Conversation RAM running flat out! help please guys

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
Thanks, its a lot smoother and quicker, no black screen, one thing I have spotted on the logs is ..Windows 8 Business Edition, 64-bit Service Pack 1 (15063),... I was running WIN 10,? Also when I type it quite often doesn't recognise my keystrokes. :)
 
While we wait for my second set of eyes to confirm another fix for you, go ahead and do the following for me please :)

Download Security Check to your desktop.
Right click it and choose Run as Administrator.
When the program completes, the tool will automatically open a log file.
Please post that log here in your next post.

Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all other the running programs
  • Disable ALL Antivirus -- Antimalware -- Applications.
  • Right Click Rogue Killer and Run as Administrator.
  • Click the Start Scan button.
  • Allow the scan to run -- it can take ten minutes or more.
  • Once the scan is complete check All items for removal.
  • upload_2017-2-23_10-55-54-png.1658

  • After All items are checked then press Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on open report -- then open txt
  • Copy the content of the report and paste it here in your next reply.
 
SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17]
WebSite: www.safezone.cc
DateLog: 16.08.2017 20:59:25
Path starting: C:\Users\scct\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: scct
VersionXML: 4.56is-14.08.2017
___________________________________________________________________________

Windows 10(6.3.15063) (x64) Professional Release: 1703 Lang: English(0409)
Installation date OS: 20.06.2017 19:20:51
LicenseStatus: Office 15, OfficeProPlusR_Grace edition Windows is in Notification mode
LicenseStatus: Office 15, OfficeProPlusMSDNR_Retail edition The machine is permanently activated.
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
LicenseStatus: Office 16, Office16ProPlusR_Grace edition Windows is in Notification mode
LicenseStatus: Office 15, OfficeProPlusVL_KMS_Client edition Windows is in Notification mode
LicenseStatus: Office 16, Office16ProPlusR_Retail edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [148.6 Gb] Used: [114.4 Gb] Free: [34.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.540.15063.0 [+]
User Account Control enabled
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.1.2.1733 v.3.1.2.1733
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.2.4 Warning! Download Update
Microsoft Silverlight v.5.1.50907.0
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 26 PPAPI v.26.0.0.151
Adobe Acrobat Reader DC v.17.012.20095 [+]
------------------------------- [ Browser ] -------------------------------
Google Chrome v.60.0.3112.101 [+]
Mozilla Firefox 54.0.1 (x86 en-US) v.54.0.1 Warning! Download Update
Mozilla Firefox 55.0.1 (x86 en-US) v.55.0.1
----------------------------- [ EmailClient ] -----------------------------
IncrediMail 2.5 v.6.6.0.5328
IncrediMail v.6.6.0.5328
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.60.0.3112.101
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1068
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.479
C:\Program Files\Windows Defender\MsMpEng.exe v.4.11.15063.447
C:\Program Files\Windows Defender\NisSrv.exe v.4.11.15063.0
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0
Windows Defender Antivirus Service (WinDefend) - The service is running
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Driver Booster 4.4 v.4.4.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------
 
I await your RogueKiller results :) It seems you also have two Firefoxes installed.

Use Geek Uninstaller to remove the following:

Driver Booster 4.4 v.4.4.0
Mozilla Firefox 54.0.1 (x86 en-US) v.54.0.1
Click to expand...

Adobe Reader is memory hogging and space hogging. I'd recommend removing it and replacing it with Foxit PDF Reader :)
 
rogue report..
RogueKiller V12.11.10.0 (x64) [Aug 14 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : scct [Administrator]
Started from : C:\Users\scct\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 08/16/2017 21:05:43 (Duration : 00:35:10)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.msn.com/en-gb|https://ww...tp://www.bet365.com/|http://www.google.co.uk/] -> Deleted
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [google.com_] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 635f6408b289f608824cbc7c13e9ca02
[BSP] dfe876577075a92f76018256880f53dd : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152175 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 311656448 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD20EARS-00MVWB0 ATA Device +++++
--- User ---
[MBR] ce43aa9d2809c73ef6bd644e9f92b3da
[BSP] aa16c6e0ed6a060ec77fdbffaef465f6 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Driver Booster 4.4 v.4.4.0
Mozilla Firefox 54.0.1 (x86 en-US) v.54.0.1
Adobe Reader is memory hogging and space hogging all removed now! thanks :)
 
  • Like
Reactions: jmarket
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

After doing so, please post fresh FRST logs and we'll go from there :)
 

Attachments

Last edited:
Fix result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by scct (16-08-2017 23:18:16) Run:2
Running from C:\Users\scct\Desktop\fixit
Loaded Profiles: scct (Available Profiles: defaultuser0 & scct)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll => No File
FF Extension: (Click-to-Play staged rollout) - C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-08-09] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-08-09] [not signed]
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-gb","hxxps://www.facebook.com/","hxxp://www.ebay.co.uk/","hxxp://www.skybet.com/","hxxp://www.bet365.com/","hxxp://www.google.co.uk/"
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-08-15]
CHR Extension: (softorama) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfdniemoeflbhlmcnammemhdahpcjni [2017-08-15]
CHR Extension: (AVG SafePrice) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-08-15]
CHR Extension: (ZIP Extractor) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2017-08-15]
2017-08-15 19:24 - 2017-08-15 19:53 - 000000000 ____D C:\Users\scct\AppData\Roaming\IObit
2017-08-15 19:24 - 2017-08-15 19:24 - 000000000 ____D C:\ProgramData\IObit
Task: {4AA3BF5A-5860-4096-9AFF-D186CF83355C} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
Sky Go Download Player (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\814376323.go.sky.com) (Version: - go.sky.com)
EmptyTemp:
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} => key removed successfully
C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi => moved successfully
Chrome StartupUrls => removed successfully
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-08-15] => Error: No automatic fix found for this entry.
CHR Extension: (softorama) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfdniemoeflbhlmcnammemhdahpcjni [2017-08-15] => Error: No automatic fix found for this entry.
CHR Extension: (AVG SafePrice) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-08-15] => Error: No automatic fix found for this entry.
CHR Extension: (ZIP Extractor) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2017-08-15] => Error: No automatic fix found for this entry.
C:\Users\scct\AppData\Roaming\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4AA3BF5A-5860-4096-9AFF-D186CF83355C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AA3BF5A-5860-4096-9AFF-D186CF83355C} => key removed successfully
C:\WINDOWS\System32\Tasks\IObitSelfCheckTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IObitSelfCheckTask => key removed successfully
Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit) => Error: No automatic fix found for this entry.
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies) => Error: No automatic fix found for this entry.
Sky Go Download Player (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\814376323.go.sky.com) (Version: - go.sky.com) => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13816055 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 822834 B
Edge => 5907785 B
Chrome => 569635329 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 4944 B
NetworkService => 6128 B
defaultuser0 => 0 B
scct => 26926156 B

RecycleBin => 0 B
EmptyTemp: => 596.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:20:16 ====
 
