Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

web-start.org, 3s amazonaws, superfluous, outbound, Win 10 recurring infections


  • This topic is locked This topic is locked
28 replies to this topic

#1 Acinonyx

Acinonyx

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:44 AM

Posted 16 October 2016 - 10:55 AM

Hey there,  :busy: 
 
I am having for more than a month severe problems with my PC :smash: With a basic knowledge handling possible PC attacks & risks, I have used Malwarebytes, ADW cleaner, ZHPCleaner, ZHPDiag3, aswmbr, etc. Nothing helped to remove the virus(es) as pop-ups continue to invade my screen and I have been locked down twice by a s3 amazonaws blue screen (pics below)... Restarted and freshly reinstalled ALL browsers, extensions deleted, and so on, but web-start and superfluous pages continue to appear and with a clean restart, things seem to be OK just for a couple of hours then a row of viruses/malware reappear again. My PC is going extremely "lazy", Windows Defender & IObit Malware Fighter continuously deactivating themselves, my files sometimes closing and opening for no reason, etc. Yesterday, Malwarebytes detected and blocked several times an outbound security issue when trying to send some reports through Skype! Then, I have seen this forum and performed the FRST.

 
I use this (basic-configuration) computer for work, so apart from asking for "cleaning" help, I would like to ask you additional questions IN CASE you might clarify some of them as well   :blink: :

  • I use my bank and card accounts for online payments -- should I block them?
  • I have ALL my websites interbond on the same PC -- should I change every single account's settings? 
  • Should I tell my clients that some of the protocols I have sent lately might present "security issues"?  :unsure:
  • What about my passwords that have been saved to automatically log-in?
  • What about the back-up on another drive, are those files  infected as well?
  • I have 2 Androids synchronized  -- should I restore them to "factory settings"? 

Thank you in advance for your (earliest) attention!  :bowdown: 
 
Best regards,
 
Acinonyx

                    
........|\___/|
........)'•...•'(
......=\=.Y.=/=
.........\ -''-/ 
.........)===(..._
......../........\....\\
.......|.m..m.|...//   
....../............\.// 
......\............//  
____/\___/\__

 
The FRST file:
   Attached File  FRST.txt   167.88KB   6 downloads
The Addition file:
   Attached File  Addition.txt   35.29KB   5 downloads

The Search dll file:

  Attached File  Search.txt   1.39KB   2 downloads
s3 amazonaws lock-down screens (2 events, screenshots from the 1st one):
   IMAG2359.jpg
IMAG2365.jpg
IMAG2368.jpg
 
Malwarebytes Skype outbound block:
virus.PNG


Edited by Acinonyx, 16 October 2016 - 11:11 AM.


BC AdBot (Login to Remove)

 


#2 Acinonyx

Acinonyx
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:44 AM

Posted 17 October 2016 - 11:12 AM

Hey, :idea:  just checking in case someone is willing to post an answer/opinion on my post Thanks!



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 20 October 2016 - 08:39 AM

Greetings Acinonyx and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please rename frst.exe to frstenglish.exe and run another scan. Please do not select MD5 information. Copy and paste both FRST.txt and Addition.txt reports in your reply.

Edited by Oh My!, 20 October 2016 - 08:42 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Acinonyx

Acinonyx
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:44 AM

Posted 22 October 2016 - 11:08 AM

Hi Gary,  :orange: 
 
First of all, thank you for helping me out.
 
Here there are the new scans:
FRST

Attached File  FRST.txt   125.04KB   3 downloads
Addition
Attached File  Addition.txt   34.85KB   2 downloads
 
Best regards,
Simona 
 

Acinonyx

                    
........|\___/|
........)'•...•'(
......=\=.Y.=/=
.........\ -''-/ 
.........)===(..._
......../........\....\\
.......|.m..m.|...//   
....../............\.// 
......\............//  
____/\___/\__

 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 22 October 2016 - 03:28 PM

Greetings Simona.

You are most welcome. It does not appear the FRST file was renamed to frstenglish. Please try it one more time. If you could copy and paste the logs in your reply rather than attach them that would help a lot.

Thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Acinonyx

Acinonyx
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:44 AM

Posted 22 October 2016 - 05:07 PM

:oopsign: Gary, my mistake! I am so French  :notanangel:  that I misread the instruction, sorry! 
 
 
FRST

 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by Acinonyx (administrator) on ACINONYX-PC (22-10-2016 23:44:10)
Running from D:\programm\FRST
Loaded Profiles: Acinonyx (Available Profiles: Acinonyx)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: French (France)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(IObit) C:\Program Files\IObit\Smart Defrag\SmartDefrag.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\BrownyInd\Brother\BrIndicator.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
() C:\Windows\System32\Codecs\UpdateChecker.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFTips.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) D:\programm\FRST\frstenglish.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2013-01-23] (Brother Industries, Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14696704 2016-04-30] (Realtek Semiconductor)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsInd00] => C:\Program Files\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5989664 2016-08-19] (IObit)
HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2023712 2016-07-27] (IObit)
HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\Run: [codec Pack Update Checker] => C:\WINDOWS\system32\Codecs\UpdateChecker.exe [55992 2015-10-07] ()
HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\Run: [SmartRAM] => C:\Program Files\IObit\Advanced SystemCare\Suo10_SmartRAM.exe [561440 2016-01-05] (IObit)
HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\Run: [GoogleChromeAutoLaunch_9DEFA08D46C237F8534E2876CABE262C] => C:\Program Files\Google\Chrome\Application\chrome.exe [921192 2016-10-12] (Google Inc.)
HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\MountPoints2: {3f3e32b1-9203-11e6-b41e-c89cdc2a59ec} - "G:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{283770b0-7703-4e1f-8ec2-b4a3560bff4e}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-10-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-19] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: roslei0d.default
FF ProfilePath: C:\Users\Acinonyx\AppData\Roaming\Mozilla\Firefox\Profiles\roslei0d.default [2016-10-22]
FF user.js: detected! => C:\Users\Acinonyx\AppData\Roaming\Mozilla\Firefox\Profiles\roslei0d.default\user.js [2016-10-15]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\roslei0d.default -> Google
FF Extension: (YouTube Flash® Player) - C:\Users\Acinonyx\AppData\Roaming\Mozilla\Firefox\Profiles\roslei0d.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2016-09-03]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Acinonyx\AppData\Roaming\Mozilla\Firefox\Profiles\roslei0d.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-09-03]
FF Extension: (Video DownloadHelper) - C:\Users\Acinonyx\AppData\Roaming\Mozilla\Firefox\Profiles\roslei0d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-13]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-19] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-19] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome:
=======
CHR DefaultSearchKeyword: Default -> Website, templates, template, how to make a website, website templates, website builder, make your own website, create a website, creating a website, website template, website layout, site traffic, building your own website, advertise your business, money making website promote your business, promoting your website, do it yourself website builder, pre-built websiteswebsite builder, web site builder, web builder, create a website, build a website, easy website creator, easy website builder, best website builder, website maker, free website builder, free website maker, search engine friendly, search engine optimized pageswebsite builder, build a website, make a website, website creator, site maker, professional, pro, professionals, make your own websitewebsite builder, web site builder, free website builder, shopping cart, build website, build a Web site, building a Web site, site builder,  Soholaunch, soholaunch.comflash website builder, flash web design software, free flash templates, website builder
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default [2016-10-22]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-07-05]
CHR Extension: (Duolingo sur le Web) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-07-05]
CHR Extension: (Theme Creator) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2016-07-05]
CHR Extension: (Google Drive) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-05]
CHR Extension: (YouTube) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-05]
CHR Extension: (Adblock pour Youtube) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-10-17]
CHR Extension: (Clipchamp - convert, compress, record video) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\delkpojpfkkfgmknffmblbhmlamkjioi [2016-10-05]
CHR Extension: (Bouton Pin It) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-10-20]
CHR Extension: (Developer Tools) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\holhpdfhbdhieddbpppnglddplfhopfi [2016-07-05]
CHR Extension: (Word Count Tool) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjgdahgcdkpdlbkadidojhfddflblcm [2016-09-25]
CHR Extension: (Sway) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfhhppdnlcjfbbfnfahlibfhbdogdjmc [2016-09-20]
CHR Extension: (Grammarly for Chrome) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-10-01]
CHR Extension: (Codenvy) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefigjbiimiemfhjmibbgemkpenelmag [2016-08-05]
CHR Extension: (HUMAN 3.0) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\meefjekipolcgabfgaclcpdkbghhmoah [2016-07-05]
CHR Extension: (Superbe capture d'écran : capturer et annoter) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-10-22]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-05]
CHR Extension: (ImTranslator: Traducteur, Dictionnaire, Voix) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-10-17]
CHR Extension: (Birdhouse for Autism) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\omehdhccbjjobcofeeloidmnmilefdhp [2016-08-27]
CHR Extension: (Website Builder) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\omhcjmddnjjnjbmhlnopnboinfjjgacm [2016-07-05]
