D13-E4EC-8236EC5B83FE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CD73EC8B-9F04-5EA1-8FD4-AEE4DAC51267}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{397C2EE5-B514-0CC5-53C3-2FBE46CE6EDF}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F49BA906-83DA-3F5A-5B24-03C8DE2A3936}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{45FA39D2-8AEB-AFF8-2FA6-96891732CB80}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{5A466CAA-F071-D9EF-A799-EF63552DBE70}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{D7DC4DDB-3E0D-6F79-4258-4A461654B689}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{ACDFF800-6015-BEEC-8A27-7B1A80915273}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A28B1FC5-3947-9D39-7FE5-A3CB18E16358}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
DCX Trader 1.8.15 (HKLM-x32\...\DCX_Deploy_0) (Version:  - )
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.1.21155 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
IDM Crack 6.28 build 9 (HKLM-x32\...\IDM Crack 6.28 build 9) (Version: build 14 - Crackingpatching.com Team)
InstaTrader (HKLM-x32\...\InstaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IP Camera Adapter (HKLM-x32\...\{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.8.1.0 - QFX Software Corporation)
K-Lite Codec Pack 11.4.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MetaTrader - EXNESS (HKLM-x32\...\MetaTrader - EXNESS) (Version: 6.00 - MetaQuotes Software Corp.)
Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCEL) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Firefox 47.0.1 (x86 en-US) (HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
Network Recording Player (HKLM-x32\...\{79417ECE-DA9D-49B3-B1C9-83AA3EAE6AE0}) (Version: 31.9.3.13 - Cisco WebEx LLC)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PX Profile Update (HKLM-x32\...\{954CFDDE-AF07-2AF9-9600-706E798D42BA}) (Version: 1.00.1. - AMD) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.1-r113066-release - Raptr, Inc)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version:  - )
Subtitle Edit 3.4.6 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.6.544 - Nikse)
Subtitle Edit 3.5.3 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.3.0 - Nikse)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.1 - Tweaking.com)
USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Virtual DJ Home - Atomix Productions (HKLM-x32\...\Virtual DJ Home - Atomix Productions) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Data Recovery 3.82 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.82 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID\{0112bcab-ec40-8cbd-e8e0-18acfa7731940}\InprocServer32 -> 0x6C41493845567338387553786F394142486741734146567A5A584A4F5957316C5055347651534E4462323177595735355055347651534E46545746706244314F4C30456A5648687553575139546939425150694B4563797A4D355763592F7044516932 (the data entry has 114 more characters). => No File
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-900945925-988278395-3478122750-1001_Classes\CLSID\{ef79fc18-df28-de4f-628c-b2e02c0815a76}\InprocServer32 -> 0x9B8193826C8AD201D0E395826C8AD201010000000300000000000000 => No File
ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (TonecInc.)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll [2017-03-19] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [Offline Files] -> {4E77131D-3629-431c-9818-C5679DC83E81} => C:\WINDOWS\System32\cscui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (IgorPavlov)
ContextMenuHandlers1-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers1-x32: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} =>  -> No File
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\ShellExt.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => d:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (FoxitSoftwareInc.)
ContextMenuHandlers1-x32: [ModernSharing] -> {e2bf9676-5f8f-435c-97eb-11607a5bedf7} => C:\WINDOWS\system32\ntshrui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers1-x32: [Open With] -> {09799AFB-AD67-11d1-ABCD-00C04FC30936} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation)
ContextMenuHandlers1-x32: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (AlexanderRoshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (AlexanderRoshal)
ContextMenuHandlers2: [EnhancedStorageShell] -> {2854F705-3548-414C-A113-93E27C808C85} => C:\Windows\System32\EhStorShell.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\ShellExt.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers2: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers3: [CopyAsPathMenu] -> {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers3: [SendTo] -> {7BA4C740-9E81-11CF-99D3-00AA004AE837} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (IgorPavlov)
ContextMenuHandlers4-x32: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers4-x32: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\ShellExt.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\WINDOWS\System32\cscui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers4-x32: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (AlexanderRoshal)
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (AlexanderRoshal)
ContextMenuHandlers4-x32-x32: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (AdvancedMicroDevices,Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-12] (IntelCorporation)