Hi,
I'm getting a little confused now, it a little after midnight and my eyes are all logfiled out hahaha, I have posted two logfiles below, not sure which one you needed, thanks for your patience ;)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-08-2017
Ran by scct (administrator) on DESKTOP-TN0A1RB (16-08-2017 23:59:39)
Running from C:\Users\scct\Desktop\fixit
Loaded Profiles: scct (Available Profiles: defaultuser0 & scct)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\scct\Desktop\fixit\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-06-28] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-10] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-11-04] (Siber Systems)
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Run: [Spotify Web Helper] => C:\Users\scct\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-12] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1b30f767-49af-449e-bf96-8bca1f256d62}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{f567b79d-d877-4cd9-a354-819b58d9860e}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: es7scrkr.default
FF ProfilePath: C:\Users\scct\AppData\Roaming\Mozilla\Firefox\Profiles\es7scrkr.default [2017-08-15]
FF Extension: (Shield Recipe Client) - C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-08-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-22] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-17] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-251929532-3862799365-3943777-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\scct\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-06-27] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.co.uk/
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-gb","hxxps://www.facebook.com/","hxxp://www.ebay.co.uk/","hxxp://www.skybet.com/","hxxp://www.bet365.com/","hxxp://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxp://movix.searchalgo.com/search/?category=web&s=vsds&q={searchTerms}
CHR DefaultSearchKeyword: Default -> goMusix
CHR DefaultSuggestURL: Default -> hxxp://sug.searchalgo.com/search/index_sg.php?q={searchTerms}
CHR Profile: C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default [2017-08-16]
CHR Extension: (Google Slides) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-15]
CHR Extension: (Google Docs) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-15]
CHR Extension: (Google Drive) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-15]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-08-15]
CHR Extension: (YouTube) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-15]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-08-15]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-08-15]
CHR Extension: (Google Sheets) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-15]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2017-08-15]
CHR Extension: (Google Docs Offline) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-15]
CHR Extension: (mixMovie Start) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghfmhofojkkfdnlfefhkckbflohgiicn [2017-08-15]
CHR Extension: (Pinterest Save Button) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-08-15]
CHR Extension: (softorama) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfdniemoeflbhlmcnammemhdahpcjni [2017-08-15]
CHR Extension: (Save to Facebook) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-08-15]
CHR Extension: (Search DW) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\loopfhhjebfdiedohdimifdjcdolcljm [2017-08-15]
CHR Extension: (AVG SafePrice) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-08-15]
CHR Extension: (ZIP Extractor) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2017-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-15]
CHR Extension: (Gmail) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-15]
CHR Extension: (Chrome Media Router) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-15]
CHR Extension: (RoboForm Password Manager) - C:\Users\scct\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-08-15]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-10-22]
CHR HKU\S-1-5-21-251929532-3862799365-3943777-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-10-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-30] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-08-10] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-02-17] (Cypress Semiconductor, Inc.) [File not signed]
S3 EtronHub3; C:\WINDOWS\System32\Drivers\EtronHub3.sys [65408 2015-04-17] (Etron Technology Inc) [File not signed]
S3 EtronSTOR; C:\WINDOWS\System32\Drivers\EtronSTOR.sys [39296 2015-04-17] (Etron Technology Inc) [File not signed]
S3 EtronXHCI; C:\WINDOWS\System32\Drivers\EtronXHCI.sys [94208 2015-04-17] (Etron Technology Inc) [File not signed]
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-04] (REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-16] (Malwarebytes)
R1 MpKsl3410e4f1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2EE07034-49DF-44DD-ACD2-C77B2B55CF62}\MpKsl3410e4f1.sys [44928 2017-08-16] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-07-22] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 silabenm; C:\WINDOWS\System32\drivers\silabenm.sys [27336 2011-10-14] (Silicon Laboratories) [File not signed]
S3 TMUSB; C:\WINDOWS\System32\drivers\TMUSB64.SYS [63096 2012-12-05] (Seiko Epson Corporation) [File not signed]
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
R3 vl810filter; C:\WINDOWS\system32\DRIVERS\vl810filter.sys [17008 2011-11-17] (VIA Labs, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 21:58 - 2017-08-16 23:59 - 000000000 ____D C:\Users\scct\Desktop\fixit
2017-08-16 21:05 - 2017-08-16 21:05 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-16 21:05 - 2017-08-16 21:05 - 000000000 ____D C:\ProgramData\RogueKiller
2017-08-16 21:03 - 2017-08-16 21:03 - 026554952 _____ C:\Users\scct\Desktop\RogueKiller_portable64.exe
2017-08-16 20:59 - 2017-08-16 20:59 - 000000000 ____D C:\SecurityCheck
2017-08-16 20:58 - 2017-08-16 20:59 - 000515639 _____ (glax24 (safezone.cc)) C:\Users\scct\Desktop\SecurityCheck.exe
2017-08-16 20:21 - 2017-08-16 20:21 - 000001695 _____ C:\Users\scct\Desktop\ZHPFixReport.txt
2017-08-16 20:20 - 2017-08-16 20:20 - 000000000 ____D C:\Users\scct\Desktop\Quarantine
2017-08-16 20:19 - 2017-08-16 20:19 - 003061760 _____ (Nicolas Coolman) C:\Users\scct\Desktop\ZHPFix.exe
2017-08-15 19:28 - 2017-08-15 19:53 - 000000000 ____D C:\AdwCleaner
2017-08-15 19:28 - 2017-08-15 19:28 - 008185288 _____ (Malwarebytes) C:\Users\scct\Desktop\adwcleaner_7.0.1.0.exe
2017-08-15 19:25 - 2017-08-15 19:26 - 000000085 _____ C:\WINDOWS\wininit.ini
2017-08-15 19:23 - 2017-08-16 21:45 - 000000000 ____D C:\Users\scct\AppData\Roaming\Geek Uninstaller
2017-08-15 19:22 - 2017-08-15 19:22 - 003000643 _____ C:\Users\scct\Desktop\geek.zip
2017-08-15 19:18 - 2017-08-15 19:18 - 000002342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-15 19:18 - 2017-08-15 19:18 - 000002330 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-15 19:17 - 2017-08-15 19:17 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-15 19:17 - 2017-08-15 19:17 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-15 19:16 - 2017-08-15 19:16 - 001130328 _____ (Google Inc.) C:\Users\scct\Downloads\ChromeSetup.exe
2017-08-15 18:53 - 2017-08-15 18:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-15 18:45 - 2017-08-15 18:45 - 001622528 _____ C:\Users\scct\Desktop\ResetBrowser.exe
2017-08-15 18:12 - 2017-08-15 18:12 - 001309184 _____ C:\Users\scct\Desktop\zoek.exe
2017-08-15 18:12 - 2017-08-15 18:12 - 000000000 ____D C:\zoek_backup
2017-08-15 18:05 - 2017-08-16 21:45 - 000000000 ____D C:\ProgramData\ProductData
2017-08-15 17:15 - 2017-08-16 21:59 - 000000000 ____D C:\Users\scct\Desktop\New folder (2)
2017-08-15 17:11 - 2017-08-15 17:12 - 000000000 ____D C:\Users\scct\Desktop\pc logs
2017-08-15 14:24 - 2017-08-16 20:21 - 000000000 ____D C:\Users\scct\AppData\Roaming\ZHP
2017-08-15 14:24 - 2017-08-15 14:59 - 000000000 ____D C:\Users\scct\AppData\Local\ZHP
2017-08-15 14:24 - 2017-08-15 14:24 - 000000864 _____ C:\Users\scct\Desktop\ZHPDiag.lnk
2017-08-15 14:03 - 2017-08-15 14:03 - 002812800 _____ C:\Users\scct\Desktop\ZHPDiag3.exe
2017-08-15 14:02 - 2017-08-15 14:02 - 001790024 _____ (Malwarebytes) C:\Users\scct\Desktop\JRT.exe
2017-08-15 12:42 - 2017-08-16 23:59 - 000000000 ____D C:\FRST
2017-08-15 11:07 - 2017-07-23 22:21 - 000454214 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170815-110708.backup
2017-08-14 12:58 - 2017-08-15 12:37 - 000000000 ____D C:\Users\scct\Desktop\Pics, music, work backups etc
2017-08-14 12:46 - 2017-08-14 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-12 14:11 - 2017-08-12 14:11 - 081719720 _____ (Dropbox, Inc.) C:\Users\scct\Desktop\Dropbox 32.4.23 Offline Installer.exe
2017-08-11 16:33 - 2017-08-12 14:47 - 000000000 ____D C:\Users\scct\Desktop\New folder
2017-08-10 18:03 - 2017-08-10 18:03 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-08-10 18:03 - 2017-08-10 18:03 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-08-10 18:03 - 2017-08-10 18:03 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-08-10 18:03 - 2017-08-10 18:03 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-08-09 18:58 - 2017-08-16 23:21 - 113770496 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-09 18:58 - 2017-08-16 23:21 - 005242880 _____ C:\WINDOWS\system32\config\DEFAULT
2017-08-09 18:58 - 2017-08-16 23:21 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2017-08-09 18:58 - 2017-08-14 19:42 - 000032768 _____ C:\WINDOWS\system32\config\SAM
2017-08-09 18:55 - 2017-07-31 16:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-09 18:55 - 2017-07-31 16:15 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 15:56 - 2014-10-16 10:27 - 000027424 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe
2017-08-09 13:56 - 2017-08-01 03:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 13:56 - 2017-08-01 03:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 13:56 - 2017-08-01 03:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 13:56 - 2017-08-01 03:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 13:56 - 2017-08-01 03:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 13:56 - 2017-08-01 03:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 13:56 - 2017-08-01 03:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 13:56 - 2017-08-01 03:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 13:56 - 2017-08-01 03:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 13:56 - 2017-08-01 03:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 13:56 - 2017-08-01 03:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 13:56 - 2017-08-01 03:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 13:56 - 2017-08-01 03:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 13:56 - 2017-08-01 03:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 13:56 - 2017-08-01 03:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 13:56 - 2017-08-01 03:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 13:56 - 2017-08-01 03:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 13:56 - 2017-08-01 03:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 13:56 - 2017-08-01 03:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 13:56 - 2017-08-01 03:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 13:56 - 2017-08-01 03:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 13:56 - 2017-08-01 03:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 13:56 - 2017-08-01 03:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 13:56 - 2017-08-01 03:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 13:56 - 2017-08-01 03:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 13:56 - 2017-08-01 03:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 13:56 - 2017-08-01 03:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 13:56 - 2017-08-01 03:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 13:56 - 2017-08-01 03:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 13:56 - 2017-08-01 03:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 13:56 - 2017-08-01 03:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 13:56 - 2017-08-01 03:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 13:56 - 2017-08-01 03:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 13:56 - 2017-08-01 03:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 13:56 - 2017-08-01 03:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 13:56 - 2017-08-01 03:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 13:56 - 2017-08-01 03:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 13:56 - 2017-08-01 03:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 13:56 - 2017-08-01 03:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 13:56 - 2017-08-01 03:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 13:56 - 2017-08-01 03:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 13:56 - 2017-08-01 03:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 13:56 - 2017-08-01 03:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 13:56 - 2017-08-01 03:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 13:56 - 2017-08-01 03:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 13:56 - 2017-08-01 03:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 13:56 - 2017-08-01 03:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 13:56 - 2017-08-01 03:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 13:56 - 2017-08-01 02:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 13:56 - 2017-08-01 02:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 13:56 - 2017-08-01 02:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 13:56 - 2017-08-01 02:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 13:56 - 2017-08-01 02:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 13:56 - 2017-08-01 02:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 13:56 - 2017-08-01 02:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 13:56 - 2017-08-01 02:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 13:56 - 2017-08-01 02:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 13:56 - 2017-08-01 02:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 13:56 - 2017-08-01 02:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 13:56 - 2017-08-01 02:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 13:56 - 2017-08-01 02:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 13:56 - 2017-08-01 02:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 13:56 - 2017-08-01 02:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 13:56 - 2017-08-01 02:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 13:56 - 2017-08-01 02:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 13:56 - 2017-08-01 02:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 13:56 - 2017-08-01 02:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 13:56 - 2017-08-01 02:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 13:56 - 2017-08-01 02:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 13:56 - 2017-08-01 02:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 13:56 - 2017-08-01 02:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 13:56 - 2017-08-01 02:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 13:56 - 2017-08-01 02:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 13:56 - 2017-08-01 02:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 13:56 - 2017-08-01 02:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 13:56 - 2017-08-01 02:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 13:56 - 2017-08-01 02:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 13:56 - 2017-08-01 02:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 13:56 - 2017-08-01 02:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 13:56 - 2017-08-01 02:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 13:56 - 2017-08-01 02:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 13:56 - 2017-08-01 02:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 13:56 - 2017-08-01 02:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 13:56 - 2017-08-01 02:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 13:56 - 2017-08-01 02:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 13:56 - 2017-08-01 02:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 13:56 - 2017-08-01 02:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 13:56 - 2017-08-01 02:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 13:56 - 2017-08-01 02:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 13:56 - 2017-07-31 23:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-07 18:24 - 2017-08-09 18:59 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-08-07 18:00 - 2017-08-09 19:00 - 000000000 ____D C:\ProgramData\McAfee
2017-08-07 18:00 - 2017-08-07 18:00 - 000000000 ____D C:\Users\scct\AppData\LocalLow\Adobe
2017-08-07 17:58 - 2017-08-16 21:46 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-08-07 17:58 - 2017-08-07 18:03 - 000000000 ____D C:\ProgramData\Adobe
2017-08-04 23:23 - 2017-08-04 23:23 - 000000106 _____ C:\WINDOWS\SysWOW64\SoftwareCache.ini
2017-08-04 09:10 - 2017-08-03 15:51 - 000395232 __RSH C:\bootmgr
2017-08-04 09:10 - 2017-03-18 21:57 - 000000001 ___SH C:\BOOTNXT
2017-08-03 15:52 - 2017-08-03 15:52 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-03 15:52 - 2017-08-03 15:52 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-03 15:52 - 2017-08-03 15:52 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-03 15:52 - 2017-08-03 15:52 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-03 15:51 - 2017-08-03 15:51 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-03 15:51 - 2017-08-03 15:51 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-03 15:51 - 2017-08-03 15:51 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-03 15:51 - 2017-08-03 15:51 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-03 15:51 - 2017-08-03 15:51 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-07-27 19:32 - 2017-08-03 12:25 - 000000000 ____D C:\Users\scct\AppData\LocalLow\Mozilla
2017-07-27 19:31 - 2017-08-15 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-27 19:31 - 2017-08-15 18:53 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-27 19:31 - 2017-08-15 18:53 - 000001218 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-27 19:31 - 2017-08-15 18:52 - 000000000 ____D C:\Users\scct\AppData\Roaming\Mozilla
2017-07-27 07:57 - 2017-07-27 07:57 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-07-24 21:03 - 2017-08-09 18:58 - 005169152 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2017-07-24 21:03 - 2017-08-09 18:58 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2017-07-24 21:03 - 2017-08-09 18:58 - 000032768 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2017-07-24 21:02 - 2017-08-09 18:58 - 113487872 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2017-07-24 21:02 - 2017-08-09 18:58 - 006369280 _____ C:\WINDOWS\system32\config\DRIVERS.iodefrag.bak
2017-07-24 21:02 - 2017-08-04 09:07 - 047132672 _____ C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
2017-07-24 10:47 - 2017-07-24 10:47 - 044146688 _____ C:\WINDOWS\system32\config\COMPONENTS.iobit
2017-07-24 10:01 - 2017-07-24 10:01 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmonflt.sys.150088689757801
2017-07-23 22:21 - 2017-07-06 19:21 - 000454214 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170723-222143.backup
2017-07-22 17:06 - 2017-07-22 17:06 - 000984032 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-07-20 15:29 - 2016-04-21 10:10 - 000027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 23:22 - 2017-06-20 20:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-16 23:22 - 2017-06-20 19:37 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-16 23:22 - 2017-03-05 01:52 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-16 23:21 - 2017-03-18 12:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-16 23:15 - 2017-06-20 19:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-16 21:47 - 2017-04-13 02:44 - 000000000 ____D C:\Users\scct\AppData\Local\Adobe
2017-08-16 21:47 - 2016-10-22 18:46 - 000000000 ____D C:\Users\scct\AppData\Roaming\Adobe
2017-08-16 21:39 - 2016-10-23 02:57 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-16 09:27 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-15 19:58 - 2016-10-22 20:28 - 000000000 ____D C:\Users\scct\AppData\Roaming\AVG
2017-08-15 19:58 - 2016-10-22 20:24 - 000000000 ____D C:\ProgramData\Avg
2017-08-15 19:58 - 2016-10-22 20:24 - 000000000 ____D C:\Program Files (x86)\AVG
2017-08-15 19:53 - 2016-10-22 21:08 - 000000000 ____D C:\Users\scct\AppData\LocalLow\IObit
2017-08-15 19:53 - 2016-10-22 21:07 - 000000000 ____D C:\Program Files (x86)\IObit
2017-08-15 19:30 - 2016-10-22 20:23 - 000000000 ____D C:\Users\scct\AppData\Local\AvgSetupLog
2017-08-15 19:30 - 2016-10-22 19:08 - 000565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-15 19:26 - 2016-10-22 20:32 - 000000000 ___RD C:\Users\scct\Desktop\PC Progs
2017-08-15 19:18 - 2016-10-22 20:03 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-15 17:58 - 2016-11-15 14:00 - 000000000 ____D C:\Users\scct\AppData\LocalLow\Temp
2017-08-15 17:54 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-15 15:00 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-15 12:28 - 2016-11-04 08:52 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-14 18:03 - 2016-10-31 21:31 - 000000000 ____D C:\Users\scct\AppData\Roaming\Spotify
2017-08-14 18:03 - 2016-10-31 21:31 - 000000000 ____D C:\Users\scct\AppData\Local\Spotify
2017-08-14 13:09 - 2017-06-28 20:33 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-14 12:46 - 2017-01-30 23:45 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-13 01:12 - 2017-06-20 19:39 - 000000000 ____D C:\Users\scct
2017-08-12 14:41 - 2017-01-30 23:48 - 000000000 ___RD C:\Users\scct\Dropbox
2017-08-12 13:54 - 2017-06-20 19:39 - 000000000 ____D C:\Users\defaultuser0
2017-08-11 21:17 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-11 20:28 - 2016-10-22 21:25 - 000000000 ____D C:\Users\scct\AppData\Roaming\vlc
2017-08-11 15:28 - 2016-12-04 14:12 - 000000000 ____D C:\Users\scct\AppData\Roaming\dvdcss
2017-08-10 04:38 - 2016-10-22 18:48 - 000000000 ____D C:\Users\scct\AppData\Local\Comms
2017-08-09 19:01 - 2017-06-20 19:30 - 000380296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 14:02 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 14:00 - 2016-10-22 19:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 13:57 - 2016-10-22 19:07 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 20:25 - 2016-10-22 18:46 - 000000000 ____D C:\Users\scct\AppData\Local\Packages
2017-08-08 12:10 - 2017-06-20 20:10 - 000004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-08 12:10 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 12:10 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-06 16:02 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-04 09:34 - 2016-10-22 18:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-04 09:16 - 2017-06-20 19:56 - 000956190 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-03 22:53 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-28 09:21 - 2016-11-27 09:18 - 000000000 ____D C:\Program Files\Microsoft Office
2017-07-27 07:59 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-27 07:57 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-26 13:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2016-11-02 21:37 - 2016-12-29 14:15 - 000016896 _____ () C:\Users\scct\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-22 20:54 - 2017-06-17 09:32 - 000007597 _____ () C:\Users\scct\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-11 21:18