CHR Extension: (Gmail) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-05]
CHR Extension: (Chrome Media Router) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-14]
CHR Extension: (Scraper) - C:\Users\Acinonyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\poegfpiagjgnenagjphgdklmgcpjaofi [2016-09-21]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [741568 2016-07-18] (Adobe Systems Incorporated)
R2 AdvancedSystemCareService9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [452384 2016-07-25] (IObit)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2288320 2016-10-08] (Microsoft Corporation)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1600288 2016-07-26] (IObit)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-10-14] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide; C:\WINDOWS\System32\drivers\amdide.sys [13848 2016-05-01] (Advanced Micro Devices Inc.)
S3 cpuz138; C:\Users\Acinonyx\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [27832 2016-10-19] (CPUID)
R2 DokanMb; C:\WINDOWS\System32\DRIVERS\dokanMb.sys [46112 2015-07-28] (MegaBackup Corp)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-07-06] (REALiX™)
R3 IMFFilter; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys [21184 2016-04-01] (IObit)
S3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [32808 2015-09-21] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S0 megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [56672 2016-10-14] (Avago Technologies)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2016-07-27] (IObit.com)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [790272 2016-05-01] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [304344 2016-10-22] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [18800 2016-03-22] (IObit)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-22 20:18 - 2016-10-22 20:18 - 00095808 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
2016-10-22 20:18 - 2016-10-22 20:18 - 00091152 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT3.sys
2016-10-22 20:18 - 2016-10-22 20:18 - 00000300 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Acinonyx.job
2016-10-22 20:03 - 2016-10-22 20:18 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-10-22 20:03 - 2016-10-22 20:03 - 03568856 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCRU32.exe
2016-10-22 20:03 - 2016-10-22 20:03 - 00304344 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2016-10-22 19:37 - 2016-10-22 19:37 - 65302528 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2016-10-22 19:37 - 2016-10-22 19:37 - 00516096 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2016-10-22 19:37 - 2016-10-22 19:37 - 00077824 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-10-22 19:37 - 2016-10-22 19:37 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-10-22 19:26 - 2016-10-22 20:19 - 00002249 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2016-10-22 19:26 - 2016-10-22 19:26 - 00002117 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-10-22 19:26 - 2016-10-22 19:26 - 00000334 _____ C:\WINDOWS\Backup.ini
2016-10-22 19:26 - 2016-10-22 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2016-10-22 19:25 - 2016-10-22 20:03 - 00002124 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-10-22 19:25 - 2016-10-22 19:25 - 00000260 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_Système.job
2016-10-21 03:32 - 2016-10-21 03:32 - 00001244 _____ C:\Users\Public\Desktop\Cstream Video.lnk
2016-10-21 03:32 - 2016-10-21 03:32 - 00000000 ____D C:\Users\Acinonyx\AppData\Local\Cstream Video
2016-10-21 03:32 - 2016-10-21 03:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cstream Video
2016-10-21 03:32 - 2016-10-21 03:32 - 00000000 ____D C:\Program Files\Cstream
2016-10-20 21:13 - 2016-10-20 21:14 - 00279916 _____ C:\WINDOWS\Minidump\102016-59656-01.dmp
2016-10-20 06:28 - 2016-10-20 06:56 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\IQ Option
2016-10-20 06:28 - 2016-10-20 06:28 - 00001062 _____ C:\Users\Public\Desktop\IQ Option.lnk
2016-10-20 06:27 - 2016-10-21 17:42 - 00000000 ____D C:\Program Files\IQ Option
2016-10-20 06:27 - 2016-10-20 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IQ Option
2016-10-20 06:27 - 2016-10-20 06:27 - 00000000 ____D C:\WINDOWS\system32\directx
2016-10-19 16:56 - 2016-10-19 16:56 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-10-19 03:22 - 2016-10-19 03:22 - 00000182 _____ C:\Users\Acinonyx\Desktop\eDex.url
2016-10-16 18:39 - 2016-10-16 18:41 - 00000000 ____D C:\Program Files\DriveImage XML
2016-10-16 18:39 - 2016-10-16 18:39 - 00001015 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2016-10-16 16:07 - 2016-10-16 16:07 - 00000000 ____D C:\Users\Acinonyx\Documents\Add-in Express
2016-10-16 05:02 - 2016-10-16 05:02 - 00000000 ____D C:\Users\Acinonyx\AppData\Local\IsolatedStorage
2016-10-16 05:01 - 2016-10-18 10:58 - 00000000 ____D C:\Program Files\MegaBackup Corp
2016-10-16 05:00 - 2016-10-16 05:05 - 00000000 ____D C:\ProgramData\MegaBackup Corp
2016-10-16 04:51 - 2016-10-20 02:43 - 00000000 ____D C:\Windows10Upgrade
2016-10-16 04:51 - 2016-10-16 04:51 - 00000763 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-10-16 03:17 - 2016-10-22 23:44 - 00000000 ____D C:\FRST
2016-10-16 02:15 - 2016-10-20 21:13 - 325855210 _____ C:\WINDOWS\MEMORY.DMP
2016-10-16 02:15 - 2016-10-20 21:13 - 00000000 ____D C:\WINDOWS\Minidump
2016-10-15 03:47 - 2016-10-15 03:47 - 00007607 _____ C:\Users\Acinonyx\AppData\Local\Resmon.ResmonCfg
2016-10-15 03:42 - 2016-10-15 03:42 - 05971968 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2016-10-15 01:29 - 2016-10-15 01:29 - 02457088 _____ C:\Users\Acinonyx\ZHPCleaner.exe
2016-10-14 08:13 - 2016-10-03 22:09 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-10-14 08:13 - 2016-10-03 22:09 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-10-14 06:13 - 2016-10-14 06:13 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-10-14 06:08 - 2016-10-14 13:51 - 00000000 ____D C:\Users\Acinonyx\AppData\Local\ConnectedDevicesPlatform
2016-10-14 06:08 - 2016-10-14 06:08 - 00000020 ___SH C:\Users\Acinonyx\ntuser.ini
2016-10-14 06:01 - 2016-10-15 02:13 - 00000000 ___DC C:\WINDOWS\Panther
2016-10-14 05:56 - 2016-10-14 05:17 - 00000000 ____D C:\Windows.old