ContextMenuHandlers5: [New] -> {D969A300-E7FF-11d0-A93B-00A0C90F2719} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation)
ContextMenuHandlers5: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => d:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (FoxitSoftwareInc.)
ContextMenuHandlers6: [Library Location] -> {3dad6c5d-2167-4cae-9914-f99e41c12cfa} => C:\WINDOWS\system32\shell32.dll [2017-07-07] (MicrosoftCorporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => C:\WINDOWS\System32\cscui.dll [2017-03-19] (MicrosoftCorporation)
ContextMenuHandlers6: [PintoStartScreen] -> {470C0EBD-5D73-4d58-9CED-E91E22E23282} => C:\Windows\System32\appresolver.dll [2017-06-05] (MicrosoftCorporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (AlexanderRoshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (AlexanderRoshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {045A1054-B37B-4B09-95A5-79A4F321C4F2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {056673BB-5009-40C5-BC4A-CDD03751C791} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-03] (Tweaking.com)
Task: {05C35C43-30B0-478C-A045-7452BCE45E4E} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\WINDOWS\system32\defrag.exe [2017-03-19] (MicrosoftCorp.)
Task: {0BC7BB05-2369-444D-9C20-D133441EEE89} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-06-20] (MicrosoftCorporation)
Task: {0C518199-F01B-42CF-9CB7-16710B002812} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\WINDOWS\system32\MDMAgent.exe [2017-03-19] (MicrosoftCorporation)
Task: {0CC2C164-C391-4AE1-AC44-61014D23FC1F} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization => C:\WINDOWS\system32\defrag.exe [2017-03-19] (MicrosoftCorp.)
Task: {0CFFAC74-2B0F-48F1-BAB2-7BD1A9E75C5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {12382A3B-9F27-4B4D-B7C0-6551032014C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (GoogleInc.)
Task: {123F2F42-CE4F-4735-9E20-428497D2B200} - System32\Tasks\shutdown => C:\Windows\System32\shutdown.exe [2017-03-19] (MicrosoftCorporation)
Task: {13296847-B286-4D53-AFA5-E14740397DD5} - System32\Tasks\Microsoft\Windows\MUI\Mcbuilder => C:\WINDOWS\System32\mcbuilder.exe [2017-03-19] (MicrosoftCorporation)
Task: {175EEFC8-16F5-4072-9093-46A1E622F59D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1CF6BD0B-D26F-4F52-8811-AD1FD7DAA01A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\110323a4-c849-4dae-9628-a720238a215e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (LenovoGroupLimited)
Task: {240478A4-B7D2-43B1-AF21-626C77E72C1F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\WINDOWS\system32\disksnapshot.exe [2017-03-19] (MicrosoftCorporation)
Task: {24B30C6A-FB82-4D3F-A478-CF9768E23ACD} - System32\Tasks\Microsoft\Windows\UNP\RunCampaignManager => C:\WINDOWS\System32\UNP\UNPCampaignManager.exe [2017-04-02] (MicrosoftCorporation)
Task: {2532DB2F-A598-4946-BA1F-6EBE9D19C34C} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\WINDOWS\System32\WindowsActionDialog.exe [2017-03-19] (MicrosoftCorporation)
Task: {2DBB3874-C30C-44A9-A6F5-9C48F02F16D3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\06484341-7f04-42cc-ab7a-e55cbeb6bc9f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (LenovoGroupLimited)
Task: {33C04DDB-DE68-4033-8570-ADDDBFF99E1B} - System32\Tasks\Microsoft\Windows\NlaSvc\WiFiTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {3A164F3D-787C-4685-BECB-4B7B366C9FDF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-07-12] (MicrosoftCorporation)
Task: {3AEEF4D4-C4A8-42A1-8A1E-80CA054C2E9C} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\WINDOWS\system32\srtasks.exe [2017-03-19] (MicrosoftCorporation)
Task: {3EA82649-A360-4898-A6FB-C273024D1364} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\WINDOWS\System32\wpcmon.exe [2017-03-19] (MicrosoftCorporation)
Task: {4051EB0B-2917-432F-B9F9-431C7E3C9181} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\WINDOWS\system32\RAServer.exe [2017-03-19] (MicrosoftCorporation)
Task: {405C84BB-90E5-4359-B749-5C967D252C3A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {42175A28-1226-4E67-9DE0-726365EF9F40} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\08483c54-0d53-407b-96a4-579aa11dfc78 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (LenovoGroupLimited)
Task: {4641179A-BBA6-4BA3-9BF2-A13AB04B2C27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4A5D4628-E32A-4422-9B01-D37DD4C1CE75} - System32\Tasks\Microsoft\Windows\WwanSvc\NotificationTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\WINDOWS\System32\sihclient.exe [2017-07-07] (MicrosoftCorporation)
Task: {52C4776E-11B1-402C-A230-0A0306A146C4} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\WINDOWS\System32\wsqmcons.exe [2017-03-19] (MicrosoftCorporation)
Task: {5BC5A21F-4785-41A6-B4B1-62FB9B08FABD} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\WINDOWS\System32\dsregcmd.exe [2017-03-19] (MicrosoftCorporation)
Task: {5C326114-085E-444C-9B7A-D3E2E59C549E} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\WINDOWS\system32\devicecensus.exe [2017-06-20] (MicrosoftCorporation)
Task: {5CF2C2DC-DDD5-41C6-A035-1B4B3F2BEC2D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe [2017-06-20] (MicrosoftCorporation)