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by scct (17-08-2017 00:00:45)
Running from C:\Users\scct\Desktop\fixit
Windows 10 Pro Version 1703 (X64) (2017-06-20 19:20:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-251929532-3862799365-3943777-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-251929532-3862799365-3943777-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-251929532-3862799365-3943777-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-251929532-3862799365-3943777-501 - Limited - Disabled)
scct (S-1-5-21-251929532-3862799365-3943777-1001 - Administrator - Enabled) => C:\Users\scct

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Dropbox (HKLM-x32\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
IL-2 Sturmovik: Forgotten Battles (HKLM-x32\...\{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}) (Version: 1.00.0000 - Ubi Soft) Hidden
IncrediMail (HKLM-x32\...\{35505AE1-27E2-4206-B3BF-58771803B8D0}) (Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 55.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.1 (x86 en-US)) (Version: 55.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Pop-Up Blocker Full (HKLM-x32\...\{F0DEA93A-EADB-4D7C-AA2B-DFB356DA886A}) (Version: 1.0.0.0 - )
RamBooster (HKLM-x32\...\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}) (Version: 2.0 - RamBooster) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
RoboForm 7-9-22-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-22-2 - Siber Systems)
Sky Go Download Player (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\814376323.go.sky.com) (Version: - go.sky.com)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.1.201701041432 - Sony Mobile Communications Inc.)
Spotify (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
USB3 Hub FW Upgrade Tool version 0.44 (HKLM-x32\...\USB3 Hub FW Upgrade Tool_is1) (Version: 0.44 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0145679D-9AA8-4E16-8D14-D986C9DDF0BA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-28] (Microsoft Corporation)
Task: {67E05E75-3D8D-4782-8DC4-2FEAB21F1A89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-15] (Google Inc.)
Task: {7D416D6A-C385-4326-A8D1-FEE075196547} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-05] (Piriform Ltd)
Task: {8101CD07-B24E-4813-B865-76110A9B007D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {82EAC355-1270-41EB-8789-122DCB52A061} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-28] (Microsoft Corporation)
Task: {944D5A4C-4954-490D-8F21-288870F264D0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {A1AAE106-E0D2-49F0-91F1-31A7B3C94E3C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {A320E433-CD3F-4CDE-B2C7-82D9058D58AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-15] (Google Inc.)
Task: {A65F6FBC-913B-427F-B573-1D1F8F590029} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-11-04] (Siber Systems)
Task: {BA9E66AF-A86E-4071-B1D9-88C6CCE65F4F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {C1D2EDB8-3103-4473-A10A-888BC7BD5512} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {C73B0EC2-D490-4FF8-974D-B1A487012014} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-30] (Dropbox, Inc.)
Task: {D19A4733-CC73-4F77-8120-8AE5F745A51D} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMJMJHMLMHMKJOJNMCNNJNJOMLJCNLMHMPMNMCNOJOMGMNMCNPMOMIMJMLJHMKMKJPMMMOMJMJNJICMIMCNGMCNNMNMFMOMOMCNMMNMOMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMPMFMMJBJKJLIMJFMOMNMJNHICMMJBJKJLIMJJNBJCMMIMJMJLIJNKJCMJNNICMJNDJCMKJBJJNMJCM (the data entry has 45 more characters).
Task: {DE8D5559-1A95-4FB3-A6BF-D8970AE0426E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-30] (Dropbox, Inc.)
Task: {E7404690-4C79-4BAC-973E-74A6515B7028} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-06-20 19:36 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-06 21:16 - 2017-07-06 21:16 - 008932040 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-03-18 21:59 - 2017-03-19 03:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-15 12:57 - 2017-07-15 12:58 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-15 12:57 - 2017-07-15 12:58 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-15 12:57 - 2017-07-15 12:58 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-15 12:57 - 2017-07-15 12:58 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-08-15 19:18 - 2017-08-11 08:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-15 19:18 - 2017-08-11 08:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7933 more sites.

IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\1-se.com -> 1-se.com

There are 11470 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-08-15 17:58 - 2017-08-15 17:58 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-251929532-3862799365-3943777-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\scct\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{a537a898-3a69-439c-ac72-623b522d78d7}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "XperiaCompanionAgent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{810E4366-7007-4BC8-8760-8CE118A08C6D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7A9FF67-2DE6-475E-AB12-A41311C19DEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A762BAB5-7C7C-43A6-87C8-8F785B6C37E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-08-2017 14:08:21 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2017 11:59:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/16/2017 11:58:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/16/2017 11:58:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/16/2017 11:58:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/16/2017 11:58:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/16/2017 11:58:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/16/2017 11:58:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/16/2017 11:58:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/16/2017 11:58:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/16/2017 11:34:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/16/2017 11:22:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/15/2017 07:58:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/15/2017 07:53:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/15/2017 07:53:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2017-08-15 10:01:36.646
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-15 10:01:36.643
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-15 10:01:36.640
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-15 10:01:36.636
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.860
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.830
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.785
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 31%
Total physical RAM: 8109.11 MB
Available physical RAM: 5573.82 MB
Total Virtual: 9389.11 MB
Available Virtual: 6836.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.61 GB) (Free:34.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1681.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 616D7DD0)
Partition 1: (Active) - (Size=148.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 1140E1A1)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
No worries :) This next scan will take a while so you can sleep while it happens :)

We will need a log from Zemana, can you please download the free trial HERE. Save it to somewhere you can find, double click the downloaded file and start the installation. Accept the default install options and you can safely ignore any security warnings and allow Zemana to complete the install. Once completed click the new desktop icon
zamicon-jpg.786
to open the program. If Zemana opens and informs of any available updates allow it to so. Next change Zemana's default from "Smart Scan" to Deep Scan as shown below.

zem1-jpg.780


Then click scan

zem2-jpg.782


When the scan is complete allow Zemana to Quarantine any infections found by clicking Next


zem3-jpg.783


Once the infections are quarantined a message box will indicate success, then click the logs icon as below.

zem4a-jpg.784


Select the latest scan and choose Open Report from the upper menu. or simply double left click on the scan just run.

zem5-jpg.785


The log will open as a text file. Please Copy and Paste the contents of that file in your next post :)

I'd also recommend removing the below Chrome extensions:

CHR Extension: (IObit Surfing Protection & Ads Removal) <-- Junk
CHR Extension: (mixMovie Start) <-- Possible rogue
CHR Extension: (softorama) <-- Possible rogue
CHR Extension: (AVG SafePrice) <-- AVG is uninstalled so not needed
CHR Extension: (ZIP Extractor) <-- Junk
CHR Extension: (Save to Facebook) <-- If not needed should remove
CHR Extension: (Search DW) <-- If not needed should remove
Click to expand...

and the below Firefox extension:

ZoomVideoPlugin <-- If you don't use Zoom conferencing, this is not needed
Click to expand...
 
Zemana AntiMalware 2.74.2.76 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/8/17
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
BIOS Mode : Legacy
CUID : 1215ADC382175041A86F42
Scan Type : System Scan
Duration : 34m 47s
Scanned Objects : 252032
Detected Objects : 6
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Chrome Startup Url
Status : Scanned
Object : http://www.bet365.com/
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Startup Url

Chrome Startup Url
Status : Scanned
Object : http://www.skybet.com/
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Startup Url

AVG SafePrice
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\mbckjcfnjmoiinpgddefodcighgikkgn
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - AVG SafePrice

Movie Search
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\jmfdniemoeflbhlmcnammemhdahpcjni
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Movie Search

mixMovie Start
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\ghfmhofojkkfdnlfefhkckbflohgiicn
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - mixMovie Start

IObit Surfing Protection & Ads Removal
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\bbmegnmpleoagolcnjnejdacakedpcgd
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - IObit Surfing Protection & Ads Removal


Cleaning Result
-------------------------------------------------------
Cleaned : 6
Reported as safe : 0
Failed : 0
 
:) Thanks again, what is the best way to remove these...
CHR Extension: (IObit Surfing Protection & Ads Removal) <-- Junk
CHR Extension: (mixMovie Start) <-- Possible rogue
CHR Extension: (softorama) <-- Possible rogue
CHR Extension: (AVG SafePrice) <-- AVG is uninstalled so not needed
CHR Extension: (ZIP Extractor) <-- Junk
CHR Extension: (Save to Facebook) <-- If not needed should remove
CHR Extension: (Search DW) <-- If not needed should remove
and the below Firefox extension:
ZoomVideoPlugin <-- If you don't use Zoom conferencing, this is not needed
 
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2017
Ran by scct (18-08-2017 08:01:00)
Running from C:\Users\scct\Desktop\fixit
Windows 10 Pro Version 1703 (X64) (2017-06-20 19:20:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-251929532-3862799365-3943777-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-251929532-3862799365-3943777-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-251929532-3862799365-3943777-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-251929532-3862799365-3943777-501 - Limited - Disabled)
scct (S-1-5-21-251929532-3862799365-3943777-1001 - Administrator - Enabled) => C:\Users\scct