2016-10-14 05:50 - 2016-10-14 05:50 - 20965248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 12174848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-10-14 05:50 - 2016-10-14 05:50 - 07625728 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 07467520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 06654616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 06534656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 06015840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 05683712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 04970224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 04557824 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 03716096 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 03595264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 03369984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-10-14 05:50 - 2016-10-14 05:50 - 02749440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02423296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02360832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02256592 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02254336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02107392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-10-14 05:50 - 2016-10-14 05:50 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01968480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 01966288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01957216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 01938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01935360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01897824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01853232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01842688 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01774080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01724584 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01700864 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01583112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01524224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01438720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01362504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01344992 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01321472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 01283584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01276608 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01144600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 01135616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01123328 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01112576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01097568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01072280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-14 05:50 - 2016-10-14 05:50 - 01056768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01022304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01015648 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00959104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00955528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00949600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00946272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00920576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00892008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-14 05:50 - 2016-10-14 05:50 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00868704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-10-14 05:50 - 2016-10-14 05:50 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00860512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00856872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00834128 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00823808 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00798504 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00784576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00781664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00702416 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00614752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00601200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00589144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00583648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00581672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00570720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00564488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00557920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00550240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00496872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00491008 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00484544 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00470368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00461312 _____ (Microsoft) C:\WINDOWS\system32\DbgModel.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkCollectionAgent.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-14 05:50 - 2016-10-14 05:50 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00433832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00432328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00402352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00399712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrGidsHandler.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00356704 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00356704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00342368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00340320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00320152 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00315736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00292184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-14 05:50 - 2016-10-14 05:50 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00290264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00279416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeunlock.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00265728 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00262960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00260448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataExchange.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2016-10-14 05:50 - 2016-10-14 05:50 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00231776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00229888 _____ C:\WINDOWS\system32\wc_storage.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-10-14 05:50 - 2016-10-14 05:50 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAC3ENC.DLL