Task: {6772AC65-7600-4DF2-9BD5-F17292FAAE4B} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\WINDOWS\system32\speech_onecore\common\SpeechModelDownload.exe [2017-03-19] (MicrosoftCorporation)
Task: {68F37285-0BE2-4C12-8402-B06A59075A81} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\WINDOWS\system32\MusNotification.exe [2017-06-20] (MicrosoftCorporation)
Task: {6A0F36AE-7DF3-413C-BA95-E51BD7EE99AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6A2D76AE-96C2-4F24-BA7E-ACFFA2592368} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2017-03-19] (MicrosoftCorporation)
Task: {6C2CFD78-9D8A-4390-BCD1-21B3185E1668} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {6CFFC74A-9478-4A80-A16C-61BCC681BAB1} - \WPD\SqmUpload_S-1-5-21-900945925-988278395-3478122750-1001 -> No File <==== ATTENTION
Task: {70E0A093-79B7-461E-A9C7-B67CD7B1511E} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload => C:\WINDOWS\system32\dmclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {799AC654-A37D-49AA-B0F3-433D7D5EBBD9} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {7FB60B2C-DCD1-4862-8880-1AA740E48D8E} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\WINDOWS\System32\XblGameSaveTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {829C695F-E874-432A-9A9F-7862D04236B9} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\WINDOWS\system32\dstokenclean.exe [2017-03-19] (MicrosoftCorporation)
Task: {87488988-70F6-44C5-A1BD-E328BE17C205} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\WINDOWS\system32\appidpolicyconverter.exe [2017-03-19] (MicrosoftCorporation)
Task: {87827D32-73E0-4DEC-A285-A495BF227BAF} - System32\Tasks\User_Feed_Synchronization-{4D12BD10-5D48-44A7-8697-AC286599C1AE} => C:\Windows\system32\msfeedssync.exe [2017-03-19] (MicrosoftCorporation)
Task: {88209412-5377-4AA1-B01E-F5D5A6F39E21} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\WINDOWS\system32\SpaceAgent.exe [2017-03-19] (MicrosoftCorporation)
Task: {88E18EB0-E633-47C9-8FE5-84CEAB8F5EF7} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\WINDOWS\system32\AppHostRegistrationVerifier.exe [2017-03-19] (MicrosoftCorporation)
Task: {896ED842-4861-49E9-A2C1-0AE31689F876} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\WINDOWS\system32\ClipUp.exe [2017-03-19] (MicrosoftCorporation)
Task: {8EE52AD7-9F81-40D3-AE0C-9F5DB09BC56F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2017-03-19] (MicrosoftCorporation)
Task: {936FF605-A684-4476-8E62-E051A903B3D3} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2017-03-19] (MicrosoftCorporation)
Task: {938954E2-DAFB-4BCD-8740-6AC11EBFE13C} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\WINDOWS\system32\appidcertstorecheck.exe [2017-03-19] (MicrosoftCorporation)
Task: {9CF304F4-4D08-4DBB-A568-102240A2160B} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {9DC43337-F240-499B-A7BB-353C15DEBCC4} - System32\Tasks\{1E6113B1-6320-42D6-98F3-9B2BBA5E0C28} => "d:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.4.0.102/en/go/help.faq.installer?LastError=1638
Task: {A0CCB3EE-6C70-4B21-8E5B-F6AD89850B71} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {A2DA212A-A09D-4FF1-AE31-A79C2A2B4C6B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-06-20] (MicrosoftCorporation)
Task: {A2F71EA0-2D51-4117-9233-DF4CA5CD6A9D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {AC44582C-9524-47F0-8CCA-764158C07408} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2017-03-19] (MicrosoftCorporation)
Task: {AC60DB78-1A08-45A4-8990-357D65C3727F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5115b37c-ad53-4808-937c-4d8f4eedbddb => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (LenovoGroupLimited)
Task: {ADE1B79E-902D-48F4-B104-0EAE57D965F2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B0B01AAA-FF6C-4441-B75E-44A24B0B37CD} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\WINDOWS\System32\dusmtask.exe [2017-03-19] (MicrosoftCorporation)
Task: {B2C7FF3D-1D7C-44E2-8ED5-4736AFB73DD7} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2017-03-18] (MicrosoftCorporation)
Task: {B5EA650A-8EE9-4BA5-BAA0-2A8ACE00500D} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\WINDOWS\system32\spaceman.exe [2017-03-19] (MicrosoftCorporation)
Task: {B6E6ABD5-79ED-4B43-AAEB-7ECE3DAC097C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (GoogleInc.)
Task: {BCC432F2-7A57-4195-881F-9013CF46F613} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\WINDOWS\system32\lpremove.exe [2017-03-19] (MicrosoftCorporation)
Task: {BD69C6ED-AD55-467C-B787-533200C3B376} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\WINDOWS\System32\XblGameSaveTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {BF728E4A-B1B4-406C-A6B2-1A4888A56396} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C05E2FFD-7D0D-4F6B-952B-A3318F829D19} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Cellular => C:\WINDOWS\system32\ProvTool.exe [2017-03-19] (MicrosoftCorporation)
Task: {C07B4EB8-2EF6-4E54-832F-41346E84FE16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C162FF56-952F-4ABA-AE13-AA8CB0F4C087} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\WINDOWS\System32\drvinst.exe [2017-03-19] (MicrosoftCorporation)