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Dropbox (HKLM-x32\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
IL-2 Sturmovik: Forgotten Battles (HKLM-x32\...\{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}) (Version: 1.00.0000 - Ubi Soft) Hidden
IncrediMail (HKLM-x32\...\{35505AE1-27E2-4206-B3BF-58771803B8D0}) (Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8326.2073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 55.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.1 (x86 en-US)) (Version: 55.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2073 - Microsoft Corporation) Hidden
Pop-Up Blocker Full (HKLM-x32\...\{F0DEA93A-EADB-4D7C-AA2B-DFB356DA886A}) (Version: 1.0.0.0 - )
RamBooster (HKLM-x32\...\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}) (Version: 2.0 - RamBooster) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
RoboForm 7-9-22-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-22-2 - Siber Systems)
Sky Go Download Player (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\814376323.go.sky.com) (Version: - go.sky.com)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.1.201701041432 - Sony Mobile Communications Inc.)
Spotify (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
USB3 Hub FW Upgrade Tool version 0.44 (HKLM-x32\...\USB3 Hub FW Upgrade Tool_is1) (Version: 0.44 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoodooShield version 3.59 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.59 - VoodooSoft, LLC)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
Zoom (HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-17] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-17] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {65B88994-0B5B-4C06-B173-42B7D672A651} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-08-17] (Microsoft Corporation)
Task: {6639A430-42AE-4309-82CC-774E261095A6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-17] ()
Task: {67E05E75-3D8D-4782-8DC4-2FEAB21F1A89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-15] (Google Inc.)
Task: {78A39E6C-AA43-4306-B403-DC77370D4A88} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-10] (Microsoft Corporation)
Task: {7D416D6A-C385-4326-A8D1-FEE075196547} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-05] (Piriform Ltd)
Task: {A1AAE106-E0D2-49F0-91F1-31A7B3C94E3C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {A320E433-CD3F-4CDE-B2C7-82D9058D58AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-15] (Google Inc.)
Task: {A65F6FBC-913B-427F-B573-1D1F8F590029} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-11-04] (Siber Systems)
Task: {B44B2D13-BF9D-4952-A08D-EE5BCB289883} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-10] (Microsoft Corporation)
Task: {C73B0EC2-D490-4FF8-974D-B1A487012014} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-30] (Dropbox, Inc.)
Task: {D19A4733-CC73-4F77-8120-8AE5F745A51D} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMJMJHMLMHMKJOJNMCNNJNJOMLJCNLMHMPMNMCNOJOMGMNMCNPMOMIMJMLJHMKMKJPMMMOMJMJNJICMIMCNGMCNNMNMFMOMOMCNMMNMOMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMPMFMMJBJKJLIMJFMOMNMJNHICMMJBJKJLIMJJNBJCMMIMJMJLIJNKJCMJNNICMJNDJCMKJBJJNMJCM (the data entry has 45 more characters).
Task: {DE8D5559-1A95-4FB3-A6BF-D8970AE0426E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-30] (Dropbox, Inc.)
Task: {E6A89A0A-9139-41AC-B80E-91CEECA813BF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-17] ()
Task: {E7404690-4C79-4BAC-973E-74A6515B7028} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {E7BE95D0-8BCB-489A-AA8B-AD87271EFEA8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-08-17] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-06-20 19:36 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-17 16:04 - 2017-08-17 16:04 - 008929480 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-03-18 21:59 - 2017-03-19 03:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-15 12:57 - 2017-07-15 12:58 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-15 12:57 - 2017-07-15 12:58 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-15 12:57 - 2017-07-15 12:58 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-15 12:57 - 2017-07-15 12:58 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-08-17 18:51 - 2017-05-01 12:35 - 000265040 _____ () C:\Program Files\VoodooShield\Features.dll
2017-08-17 08:40 - 2017-08-17 08:40 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-08-17 08:40 - 2017-08-17 08:40 - 029627904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-17 08:40 - 2017-08-17 08:40 - 000358912 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-17 08:40 - 2017-08-17 08:40 - 002536448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-08-17 08:40 - 2017-08-17 08:40 - 020719104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-17 08:40 - 2017-08-17 08:40 - 002415104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-08-17 08:40 - 2017-08-17 08:40 - 003065856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-08 19:58 - 2017-06-08 19:59 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-15 18:07 - 2017-06-15 18:07 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-17 08:40 - 2017-08-17 08:40 - 001370112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-04-07 13:17 - 2017-04-07 13:18 - 001695440 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8471.57721.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-08-18 07:45 - 2017-08-18 07:45 - 000147656 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8471.57721.0_x64__8wekyb3d8bbwe\textinputdriver.dll
2017-08-15 19:18 - 2017-08-11 08:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-15 19:18 - 2017-08-11 08:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7933 more sites.

IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\1-se.com -> 1-se.com

There are 11470 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-08-15 17:58 - 2017-08-15 17:58 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-251929532-3862799365-3943777-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\scct\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{a537a898-3a69-439c-ac72-623b522d78d7}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-251929532-3862799365-3943777-1001\...\StartupApproved\Run: => "XperiaCompanionAgent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{810E4366-7007-4BC8-8760-8CE118A08C6D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7A9FF67-2DE6-475E-AB12-A41311C19DEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A762BAB5-7C7C-43A6-87C8-8F785B6C37E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{34447F1D-D2CC-4A3E-B0B2-C0C411D24900}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{AE8A76F9-0D73-4543-B9E9-58A000D9A236}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C2496642-3C79-4A0E-B6F4-37BFEA56AA64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{319C9C9F-9B65-46A3-89F1-A2327B0CE093}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{72C5255A-0C23-4068-A360-8BFF650B5A64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2017 07:57:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2017 07:57:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2017 07:57:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2017 07:57:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2017 07:57:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2017 07:57:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2017 07:56:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2017 07:56:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2017 07:56:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2017 07:56:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/17/2017 09:43:10 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/17/2017 06:51:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TN0A1RB)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user DESKTOP-TN0A1RB\scct SID (S-1-5-21-251929532-3862799365-3943777-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (08/17/2017 03:42:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/16/2017 11:22:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/16/2017 11:19:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2017-08-15 10:01:36.646
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-15 10:01:36.643
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-15 10:01:36.640
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-15 10:01:36.636
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.860
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.830
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.785
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-23 20:04:03.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 33%
Total physical RAM: 8109.11 MB
Available physical RAM: 5367.31 MB
Total Virtual: 9069.11 MB
Available Virtual: 6039.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.61 GB) (Free:38 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1681.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 616D7DD0)
Partition 1: (Active) - (Size=148.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 1140E1A1)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
~ ZHPDiag v2017.8.15.140 By Nicolas Coolman (2017/08/15)
~ Run by scct (Administrator) (2017/08/18 08:16:42)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Certificate ZHPDiag: Legal
~ State version: Version KO
~ Mode: Scan
~ Report: C:\Users\scct\Desktop\ZHPDiag.txt
~ Report: C:\Users\scct\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 15063) =>.Microsoft Corporation

---\\ Internet Browsers (4) - 0s
~ GCIE: Google Chrome v60.0.3112.101
~ MFIE: Mozilla Firefox 55.0.1 (x86 en-US)
~ MSIE: Microsoft Edge v40
~ MSIE: Internet Explorer v11.540.15063.0

---\\ Windows Product Information (3) - 0s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK

---\\ System protection software (1) - 2s
Windows Defender (Activate) (Protection)

---\\ System protection software (Superfluous) (1) - 2s
~ Zemana AntiMalware v2.74.0.76 (Superfluous)

---\\ Surveillance software (1) - 3s
~ Adobe Flash Player 26 PPAPI (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 8303.732 MB (65% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 38 GB (%) free of 152 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: DESKTOP-TN0A1RB
~ User Name: scct
~ Logged in as Administrator

---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 38 GB free of 152 GB (System)
~ Drive D: has 1721 GB free of 1907 GB

---\\ State of the Windows Security Center (7) - 0s
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM64\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (24) - 1s
[MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - 07/07/2017 - (.Microsoft Corporation - Windows Explorer.) -- C:\WINDOWS\Explorer.exe [4847424] =>.Microsoft Windows®
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - 07/07/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [68608] =>.Microsoft Corporation
[MD5.0242626678C83AE788C655C1990A3CC3] - 07/07/2017 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\WINDOWS\System32\Wininit.exe [318232] =>.Microsoft Windows Publisher®
[MD5.BC776B6B434641AF71ED0CC00BC859AA] - 07/07/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\WINDOWS\System32\wininet.dll [3307008] =>.Microsoft Corporation
[MD5.31E3287EF6D97C5864A301CEA75BBBA1] - 07/07/2017 - (.Microsoft Corporation - Windows Log-on Application.) -- C:\WINDOWS\System32\Winlogon.exe [706560] =>.Microsoft Corporation
[MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 07/07/2017 - (.Microsoft Corporation - Software Licensing Library.) -- C:\WINDOWS\System32\sppcomapi.dll [414208] =>.Microsoft Corporation
[MD5.0F9FA6A2D4EAE50393DCE473759A9845] - 07/07/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\System32\dnsapi.dll [661224] =>.Microsoft Windows®
[MD5.3F969D5ADEAB3284ABD500B37D74A8F8] - 07/07/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\Syswow64\dnsapi.dll [508344] =>.Microsoft Windows®
[MD5.AC1928C2F7505BD556C552F153B062AB] - 07/07/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys [610712] =>.Microsoft Windows®
[MD5.01733BEEE02E51F712330D5909BD701C] - 07/07/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [29088] =>.Microsoft Windows®
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 07/07/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [93184] =>.Microsoft Corporation
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 07/07/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [160256] =>.Microsoft Corporation
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - 07/07/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [150528] =>.Microsoft Corporation
[MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - 07/07/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys [86528] =>.Microsoft Corporation
[MD5.C6C8315E3262FAE460529C6DA2951682] - 07/07/2017 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [115200] =>.Microsoft Corporation
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - 07/07/2017 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 07/07/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [467352] =>.Microsoft Windows®
[MD5.30C2F67EC84EB11B22011620107E0325] - 07/07/2017 - (.Microsoft Corporation - MBT Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [305152] =>.Microsoft Corporation
[MD5.075F8C81457804BB79DD33FE69A96C57] - 07/07/2017 - (.Microsoft Corporation - NT File System Driver.) -- C:\WINDOWS\System32\drivers\ntfs.sys [2327456] =>.Microsoft Windows®
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - 07/07/2017 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\WINDOWS\System32\drivers\Parport.sys [97792] =>.Microsoft Corporation
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 07/07/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008] =>.Microsoft Corporation
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 07/07/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [183296] =>.Microsoft Corporation
[MD5.D74756DD1518D28A09CDA99696273FA4] - 07/07/2017 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [119712] =>.Microsoft Windows®
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 07/07/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [397216] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (8) - 1s
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) . (.Dropbox, Inc. - Dropbox Update.) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe =>.Dropbox, Inc®
O23 - Service: DbxSvc (DbxSvc) . (.Dropbox, Inc. - Dropbox Service.) - C:\WINDOWS\system32\DbxSvc.exe =>.Dropbox, Inc.
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Malwarebytes Service (MBAMService) . (.Malwarebytes - Malwarebytes Service.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 342.0.) - C:\WINDOWS\system32\nvvsvc.exe =>.NVIDIA Corporation
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®
O23 - Service: VoodooShieldService (VoodooShieldService) . (.VoodooSoft, LLC - VoodooShield.) - C:\Program Files\VoodooShield\VoodooShieldService.exe =>.VoodooSoft, LLC®
O23 - Service: ZAM Controller Service (ZAMSvc) . (.Copyright 2017. - ZAM.) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®

---\\ Services not Microsoft (SR=Run, SS=Stop) (14) - 63s
SS - Demand [07/07/2017] [ 490803] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SS - Demand [07/07/2017] [ 490803] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWOW64\IntelCpHeciSvc.exe =>.Intel(R) pGFX®
SS - Auto [07/07/2017] [ 490803] Dropbox Update Service (dbupdate) (dbupdate) . (.Dropbox, Inc..) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe =>.Dropbox, Inc®
SS - Demand [07/07/2017] [ 490803] Dropbox Update Service (dbupdatem) (dbupdatem) . (.Dropbox, Inc..) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe =>.Dropbox, Inc®
SR - Auto [07/07/2017] [ 490803] DbxSvc (DbxSvc) . (.Dropbox, Inc..) - C:\WINDOWS\system32\DbxSvc.exe =>.Dropbox, Inc®
SS - Auto [07/07/2017] [ 490803] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [07/07/2017] [ 490803] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [07/07/2017] [ 490803] Logitech Bluetooth Service (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe =>.Logitech®
SR - Auto [07/07/2017] [ 490803] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
SS - Demand [07/07/2017] [ 490803] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
SR - Auto [07/07/2017] [ 490803] NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe =>.NVIDIA Corporation®
SR - Auto [07/07/2017] [ 490803] NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®
SR - Auto [07/07/2017] [ 490803] VoodooShieldService (VoodooShieldService) . (.VoodooSoft, LLC.) - C:\Program Files\VoodooShield\VoodooShieldService.exe =>.VoodooSoft, LLC®
SR - Auto [07/07/2017] [ 490803] ZAM Controller Service (ZAMSvc) . (.Copyright 2017..) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®