Task: {C3366BA4-5CE0-4910-AB6B-A7BAF87DB671} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C42799B6-75B2-42CF-8197-3BE332E05553} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {C640FB47-29FB-4AC6-AFA5-C82226025C5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C97B639A-C1BF-4E0C-ACFD-CF5B27B65B3C} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\WINDOWS\system32\wermgr.exe [2017-03-19] (MicrosoftCorporation)
Task: {CAD736D1-5AF2-43F9-8B72-E840730A9777} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-06-20] (MicrosoftCorporation)
Task: {CBD48141-91AD-4F24-B406-70C0D7F41BD4} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\WINDOWS\system32\DFDWiz.exe [2017-03-19] (MicrosoftCorporation)
Task: {CBEE037D-274B-4B95-8D87-EE23F25F2016} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-06-20] (MicrosoftCorporation)
Task: {CDC553D2-B5AD-4AF3-BB6D-5AA47466C1F9} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\WINDOWS\system32\ProvTool.exe [2017-03-19] (MicrosoftCorporation)
Task: {CFE9501D-B60F-45DB-B48F-19C572F7F30E} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\WINDOWS\system32\AppHostRegistrationVerifier.exe [2017-03-19] (MicrosoftCorporation)
Task: {D1D516C0-190A-447A-B181-6D3ADBE8AA1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D2C50CE0-7E9B-4F0D-A2A4-95AC59829444} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\WINDOWS\SYSTEM32\BthUdTask.exe [2017-03-19] (MicrosoftCorporation)
Task: {DE280E27-41E3-43DD-8D0C-7D14FBD3A6ED} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings => C:\WINDOWS\system32\usoclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {E11183CC-FCAC-479E-B422-6A72654C14EA} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\WINDOWS\System32\LocationNotificationWindows.exe [2017-03-19] (MicrosoftCorporation)
Task: {E4372E00-DE8E-459E-94B5-37E15ADDBE5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (PiriformLtd)
Task: {EFF969EA-3F95-4DD6-A895-C891417E5D1A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe [2017-06-20] (MicrosoftCorporation)
Task: {F7ECD4CC-F7F6-409A-890E-5F836A87DBEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F88E01C2-99E3-4AF6-BFAA-7ACC8EF521D4} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\WINDOWS\system32\dmclient.exe [2017-03-19] (MicrosoftCorporation)
Task: {F9015704-44A7-4962-B811-A4C0206CF851} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\WINDOWS\System32\sihclient.exe [2017-07-07] (MicrosoftCorporation)
Task: {F9D90672-740E-4C0D-9F37-54E90CEFF1A8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\WINDOWS\system32\MusNotification.exe [2017-06-20] (MicrosoftCorporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-04-09 09:10 - 2011-03-01 04:22 - 000095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2017-03-19 02:43 - 2017-03-19 02:43 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-19 02:44 - 2017-03-19 08:15 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-22 08:34 - 2017-07-22 08:37 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-22 08:34 - 2017-07-22 08:37 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-22 08:34 - 2017-07-22 08:37 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-22 08:34 - 2017-07-22 08:37 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-07-28 09:55 - 2017-07-28 09:55 - 000080384 ____R () D:\Program Files (x86)\Calibre2\ebook-viewer.exe
2017-08-07 16:07 - 2017-08-07 16:07 - 000566439 _____ () D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2017-08-07 16:07 - 2017-08-07 16:07 - 004078962 _____ () D:\Program Files (x86)\jdownloader 2\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2017-06-04 18:02 - 2017-06-04 18:03 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-25 09:56 - 2017-07-26 20:00 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-25 09:56 - 2017-07-26 20:00 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-07-15 16:09 - 2017-07-15 16:16 - 027590144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 020649984 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 002305536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 002856448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-04 18:02 - 2017-06-04 18:03 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-17 10:04 - 2017-06-17 11:55 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-07-16 17:35 - 2016-07-16 17:38 - 000680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-07-15 16:09 - 2017-07-15 16:16 - 001127936 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-06-03 22:49 - 2017-06-03 23:45 - 001062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-07-28 09:55 - 2017-07-28 09:55 - 000038400 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\calibre-launcher.dll
2016-08-29 13:02 - 2016-08-29 13:02 - 001036288 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\_hashlib.pyd
2016-08-29 13:02 - 2016-08-29 13:02 - 000020480 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\win32event.pyd
2016-08-29 13:02 - 2016-08-29 13:02 - 000116224 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pywintypes27.dll
2016-08-29 13:03 - 2016-08-29 13:03 - 000104960 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\win32api.pyd
2017-07-28 09:55 - 2017-07-28 09:55 - 000014336 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\winutil.pyd
2016-08-29 13:00 - 2016-08-29 13:00 - 000095744 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\_ctypes.pyd
2017-07-28 09:55 - 2017-07-28 09:55 - 000009728 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\monotonic.pyd
2017-07-28 09:55 - 2017-07-28 09:55 - 000051200 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\speedup.pyd
2016-08-29 13:02 - 2016-08-29 13:02 - 000123392 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\win32file.pyd
2017-07-28 09:55 - 2017-07-28 09:55 - 000028160 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\icu.pyd
2016-08-29 13:00 - 2016-08-29 13:00 - 000046592 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\_socket.pyd
2016-08-29 13:02 - 2016-08-29 13:02 - 001441280 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\_ssl.pyd
2017-06-10 13:13 - 2017-06-10 13:13 - 003363328 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtWidgets.pyd
2017-06-04 12:59 - 2017-06-04 12:59 - 000074240 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\zlib1.dll
2017-02-16 19:45 - 2017-02-16 19:45 - 000083968 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\sip.pyd
2017-06-10 13:12 - 2017-06-10 13:12 - 001540096 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtCore.pyd
2017-06-10 13:12 - 2017-06-10 13:12 - 001668096 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtGui.pyd
2017-06-10 13:14 - 2017-06-10 13:14 - 000010240 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.Qt.pyd
2017-06-10 13:12 - 2017-06-10 13:12 - 000425984 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtNetwork.pyd
2017-06-10 13:13 - 2017-06-10 13:13 - 000154624 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtSensors.pyd
2017-06-10 13:13 - 2017-06-10 13:13 - 000096768 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtWebKit.pyd
2016-08-29 13:14 - 2016-08-29 13:14 - 001076736 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\libxml2.dll
2016-08-29 13:14 - 2016-08-29 13:14 - 000179712 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\libxslt.dll
2017-06-10 13:12 - 2017-06-10 13:12 - 000172032 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtPrintSupport.pyd
2017-06-10 13:13 - 2017-06-10 13:13 - 000079872 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtSvg.pyd
2017-06-10 13:13 - 2017-06-10 13:13 - 000185344 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtWebKitWidgets.pyd
2017-06-10 13:14 - 2017-06-10 13:14 - 000077312 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pyqt5.QtWinExtras.pyd
2016-08-29 13:00 - 2016-08-29 13:00 - 000013824 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\select.pyd
2017-06-03 23:59 - 2017-06-03 23:59 - 001384448 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\lxml.etree.pyd
2016-08-29 13:14 - 2016-08-29 13:14 - 000065536 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\libexslt.dll
2017-07-28 09:55 - 2017-07-28 09:55 - 000061440 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\progress_indicator.pyd
2016-08-29 13:00 - 2016-08-29 13:00 - 000032768 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\_multiprocessing.pyd
2016-08-29 13:02 - 2016-08-29 13:02 - 000040960 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\win32process.pyd
2017-07-28 09:55 - 2017-07-28 09:55 - 000061440 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\imageops.pyd
2016-08-29 13:03 - 2016-08-29 13:03 - 000398336 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\pythoncom27.dll
2016-08-29 13:05 - 2016-08-29 13:05 - 000387584 ____R () D:\Program Files (x86)\Calibre2\app\DLLs\win32com.shell.shell.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5ED747B8 [274]
AlternateDataStreams: C:\ProgramData\Temp:9857FAE3 [248]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\kmpmedia.net -> hxxp://player.kmpmedia.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-26 08:15 - 2017-08-07 13:09 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-900945925-988278395-3478122750-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\Desktop\maxresdefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: FoxitReaderService => 2
MSCONFIG\Services: RosettaStoneDaemon => 2
HKLM\...\StartupApproved\StartupFolder: => "Virtual Router Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "MagicLinker.lnk"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "PowerDVD13Agent"
HKLM\...\StartupApproved\Run32: => "USB Security"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\StartupApproved\Run: => "Adobe"
HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-900945925-988278395-3478122750-1001\...\StartupApproved\Run: => "BlueStacks Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{4BD32AB6-F32F-4C2D-80E5-849A3530ED4C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{00003329-0888-4DD1-BFB7-7C8CF8634328}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2017 09:23:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/08/2017 09:23:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/08/2017 09:23:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/08/2017 09:23:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/08/2017 09:21:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/08/2017 09:21:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/07/2017 05:38:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/07/2017 05:38:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/07/2017 05:38:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (08/07/2017 05:38:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "D:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.