---\\ Task Planned Automatically (20) - 13s
[MD5.D3E6ADD1B26BC1A450FC4FCCBA5814C7] [APT] [Adobe Flash Player PPAPI Notifier] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [1281024] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.FAE473043FC45F5A8CAECBA72BFD865A] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.75BD58B59D972CD83B674C74B4310869] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [7618776] (.Activate.) =>.Piriform Ltd®
[MD5.A1F58FFF448E4099297D6EE0641D4D0E] [APT] [DropboxUpdateTaskMachineCore] (.Dropbox, Inc..) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144] (.Activate.) =>.Dropbox, Inc®
[MD5.A1F58FFF448E4099297D6EE0641D4D0E] [APT] [DropboxUpdateTaskMachineUA] (.Dropbox, Inc..) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144] (.Activate.) =>.Dropbox, Inc®
[MD5.0545A3EB959CFA4790D267BFB8C1ACA4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168] (.Activate.) =>.Google Inc®
[MD5.0545A3EB959CFA4790D267BFB8C1ACA4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168] (.Activate.) =>.Google Inc®
[MD5.E7E024F0B2264B2B5DBD6B80340D803A] [APT] [Run RoboForm TaskBar Icon] (.Siber Systems.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376] (.Activate.) =>.Siber Systems®
[MD5.47ACB976482456D5F715E182769E3011] [APT] [Microsoft\Office\OfficeBackgroundTaskHandlerRegistration] (.Hewlett-Packard.) -- C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [26312] (.Activate.) =>.Microsoft Corporation®
O39 - APT: DropboxUpdateTaskMachineCore - (.Dropbox, Inc..) -- C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job [932] =>.Dropbox, Inc®
O39 - APT: DropboxUpdateTaskMachineUA - (.Dropbox, Inc..) -- C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job [936] =>.Dropbox, Inc®
O39 - APT: Adobe Flash Player PPAPI Notifier - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier [4598] =>.Adobe Systems Incorporated®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater [4422] =>.Adobe Systems Incorporated®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\WINDOWS\System32\Tasks\CCleanerSkipUAC [2212] =>.Piriform Ltd®
O39 - APT: DropboxUpdateTaskMachineCore - (.Dropbox, Inc..) -- C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore [3226] =>.Dropbox, Inc®
O39 - APT: DropboxUpdateTaskMachineUA - (.Dropbox, Inc..) -- C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA [3450] =>.Dropbox, Inc®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore [3292] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA [3416] =>.Google Inc®
O39 - APT: Unknown - (.RoboForm.) -- C:\WINDOWS\System32\Tasks\Open URL by RoboForm [3544] =>.RoboForm
O39 - APT: Run RoboForm TaskBar Icon - (.Siber Systems.) -- C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon [2934] =>.Siber Systems®

---\\ Auto loading programs from Registry and folders (18) - 1s
O4 - HKLM\..\Run: [SecurityHealth] . (.Microsoft Corporation - Windows Defender notification icon.) -- C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Windows®
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe =>.Intel Corporation
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe =>.Intel Corporation
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp.®
O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe =>.Logitech Inc®
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Update Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe =>.NVIDIA Corporation®
O4 - HKLM\..\Run: [Malwarebytes TrayApp] . (.Malwarebytes - Malwarebytes Tray Application.) -- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe =>.Malwarebytes Corporation®
O4 - HKLM\..\Run: [ZAM] . (.Copyright 2017. - ZAM.) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
O4 - HKLM\..\Run: [VoodooShield] . (.VoodooSoft, LLC - VoodooShield.) -- C:\Program Files\VoodooShield\VoodooShield.exe =>.VoodooSoft, LLC®
O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe =>.Siber Systems®
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\scct\AppData\Roaming\Spotify\SpotifyWebHelper.exe =>.Spotify AB®
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKLM\..\Wow6432Node\Run: [Dropbox] . (.Dropbox, Inc. - Dropbox.) -- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe =>.Dropbox, Inc®
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-21-251929532-3862799365-3943777-1001\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe =>.Siber Systems®
O4 - HKUS\S-1-5-21-251929532-3862799365-3943777-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\scct\AppData\Roaming\Spotify\SpotifyWebHelper.exe =>.Spotify AB®
O4 - HKUS\S-1-5-21-251929532-3862799365-3943777-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®

---\\ Process running (30) - 3s
[MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 342.0.) -- C:\WINDOWS\system32\nvvsvc.exe [0] [PID.1568] =>.NVIDIA Corporation
[MD5.843F16D234D03756B9EB6054B5C62FAA] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [426040] [PID.1604] =>.NVIDIA Corporation®
[MD5.00000000000000000000000000000000] - (.Dropbox, Inc. - Dropbox Service.) -- C:\WINDOWS\system32\DbxSvc.exe [0] [PID.2212] =>.Dropbox, Inc.
[MD5.2F4694158E5D1F5351AD6673FF479B1D] - (.Copyright 2017. - ZAM.) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512] [PID.4388] =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
[MD5.A1F58FFF448E4099297D6EE0641D4D0E] - (.Dropbox, Inc. - Dropbox Update.) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144] [PID.1540] =>.Dropbox, Inc®
[MD5.9C8F57D022F39AD1FF1B07C51A20B562] - (.VoodooSoft, LLC - VoodooShield.) -- C:\Program Files\VoodooShield\VoodooShieldService.exe [129360] [PID.7176] =>.VoodooSoft, LLC®
[MD5.D76E56108E6482905D3FAEA0649919E4] - (.Malwarebytes - Malwarebytes Service.) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736] [PID.9212] =>.Malwarebytes Corporation®
[MD5.C66BCE13DB7C119824839C63FEA226FA] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1208256] [PID.4588] =>.NVIDIA Corporation®
[MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 342.0.) -- C:\WINDOWS\system32\nvvsvc.exe [0] [PID.932] =>.NVIDIA Corporation
[MD5.DBE440017ADEF623761D55B58FBEDE35] - (...) -- C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe [74752] [PID.7084] =>.Skype Technologies
[MD5.2EDBCFD497891D49C17B5158DE698021] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [2453952] [PID.5348] =>.NVIDIA Corporation®
[MD5.0575828C8E273D1D61D887E8C31C2BCF] - (.NVIDIA Corporation - NVIDIA Update Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976] [PID.5896] =>.NVIDIA Corporation®
[MD5.1D03569FDC17A6334B45BA8BA0523761] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824] [PID.8872] =>.Realtek Semiconductor Corp.®
[MD5.948EB9C552C05DF39F79587E6979D9F5] - (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592] [PID.9304] =>.Logitech Inc®
[MD5.34B75780694F0E845892CA09A556A242] - (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe [230344] [PID.3980] =>.Logitech®
[MD5.5602FF42444B4991E69C62E493BDAEC4] - (.Malwarebytes - Malwarebytes Tray Application.) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704] [PID.6680] =>.Malwarebytes Corporation®
[MD5.2F4694158E5D1F5351AD6673FF479B1D] - (.Copyright 2017. - ZAM.) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512] [PID.5876] =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
[MD5.09BB35AA600892CBE4B12864BC8D1E13] - (.VoodooSoft, LLC - VoodooShield.) -- C:\Program Files\VoodooShield\VoodooShield.exe [2443600] [PID.8784] =>.VoodooSoft, LLC®
[MD5.B85C64056D37839D3E99D3F3CECA988C] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe [9772248] [PID.6316] =>.Piriform Ltd®
[MD5.3EE61DFFDA9D8E3803E1B1D04445CF64] - (...) -- C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe [20480] [PID.10764] =>.Microsoft Corporation
[MD5.434777C160E984E84FF60AE84A9FD17E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.4056] =>.Google Inc®
[MD5.434777C160E984E84FF60AE84A9FD17E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.2972] =>.Google Inc®
[MD5.434777C160E984E84FF60AE84A9FD17E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.8684] =>.Google Inc®
[MD5.434777C160E984E84FF60AE84A9FD17E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.1832] =>.Google Inc®
[MD5.434777C160E984E84FF60AE84A9FD17E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.2432] =>.Google Inc®
[MD5.434777C160E984E84FF60AE84A9FD17E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.6124] =>.Google Inc®
[MD5.434777C160E984E84FF60AE84A9FD17E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.6636] =>.Google Inc®
[MD5.434777C160E984E84FF60AE84A9FD17E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848] [PID.7680] =>.Google Inc®
[MD5.0E21E82FCDA7BA6F2D14B8726BE7CA54] - (.Farbar - Farbar Recovery Scan Tool.) -- C:\Users\scct\Desktop\fixit\FRST64 (1).exe [2395648] [PID.6252] =>.Farbar
[MD5.86EBD460621BAB6AFE8595392B0560CA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\scct\Desktop\ZHPDiag3.exe [2812800] [PID.6120] =>.Nicolas Coolman

---\\ Google Chrome, Start,Search,Extensions (28) - 1s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://accounts.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ajax.googleapis.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d1ndl3am21r6ws.cloudfront.net =>.SUP.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d31qbv1cthcecs.cloudfront.net =>.SUP.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://d5nxst8fruw4z.cloudfront.net =>.SUP.CloudfrontNet
G0 - GCSP: Preferences [User Data\Default][HomePage] http://pchelpforum.net
G0 - GCSP: Preferences [User Data\Default][HomePage] http://plus.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] =>.Google Inc. {Slides}
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] =>.Google Inc. {Docs}
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] http://drive.google.com/ =>.Google Inc. {Drive}
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] http://www.youtube.com =>.Youtube {Youtube}
G2 - GCE: Preference [User Data\Default] [dkpejdfnpdkhifgbancbammdijojoffk] Logitech Smooth Scrolling =>.Logitech Inc.
G2 - GCE: Preference [User Data\Default] [fdcgdnkidjaadafnichfpabhfomcebme] ZenMate =>.zenmate.com
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] =>.Google Inc. {Sheets}
G2 - GCE: Preference [User Data\Default] [fllaojicojecljbmefodhfapmkghcbnh] =>.ga-extension-publishers {Désactivation Google Analytics}
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] =>.Google Inc. {Docs hors connexion}
G2 - GCE: Preference [User Data\Default] [gpdjojdkbbmdfjfahjcgigfpmkopogic] =>.pinterest.com {Save Button}
G2 - GCE: Preference [User Data\Default] [jmfikkaogpplgnfjmbjdpalkhclendgd] Save to Facebook =>.Facebook
G2 - GCE: Preference [User Data\Default] [loopfhhjebfdiedohdimifdjcdolcljm] Search DW
G2 - GCE: Preference [User Data\Default] [mbckjcfnjmoiinpgddefodcighgikkgn] AVG SafePrice
G2 - GCE: Preference [User Data\Default] [mmfcakoljjhncfphlflcedhgogfhpbcd] ZIP Extractor =>.zip-extractor
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] =>.Google Inc. {Wallet}
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] http://mail.google.com/ =>.Google Inc. {Gmail}
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pnlccmojcmeohlpggmfnbbiapkmbliob] Click this button to show RoboForm commands =>.roboform.com

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (6) - 0s
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi =>.Mozilla Corporation

---\\ Internet Explorer Extensions, Start, Search (15) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com =>.Google Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com =>.Google Inc.
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com =>.Google Inc.
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ =>.Google Inc.
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com =>.Google Inc.
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com =>.Google Inc.
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ =>.Google Inc.
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com =>.Google Inc.
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com =>.Google Inc.
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (1)

---\\ Browser Helper Object (BHO) (2) - 0s
O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll =>.Microsoft Corporation®
O2 - BHO: Microsoft OneDrive for Business Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®

---\\ Global shortcuts Startup (111) - 4s
O4 - GS\Desktop [Administrator]: Downloads - Shortcut.lnk . (...) D:\Users\scct\Downloads
O4 - GS\Desktop [Administrator]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\Desktop [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Administrator]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\scct\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: IncrediMail 2.0.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\TaskBar [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\scct\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Sky Go Download Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 814376323.go.sky.com =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Smart Defrag.lnk . (.IObit - Smart Defrag 5.) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe =>.IObit Information Technology®
O4 - GS\Programs [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Administrator]: Start Tor Browser.lnk . (.Mozilla Corporation - Tor Browser.) D:\Users\scct\Desktop\Tor Browser\Browser\firefox.exe =>.Mozilla Corporation
O4 - GS\Desktop [defaultuser0]: Downloads - Shortcut.lnk . (...) D:\Users\scct\Downloads
O4 - GS\Desktop [defaultuser0]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\Desktop [defaultuser0]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [defaultuser0]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation
O4 - GS\Desktop [defaultuser0]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\scct\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [defaultuser0]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [defaultuser0]: IncrediMail 2.0.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\sendTo [defaultuser0]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [defaultuser0]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [defaultuser0]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [defaultuser0]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\TaskBar [defaultuser0]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [defaultuser0]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\scct\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [defaultuser0]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [defaultuser0]: Sky Go Download Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 814376323.go.sky.com =>.Microsoft Corporation®
O4 - GS\Programs [defaultuser0]: Smart Defrag.lnk . (.IObit - Smart Defrag 5.) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe =>.IObit Information Technology®
O4 - GS\Programs [defaultuser0]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [defaultuser0]: Start Tor Browser.lnk . (.Mozilla Corporation - Tor Browser.) D:\Users\scct\Desktop\Tor Browser\Browser\firefox.exe =>.Mozilla Corporation
O4 - GS\Desktop [Guest]: Downloads - Shortcut.lnk . (...) D:\Users\scct\Downloads
O4 - GS\Desktop [Guest]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\Desktop [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Guest]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\scct\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: IncrediMail 2.0.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\TaskBar [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\scct\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Sky Go Download Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 814376323.go.sky.com =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Smart Defrag.lnk . (.IObit - Smart Defrag 5.) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe =>.IObit Information Technology®
O4 - GS\Programs [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Guest]: Start Tor Browser.lnk . (.Mozilla Corporation - Tor Browser.) D:\Users\scct\Desktop\Tor Browser\Browser\firefox.exe =>.Mozilla Corporation
O4 - GS\Desktop [scct]: Downloads - Shortcut.lnk . (...) D:\Users\scct\Downloads
O4 - GS\Desktop [scct]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\Desktop [scct]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [scct]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation
O4 - GS\Desktop [scct]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\scct\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [scct]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [scct]: IncrediMail 2.0.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\sendTo [scct]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [scct]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [scct]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [scct]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\TaskBar [scct]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [scct]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\scct\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [scct]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [scct]: Sky Go Download Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 814376323.go.sky.com =>.Microsoft Corporation®
O4 - GS\Programs [scct]: Smart Defrag.lnk . (.IObit - Smart Defrag 5.) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe =>.IObit Information Technology®
O4 - GS\Programs [scct]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [scct]: Start Tor Browser.lnk . (.Mozilla Corporation - Tor Browser.) D:\Users\scct\Desktop\Tor Browser\Browser\firefox.exe =>.Mozilla Corporation
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\CommonDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\scct\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Optional Features.lnk . (.Microsoft Corporation - Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Programs [Public]: Sky Go Download Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 814376323.go.sky.com =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Smart Defrag.lnk . (.IObit - Smart Defrag 5.) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe =>.IObit Information Technology®
O4 - GS\Programs [Public]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\scct\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Programs [Public]: Start Tor Browser.lnk . (.Mozilla Corporation - Tor Browser.) D:\Users\scct\Desktop\Tor Browser\Browser\firefox.exe =>.Mozilla Corporation
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Access 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: IncrediMail.lnk . (.IncrediMail Ltd. - IncrediMail Application.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe =>.IncrediMail, Inc.®
O4 - GS\ProgramsCommon [Public]: Launch RamBooster 2.0.lnk . (.J.Pajula - RamBooster.) D:\Program Files (x86)\RamBooster 2.0\Rambooster.exe
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\ProgramsCommon [Public]: OneDrive for Business.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: OneNote 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Outlook 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: PowerPoint 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Publisher 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Skype for Business 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Word 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{1b30f767-49af-449e-bf96-8bca1f256d62}: DhcpNameServer = 8.8.8.8 8.8.4.4 =>.France Google Cloud
O17 - HKLM\System\CCS\Services\Tcpip\..\{f567b79d-d877-4cd9-a354-819b58d9860e}: DhcpNameServer = 192.168.0.1 =>.Local IP Adress

---\\ Extra protocols (26) - 0s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: mso-minsb-roaming.16 [64Bits] - {83C25742-A9F7-49FB-9138-434302C88D07} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: mso-minsb.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf-roaming.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf.16 [64Bits] - {5504BE45-A83B-4808-900A-3A5C36E7F77A} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation

---\\ Software installed (46) - 7s
O42 - Logiciel: Adobe Flash Player 26 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player PPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: AVG Web TuneUp - (.AVG Technologies.) [HKLM][64Bits] -- AVG Web TuneUp =>.AVG Technologies
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Dropbox - (.Dropbox, Inc..) [HKLM][64Bits] -- Dropbox =>.Dropbox, Inc®
O42 - Logiciel: Dropbox Update Helper - (.Dropbox, Inc..) [HKLM][64Bits] -- {099218A5-A723-43DC-8DB5-6173656A1E94} =>.Dropbox, Inc.
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: IL-2 Sturmovik: Forgotten Battles - (.Ubi Soft.) [HKLM][64Bits] -- {8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3} =>.Ubi Soft
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {35505AE1-27E2-4206-B3BF-58771803B8D0} =>.IncrediMail
O42 - Logiciel: IncrediMail 2.5 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail =>.IncrediMail, Inc.®
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel Corporation.) [HKLM][64Bits] -- {B685D0AD-42A8-4A39-9BFE-8C063FA9AF29} =>.Intel Corporation
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel(R) Corporation.) [HKLM][64Bits] -- {c6cff78a-cccb-49d5-be68-ae0ec5f0d48a} =>.Intel Corporation - Software and Firmware Products®
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {1CEAC85D-2590-4760-800F-8DE5E91F3700} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {60DC6F22-D268-44F0-8720-200033508384} =>.Intel Corporation
O42 - Logiciel: Intel(R) ME UninstallLegacy - (.Intel Corporation.) [HKLM][64Bits] -- {DF17C0DB-76D8-4A45-B26E-674F8455B803} =>.Intel Corporation
O42 - Logiciel: Logitech SetPoint 6.67 - (.Logitech.) [HKLM][64Bits] -- sp6 =>.Logitech®
O42 - Logiciel: Malwarebytes version 3.1.2.1733 - (.Malwarebytes.) [HKLM][64Bits] -- {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1 =>.Malwarebytes Corporation®
O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- OneDriveSetup.exe =>.Microsoft Corporation®
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: Mozilla Firefox 55.0.1 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 55.0.1 (x86 en-US) =>.Mozilla Corporation®
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: NVIDIA 3D Vision Driver 342.01 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Control Panel 342.01 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Graphics Driver 342.01 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo =>.NVIDIA Corporation®
O42 - Logiciel: NVIDIA Update 10.4.0 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Update Core - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core =>.NVIDIA Corporation
O42 - Logiciel: Office 16 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-007E-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Pop-Up Blocker Full - (..) [HKLM][64Bits] -- {F0DEA93A-EADB-4D7C-AA2B-DFB356DA886A}
O42 - Logiciel: RamBooster - (.RamBooster.) [HKLM][64Bits] -- {ADE3CACC-EC31-480C-83A0-587EE60CE8DF}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp.®
O42 - Logiciel: RoboForm 7-9-22-2 (All Users) - (.Siber Systems.) [HKLM][64Bits] -- AI RoboForm =>.Siber Systems®
O42 - Logiciel: Sky Go Download Player - (.go.sky.com.) [HKCU][64Bits] -- 814376323.go.sky.com
O42 - Logiciel: Sony Mobile Update Engine - (.Sony Mobile Communications Inc..) [HKLM][64Bits] -- Update Engine =>.Sony Mobile Communications Inc.
O42 - Logiciel: Spotify - (.Spotify AB.) [HKCU][64Bits] -- Spotify =>.Spotify AB®
O42 - Logiciel: USB3 Hub FW Upgrade Tool version 0.44 - (..) [HKLM][64Bits] -- USB3 Hub FW Upgrade Tool_is1
O42 - Logiciel: Visual Studio 2012 x64 Redistributables - (.AVG Technologies.) [HKLM][64Bits] -- {8C775E70-A791-4DA8-BCC3-6AB7136F4484} =>.AVG Technologies
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM][64Bits] -- {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: VoodooShield version 3.59 - (.VoodooSoft, LLC.) [HKLM][64Bits] -- {A8644328-A66F-490E-B8FA-901FF649189D}_is1 =>.VoodooSoft, LLC
O42 - Logiciel: Windows 10 Update and Privacy Settings - (.Microsoft Corporation.) [HKLM][64Bits] -- {293F2009-0145-450B-B4AA-063D43FB368C} =>.Microsoft Corporation
O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM][64Bits] -- {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.
O42 - Logiciel: Zoom - (.Zoom Video Communications, Inc..) [HKCU][64Bits] -- ZoomUMX =>.Zoom Video Communications, Inc.®

---\\ HKCU & HKLM Software Keys (74) - 7s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\AVG =>.AVG Software
HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp =>.AVG Web TuneUp
HKLM\SOFTWARE\Wow6432Node\Dropbox =>.Dropbox
HKLM\SOFTWARE\Wow6432Node\DropboxUpdate =>.Dropbox Inc.
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\IncrediMail =>.IncrediMail
HKLM\SOFTWARE\Wow6432Node\InstallShield =>.InstallShield
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\Intel Security =>.Intel Security
HKLM\SOFTWARE\Wow6432Node\IObit =>.IObit
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Logitech =>.Logitech
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\McAfee =>.McAfee Inc.
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\PocketSoft
HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited =>.Safer Networking Limited
HKLM\SOFTWARE\Wow6432Node\Siber Systems =>.Siber Systems
HKLM\SOFTWARE\Wow6432Node\Sony Mobile =>.Sony Corporation
HKLM\SOFTWARE\Wow6432Node\TrendMicro =>.TrendMicro
HKLM\SOFTWARE\Wow6432Node\Ubi Soft =>.Ubi Soft
HKLM\SOFTWARE\Wow6432Node\Ubi Soft Entertainment Inc.
HKLM\SOFTWARE\Wow6432Node\Usb3HubFWUpgrade
HKLM\SOFTWARE\Wow6432Node\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\wtu =>.WTU
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\Avg =>.AVG Software
HKCU\SOFTWARE\AVG SafePrice =>.AVG Software
HKCU\SOFTWARE\Avg Secure Update =>.AVG Software
HKCU\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\Dropbox =>.Dropbox
HKCU\SOFTWARE\DropboxUpdate =>.Dropbox Inc.
HKCU\SOFTWARE\FTweak =>.FTweak
HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\IncrediMail =>.IncrediMail
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\Intel Security =>.Intel Security
HKCU\SOFTWARE\IObit =>.IObit
HKCU\SOFTWARE\Logitech =>.Logitech
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Safer Networking Limited =>.Safer Networking Limited
HKCU\SOFTWARE\Siber Systems =>.Siber Systems
HKCU\SOFTWARE\Spotify =>.Spotify
HKCU\SOFTWARE\SyncEngines =>.Microsoft Corporation
HKCU\SOFTWARE\TrueKey =>.Intel Corporation
HKCU\SOFTWARE\Ubi Soft =>.Ubi Soft
HKCU\SOFTWARE\VB and VBA Program Settings =>.Microsoft Corporation
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\PasswordBox =>.PasswordBox Inc