System errors:
=============
Error: (08/08/2017 09:16:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/07/2017 02:22:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/07/2017 02:00:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (08/07/2017 01:57:47 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x1f000000047757.  The name of the file is "\Windows\System32\linkinfo.dll".

Error: (08/07/2017 01:57:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error:
An attempt was made to reference a token that does not exist.

Error: (08/07/2017 01:57:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MSMQ service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/07/2017 01:57:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MSMQ service to connect.

Error: (08/07/2017 01:57:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error:
A device attached to the system is not functioning.

Error: (08/07/2017 01:57:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
The specified module could not be found.

Error: (08/07/2017 01:57:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the WAS service which failed to start because of the following error:
The specified module could not be found.


CodeIntegrity:
===================================
  Date: 2017-08-07 16:23:14.732
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-07 16:23:14.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-04 16:57:44.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-04 16:57:43.803
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 3992.36 MB
Available physical RAM: 1979.94 MB
Total Virtual: 4760.36 MB
Available Virtual: 2286.51 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:116.37 GB) (Free:54.59 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:348.57 GB) (Free:0.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 13FCABC6)
Partition 1: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=836 MB) - (Type=27)
Partition 3: (Not Active) - (Size=348.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Thank You

maxim123

veeg

PCHF Manager

Malnutrition

Malnurished Admin

Malnutrition

Malnurished Admin

maxim123

Malnutrition

Malnurished Admin

maxim123

maxim123

maxim123

Malnutrition

Malnurished Admin

Malnutrition

Malnurished Admin

maxim123

maxim123

maxim123

Malnutrition

Malnurished Admin

maxim123

Malnutrition

Malnurished Admin

maxim123

Attachments

Malnutrition

Malnurished Admin

maxim123

Search

Search

Solved Frst & addition logs for networking problem

We value your privacy