---\\ Contents of the Common Files folders (209) - 3s
O43 - CFD: 22/10/2016 - [] AD -- C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 17/08/2017 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Program Files\Logitech =>.Logitech Inc®
O43 - CFD: 05/03/2017 - [] D -- C:\Program Files\Malwarebytes =>.Malwarebytes
O43 - CFD: 17/08/2017 - [] AD -- C:\Program Files\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 27/11/2016 - [] D -- C:\Program Files\Microsoft Office 15 =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] AD -- C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\Program Files\Realtek =>.Realtek
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 23/10/2016 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] AD -- C:\Program Files\UNP =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Program Files\VideoLAN =>.VideoLan Team
O43 - CFD: 17/08/2017 - [] AD -- C:\Program Files\VoodooShield
O43 - CFD: 14/07/2017 - [] RD -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files\Windows Defender Advanced Threat Protection =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Security =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] SHD -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 18/08/2017 - [] HD -- C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 16/08/2017 - [0] D -- C:\Program Files (x86)\Adobe =>.Adobe
O43 - CFD: 15/08/2017 - [] D -- C:\Program Files (x86)\AVG =>.AVG Software
O43 - CFD: 15/08/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 07/12/2016 - [] D -- C:\Program Files (x86)\directx =>.Microsoft Corporation
O43 - CFD: 14/08/2017 - [] D -- C:\Program Files (x86)\Dropbox =>.Dropbox, Inc®
O43 - CFD: 15/08/2017 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 05/07/2017 - [] AD -- C:\Program Files (x86)\IncrediMail =>.IncrediMail, Inc.®
O43 - CFD: 07/12/2016 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield
O43 - CFD: 09/03/2017 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 15/08/2017 - [] D -- C:\Program Files (x86)\IObit =>.IObit
O43 - CFD: 15/06/2017 - [] D -- C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 15/08/2017 - [] AD -- C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
O43 - CFD: 15/08/2017 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 14/12/2016 - [] D -- C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Program Files (x86)\Pop-Up Blocker Full
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Program Files (x86)\Siber Systems =>.Siber Systems®
O43 - CFD: 07/12/2016 - [] D -- C:\Program Files (x86)\Ubi Soft =>.Ubi Soft
O43 - CFD: 07/12/2016 - [] D -- C:\Program Files (x86)\ubi.com
O43 - CFD: 20/06/2017 - [0] HD -- C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 31/10/2016 - [] AD -- C:\Program Files (x86)\USB3 Hub FW Upgrade Tool
O43 - CFD: 14/07/2017 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] SHD -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 17/08/2017 - [] AD -- C:\Program Files (x86)\Zemana AntiMalware =>.Zemana
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 14/07/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 14/07/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen =>.AVG
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 14/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox =>.Dropbox
O43 - CFD: 05/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 05/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail =>.IncrediMail
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech =>.Logitech
O43 - CFD: 18/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 17/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes =>.Malwarebytes
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm =>.Siber Systems Inc.
O43 - CFD: 07/08/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft =>.Ubi Soft
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ubi.com
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB3 Hub FW Upgrade Tool
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLan Team
O43 - CFD: 17/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
O43 - CFD: 17/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware =>.Zemana
O43 - CFD: 07/08/2017 - [] D -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 20/06/2017 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 15/08/2017 - [] AD -- C:\ProgramData\Avg =>.AVG Software
O43 - CFD: 21/06/2017 - [] HD -- C:\ProgramData\Common Files =>.Microsoft Corporation
O43 - CFD: 23/10/2016 - [0] D -- C:\ProgramData\Comms =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 30/01/2017 - [] D -- C:\ProgramData\Dropbox =>.Dropbox
O43 - CFD: 17/01/2017 - [] D -- C:\ProgramData\Gaijin =>.Gaijin Entertainment
O43 - CFD: 22/10/2016 - [] D -- C:\ProgramData\IM =>.IncrediMail Ltd
O43 - CFD: 22/10/2016 - [] D -- C:\ProgramData\IncrediMail =>.IncrediMail
O43 - CFD: 04/11/2016 - [] D -- C:\ProgramData\Intel =>.Intel Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\ProgramData\Logishrd =>.Logitech Inc.
O43 - CFD: 05/03/2017 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 09/08/2017 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 25/04/2017 - [] D -- C:\ProgramData\MFAData =>.AVG Software
O43 - CFD: 20/06/2017 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
O43 - CFD: 17/08/2017 - [] D -- C:\ProgramData\NVIDIA =>.nVidia Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 12/01/2017 - [] D -- C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 15/08/2017 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 16/08/2017 - [] D -- C:\ProgramData\ProductData =>.Microsoft Corporation
O43 - CFD: 17/08/2017 - [] AD -- C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\ProgramData\RoboForm =>.Siber Systems Inc.
O43 - CFD: 16/08/2017 - [] D -- C:\ProgramData\RogueKiller =>.Adlice Software
O43 - CFD: 18/03/2017 - [0] D -- C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
O43 - CFD: 12/01/2017 - [] D -- C:\ProgramData\Sony Mobile =>.Sony Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 18/08/2017 - [] D -- C:\ProgramData\VoodooShield
O43 - CFD: 18/01/2017 - [] D -- C:\ProgramData\WarThunder =>.Games Software
O43 - CFD: 19/03/2017 - [] D -- C:\ProgramData\WindowsHolographicDevices =>.Microsoft Corporation
O43 - CFD: 16/08/2017 - [] AD -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 07/12/2016 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 15/08/2017 - [] D -- C:\Program Files (x86)\Common Files\IObit =>.IObit
O43 - CFD: 20/06/2017 - [] AD -- C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 07/12/2016 - [] D -- C:\Program Files (x86)\Common Files\PocketSoft
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 16/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 12/01/2017 - [] D -- C:\Users\scct\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 15/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\AVG =>.AVG Software
O43 - CFD: 30/01/2017 - [] D -- C:\Users\scct\AppData\Roaming\Dropbox =>.Dropbox
O43 - CFD: 11/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\dvdcss =>.VideoLan Team
O43 - CFD: 16/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
O43 - CFD: 06/03/2017 - [] D -- C:\Users\scct\AppData\Roaming\GitHub =>.GitHub
O43 - CFD: 13/05/2017 - [] D -- C:\Users\scct\AppData\Roaming\Google =>.Google
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\Logishrd =>.Logitech Inc.
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\Logitech =>.Logitech
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 17/08/2017 - [] SD -- C:\Users\scct\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 15/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\RoboForm =>.Siber Systems Inc.
O43 - CFD: 31/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\Skype =>.Skype
O43 - CFD: 14/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\Spotify =>.Spotify
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Roaming\TuneUp Software =>.TuneUp Software
O43 - CFD: 11/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\vlc =>.VideoLan Team
O43 - CFD: 18/08/2017 - [] D -- C:\Users\scct\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 27/06/2017 - [] D -- C:\Users\scct\AppData\Roaming\Zoom =>.ZOOM
O43 - CFD: 16/08/2017 - [] D -- C:\Users\scct\AppData\Local\Adobe =>.Adobe
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\scct\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 06/03/2017 - [] D -- C:\Users\scct\AppData\Local\Apps =>.Microsoft Corporation
O43 - CFD: 06/07/2017 - [] D -- C:\Users\scct\AppData\Local\Avg =>.AVG Software
O43 - CFD: 15/08/2017 - [] D -- C:\Users\scct\AppData\Local\AvgSetupLog =>.AVG Software
O43 - CFD: 31/10/2016 - [] D -- C:\Users\scct\AppData\Local\CEF =>.CEF
O43 - CFD: 10/08/2017 - [] D -- C:\Users\scct\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 21/06/2017 - [] D -- C:\Users\scct\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
O43 - CFD: 22/06/2017 - [0] D -- C:\Users\scct\AppData\Local\DBG =>.DBG
O43 - CFD: 26/07/2017 - [] D -- C:\Users\scct\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 17/07/2017 - [] D -- C:\Users\scct\AppData\Local\Dropbox =>.Dropbox
O43 - CFD: 17/01/2017 - [] D -- C:\Users\scct\AppData\Local\Gaijin =>.Gaijin Entertainment
O43 - CFD: 06/03/2017 - [] D -- C:\Users\scct\AppData\Local\GitHub =>.GitHub
O43 - CFD: 07/11/2016 - [] D -- C:\Users\scct\AppData\Local\Google =>.Google
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\scct\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 31/10/2016 - [] D -- C:\Users\scct\AppData\Local\IM =>.IncrediMail Ltd
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Local\MFAData =>.AVG Software
O43 - CFD: 17/08/2017 - [] D -- C:\Users\scct\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 14/12/2016 - [] D -- C:\Users\scct\AppData\Local\NVIDIA =>.nVidia Corporation
O43 - CFD: 08/08/2017 - [] D -- C:\Users\scct\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [0] D -- C:\Users\scct\AppData\Local\PeerDistRepub =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 14/08/2017 - [] D -- C:\Users\scct\AppData\Local\Spotify =>.Spotify
O43 - CFD: 18/08/2017 - [] D -- C:\Users\scct\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\scct\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Users\scct\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 15/06/2017 - [] D -- C:\Users\scct\AppData\Local\UNP =>.Microsoft Corporation
O43 - CFD: 23/05/2017 - [] D -- C:\Users\scct\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 17/08/2017 - [] D -- C:\Users\scct\AppData\Local\Zemana =>.Zemana
O43 - CFD: 15/08/2017 - [] D -- C:\Users\scct\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 22/10/2016 - [0] D -- C:\Users\scct\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 04/08/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 20/06/2017 - [] D -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComputerHelp.com Software
O43 - CFD: 20/06/2017 - [] D -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc =>.GitHub
O43 - CFD: 18/03/2017 - [] D -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 04/08/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 27/06/2017 - [] D -- C:\Users\scct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom =>.ZOOM
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 20/06/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Avg =>.AVG Software
O43 - CFD: 15/08/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\AvgSetupLog =>.AVG Software
O43 - CFD: 26/06/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Dropbox =>.Dropbox
O43 - CFD: 20/06/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 26/06/2017 - [0] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\PeerDistRepub =>.Microsoft Corporation
O43 - CFD: 17/08/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Zemana =>.Zemana
O43 - CFD: 26/06/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\Dropbox =>.Dropbox
O43 - CFD: 15/08/2017 - [0] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\IObit =>.IObit

---\\ ShellIconOverlayIdentifiers (SIOI) (19) - 1s
O106 - SIOI: DropboxExt1 Class [ DropboxExt01] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt7 Class [ DropboxExt02] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt9 Class [ DropboxExt03] - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt3 Class [ DropboxExt04] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt2 Class [ DropboxExt05] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt4 Class [ DropboxExt06] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt5 Class [ DropboxExt07] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt8 Class [ DropboxExt08] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt10 Class [ DropboxExt09] - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: DropboxExt6 Class [ DropboxExt10] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. - Dropbox Shell Extension.) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.18.0.dll =>.Dropbox, Inc®
O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: ReadOnlyOverlayHandler Class [ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\scct\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL =>.Microsoft Corporation®

---\\ Image File Execution Options (18) - 1s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\\3] =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialisation Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\MRT.exe - (.Microsoft Corporation - Microsoft Windows Malicious Software Remova.) [CFGOptions\\1] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\\1118481] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\\4294967296] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\\32768] =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation

---\\ System Drivers List (84) - 6s
O58 - SDL:2017/03/18 21:56:25 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\WINDOWS\System32\drivers\3ware.sys [107424] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys [1135512] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys [83352] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys [259488] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys [27040] =>.Microsoft Windows®
O58 - SDL:2016/11/04 10:22:42 A . (.Alcor Micro, Corp. - Alocr Micro USB Mass Storage Driver.) -- C:\WINDOWS\System32\drivers\AmUStor.sys [90264] =>.AlcorMicro, Corp.®
O58 - SDL:2017/03/18 21:56:25 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2017/03/18 21:56:23 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) -- C:\WINDOWS\System32\drivers\bxvbda.sys [533920] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) -- C:\WINDOWS\System32\drivers\cht4dx64.sys [102816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) -- C:\WINDOWS\System32\drivers\cht4sx64.sys [347032] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) -- C:\WINDOWS\System32\drivers\cht4vx64.sys [2104224] =>.Microsoft Windows®
O58 - SDL:2016/02/17 15:37:20 A . (.Cypress Semiconductor, Inc. - Trackpad Driver.) -- C:\WINDOWS\System32\drivers\cysmb.sys [10752] =>.Cypress Semiconductor, Inc.
O58 - SDL:2017/08/10 18:03:40 A . (.Dropbox, Inc. - Dropbox Filter Driver.) -- C:\WINDOWS\System32\drivers\dbx-canary.sys [45640] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2017/08/10 18:03:40 A . (.Dropbox, Inc. - Dropbox Filter Driver.) -- C:\WINDOWS\System32\drivers\dbx-dev.sys [45672] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2017/08/10 18:03:40 A . (.Dropbox, Inc. - Dropbox Filter Driver.) -- C:\WINDOWS\System32\drivers\dbx-stable.sys [45640] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2015/04/17 10:23:15 A . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- C:\WINDOWS\System32\drivers\EtronHub3.sys [65408] =>.Etron Technology Inc
O58 - SDL:2015/04/17 10:23:15 A . (.Etron Technology Inc - Etron Enhance USB Mass Storage Driver..) -- C:\WINDOWS\System32\drivers\EtronSTOR.sys [39296] =>.Etron Technology Inc
O58 - SDL:2015/04/17 10:23:15 A . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- C:\WINDOWS\System32\drivers\EtronXHCI.sys [94208] =>.Etron Technology Inc
O58 - SDL:2017/03/18 21:56:23 A . (.QLogic Corporation - QLogic 10 GigE VBD.) -- C:\WINDOWS\System32\drivers\evbda.sys [3419040] =>.Microsoft Windows®
O58 - SDL:2017/03/18 23:56:41 A . (.Malwarebytes - Malwarebytes Anti-Ransomware Protection.) -- C:\WINDOWS\System32\drivers\farflt.sys [111544] =>.Malwarebytes Corporation®
O58 - SDL:2010/10/19 23:34:26 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\HECIx64.sys [56344] =>.Intel Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:23 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
O58 - SDL:2017/03/18 21:56:19 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
O58 - SDL:2017/03/18 21:56:26 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAV.sys [673184] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\WINDOWS\System32\drivers\ibbus.sys [526240] =>.Microsoft Windows®
O58 - SDL:2017/03/09 02:16:06 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\WINDOWS\System32\drivers\igdkmd64.sys [5382856] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2015/06/18 03:25:00 A . (.Logitech, Inc. - Logitech HID Filter Driver..) -- C:\WINDOWS\System32\drivers\LHidFilt.Sys [86672] =>.Logitech Inc®
O58 - SDL:2015/06/18 03:25:00 A . (.Logitech, Inc. - Logitech Mouse Filter Driver..) -- C:\WINDOWS\System32\drivers\LMouFilt.Sys [69264] =>.Logitech Inc®
O58 - SDL:2016/10/22 22:21:51 A . (.Logitech, Inc. - Logitech Non-Plug and Play Driver..) -- C:\WINDOWS\System32\drivers\LNonPnP.sys [18960] =>.Logitech®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys [108960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys [123808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys [103328] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
O58 - SDL:2007/05/09 21:46:36 A . (.Logitech Inc. - Audio filter for Express Plus.) -- C:\WINDOWS\System32\drivers\lv302a64.sys [16032] =>.Logitech Inc®
O58 - SDL:2007/05/09 22:46:48 A . (.Logitech Inc. - Logitech QuickCam Driver.) -- C:\WINDOWS\System32\drivers\LV302V64.SYS [1127328] =>.Logitech Inc®
O58 - SDL:2007/05/09 21:50:48 A . (.Logitech Inc. - USB Statistic Driver.) -- C:\WINDOWS\System32\drivers\LVUSBS64.sys [50208] =>.Logitech Inc®
O58 - SDL:2017/06/27 12:06:28 A . (...) -- C:\WINDOWS\System32\drivers\mbae64.sys [77376] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 23:56:37 A . (.Malwarebytes - Malwarebytes Real-Time Protection.) -- C:\WINDOWS\System32\drivers\mbam.sys [43968] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/05 02:02:22 A . (.Malwarebytes - Malwarebytes Chameleon.) -- C:\WINDOWS\System32\drivers\MBAMChameleon.sys [186304] =>.Malwarebytes Corporation®
O58 - SDL:2017/08/17 19:00:01 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys [59808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\MegaSas2i.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys [575904] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - MLX4 Bus Driver.) -- C:\WINDOWS\System32\drivers\mlx4_bus.sys [842656] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
O58 - SDL:2017/03/19 00:00:47 A . (.Malwarebytes - Malwarebytes Web Protection.) -- C:\WINDOWS\System32\drivers\mwac.sys [92088] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\WINDOWS\System32\drivers\ndfltr.sys [108960] =>.Microsoft Windows®
O58 - SDL:2016/12/09 12:39:04 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\WINDOWS\System32\drivers\nvhda64v.sys [206776] =>.NVIDIA Corporation®
O58 - SDL:2016/12/09 12:45:46 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys [12914360] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [150432] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
O58 - SDL:2015/11/20 00:05:20 A . (.NVIDIA Corporation - Stereoscopic 3D USB controller driver.) -- C:\WINDOWS\System32\drivers\nvstusb.sys [460776] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys [58784] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
O58 - SDL:2017/07/22 17:06:32 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.40 64-bit Dr.) -- C:\WINDOWS\System32\drivers\rt640x64.sys [984032] =>.Realtek Semiconductor Corp.®
O58 - SDL:2017/06/28 20:20:36 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RTKVHD64.sys [5545512] =>.Realtek Semiconductor Corp.®
O58 - SDL:2017/03/18 21:56:26 A . (...) -- C:\WINDOWS\System32\drivers\SDFRd.sys [31128] =>.Microsoft Windows®
O58 - SDL:2011/10/14 17:13:26 A . (.Silicon Laboratories - Silicon Labs VCP Serial Enumerator.) -- C:\WINDOWS\System32\drivers\silabenm.sys [27336] =>.Silicon Laboratories
O58 - SDL:2017/03/18 21:56:25 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys [44960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys [81824] =>.Microsoft Windows®
O58 - SDL:2014/12/22 20:52:54 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ve.) -- C:\WINDOWS\System32\drivers\ssudbus.sys [103448] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2017/03/18 21:56:25 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys [31136] =>.Microsoft Windows®
O58 - SDL:2016/04/21 10:10:04 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) -- C:\WINDOWS\System32\drivers\tap0901.sys [27136] =>.The OpenVPN Project
O58 - SDL:2015/07/07 21:45:12 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [184608] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O58 - SDL:2012/12/05 08:27:46 A . (.Seiko Epson Corporation - EPSON USB Device Driver for TM/BA/EU Printe.) -- C:\WINDOWS\System32\drivers\TMUSB64.SYS [63096] =>.Seiko Epson Corporation
O58 - SDL:2017/08/16 21:05:43 A . (...) -- C:\WINDOWS\System32\drivers\TrueSight.sys [28272] =>.Adlice®
O58 - SDL:2014/08/16 00:35:00 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\System32\drivers\usbaapl64.sys [54784] =>.Apple, Inc.
O58 - SDL:2011/11/17 19:34:04 A . (.VIA Labs, Inc. - VL810FILTER.sys.) -- C:\WINDOWS\System32\drivers\vl810filter.sys [17008] =>.VIA Technologies Inc.®
O58 - SDL:2017/03/18 21:56:25 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\WINDOWS\System32\drivers\vsmraid.sys [166816] =>.Microsoft Windows®
O58 - SDL:2016/08/18 18:17:00 A . (.VoodooSoft, LLC - VSScanner Filter driver.) -- C:\WINDOWS\System32\drivers\vsscanner.sys [29808] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2017/03/18 21:56:25 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305568] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - Kernel WinMad.) -- C:\WINDOWS\System32\drivers\winmad.sys [32160] =>.Microsoft Windows®
O58 - SDL:2017/03/18 21:56:25 A . (.Mellanox - Kernel WinVerbs.) -- C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®
O58 - SDL:2017/08/17 00:25:09 A . (.Zemana Ltd. - ZAM.) -- C:\WINDOWS\System32\drivers\zam64.sys [203680] =>.Zemana Ltd.®
O58 - SDL:2017/08/17 00:25:09 A . (.Zemana Ltd. - ZAM.) -- C:\WINDOWS\System32\drivers\zamguard64.sys [203680] =>.Zemana Ltd.®

---\\ Last modified or created user files (3) - 31s
O61 - LFC: 2017/08/12 17:04:30 A . (..) -- C:\Users\scct\AppData\Roaming\Spotify\natives_blob.bin [334730] =>.Spotify
O61 - LFC: 2017/08/12 17:04:30 A . (..) -- C:\Users\scct\AppData\Roaming\Spotify\snapshot_blob.bin [963964] =>.Spotify
O61 - LFC: 2017/08/16 20:59:02 A . (.glax24 (safezone.cc).) -- C:\Users\scct\Desktop\PC Progs\SecurityCheck.exe [515639]

---\\ File Associations Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: <Firefox-E7CF176E110C211B> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <Firefox-E7CF176E110C211B> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialisation Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <Firefox-E7CF176E110C211B> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialisation Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <Firefox-E7CF176E110C211B> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialisation Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

---\\ Search Browser Infection (1) - 0s
O69 - SBI: SearchScopes [HKCU] {96BBC430-9900-4299-9F5D-7951AB36EFDF} [DefaultScope] - (Google) - http://www.google.com/ =>.Google Inc.

---\\ Search Svchost Services (48) - 1s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smart card Certificate Propagatio.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smart card Certificate Propagatio.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [303104] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\WINDOWS\System32\gpsvc.dll [1269248] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\WINDOWS\System32\ikeext.dll [934912] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\WINDOWS\System32\iphlpsvc.dll [996864] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Log-on Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\WINDOWS\System32\appinfo.dll [138752] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\WINDOWS\system32\iscsiexe.dll [150016] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\WINDOWS\System32\eapsvc.dll [108032] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\WINDOWS\system32\schedsvc.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [221696] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [133120] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\WINDOWS\system32\profsvc.dll [413696] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\WINDOWS\System32\wercplsupport.dll [92672] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [192512] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\WINDOWS\System32\XblGameSave.dll [1135104] =>.Microsoft Corporation
O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) -- C:\WINDOWS\System32\NaturalAuth.dll [723968] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\WINDOWS\system32\wlidsvc.dll [2155008] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\WINDOWS\System32\usermgr.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\WINDOWS\System32\XblAuthManager.dll [1015296] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) -- C:\Windows\System32\Windows.Internal.Management.dll [536064] =>.Microsoft Corporation
O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) -- C:\WINDOWS\System32\xbgmsvc.dll [301216] =>.Microsoft Windows Publisher®
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\WINDOWS\system32\themeservice.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) -- C:\Windows\System32\TokenBroker.dll [1052160] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) -- C:\WINDOWS\System32\lfsvc.dll [43520] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) -- C:\WINDOWS\System32\irmon.dll [24576] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [104448] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [873472] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [490496] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\System32\sens.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\System32\ipnathlp.dll [537600] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [306688] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\WINDOWS\system32\wuaueng.dll [2444288] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\System32\qmgr.dll [1159680] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [612864] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) -- C:\WINDOWS\system32\flightsettings.dll [699904] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) -- C:\WINDOWS\system32\WpnService.dll [276480] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\WINDOWS\System32\bdesvc.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) -- C:\WINDOWS\system32\usocore.dll [681984] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) -- C:\WINDOWS\System32\NetSetupSvc.dll [261632] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\WINDOWS\System32\DeviceSetupManager.dll [233984] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\WINDOWS\System32\ncasvc.dll [167424] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) -- C:\WINDOWS\System32\XboxGipSvc.dll [18944] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [196096] =>.Microsoft Corporation

---\\ Additional Scan (O88) (1) - 1s
~ No malicious or unnecessary items found.

---\\ Summary of the elements found (1) - 0s
https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/ =>.SUP.CloudfrontNet

~ Unselected Options:
~ End of the scan, 15808 items in 06mn08s (960)(0)
 
Status
Not open for further replies.
Top Bottom