2016-10-14 05:50 - 2016-10-14 05:50 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00175968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00170448 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvenotify.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-10-14 05:50 - 2016-10-14 05:50 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveprompt.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00154976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00145248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovslegacy.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00141824 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00133296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00127168 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00125792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00113504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\baaupdate.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00106336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00094560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00094528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00092000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00083120 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwrshplugin.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConfigureExpandedStorage.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Sens.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00056672 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00054624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundMediaPolicy.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00043944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ffbroker.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00036704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeui.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00021344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-10-14 05:50 - 2016-10-14 05:50 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-10-14 05:50 - 2016-10-14 05:50 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-10-14 05:50 - 2016-10-14 05:50 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-10-14 05:50 - 2016-10-14 05:50 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-10-14 05:50 - 2016-10-14 05:50 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-10-14 05:48 - 2016-10-14 05:48 - 00000000 ____D C:\ProgramData\USOShared
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default\Voisinage réseau
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default\Voisinage d'impression
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default\Modèles
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default\Mes documents
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default\Menu Démarrer
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default\Documents\Mes vidéos
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default\Documents\Mes images
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default\Documents\Ma musique
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historique
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default User\Documents\Mes vidéos
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default User\Documents\Mes images
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default User\Documents\Ma musique
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2016-10-14 05:47 - 2016-10-14 05:47 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Historique
2016-10-14 05:45 - 2016-10-14 05:46 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2016-10-14 05:45 - 2016-10-14 05:46 - 00011433 _____ C:\WINDOWS\diagerr.xml
2016-10-14 05:41 - 2016-07-15 19:45 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2016-10-14 05:41 - 2016-07-15 19:45 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2016-10-14 05:41 - 2016-07-15 19:29 - 05489664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2016-10-14 05:40 - 2016-07-15 19:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2016-10-14 05:40 - 2016-07-15 19:45 - 04164608 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0002.dll
2016-10-14 05:40 - 2016-07-15 19:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2016-10-14 05:40 - 2016-07-15 19:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2016-10-14 05:40 - 2016-07-15 19:42 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0002.dll
2016-10-14 05:40 - 2016-07-15 19:42 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2016-10-14 05:40 - 2016-07-15 19:41 - 00355840 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2016-10-14 05:40 - 2016-07-15 19:41 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2016-10-14 05:40 - 2016-07-15 19:39 - 11670528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2016-10-14 05:40 - 2016-07-15 19:39 - 01868800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS2.dll
2016-10-14 05:40 - 2016-07-15 19:38 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2016-10-14 05:40 - 2016-07-15 19:37 - 01074176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2016-10-14 05:40 - 2016-07-15 19:35 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2016-10-14 05:40 - 2016-07-15 19:32 - 03701248 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2016-10-14 05:40 - 2016-07-15 19:31 - 04977664 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2016-10-14 05:40 - 2016-07-15 19:29 - 00953344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2016-10-14 05:40 - 2016-07-15 19:29 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2016-10-14 05:40 - 2016-07-15 19:29 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2016-10-14 05:40 - 2016-07-15 19:28 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2016-10-14 05:40 - 2016-07-15 19:28 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2016-10-14 05:40 - 2016-07-15 19:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2016-10-14 05:37 - 2016-10-22 20:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-14 05:37 - 2016-10-14 05:37 - 00021680 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-10-14 05:29 - 2016-10-14 05:29 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-10-14 05:26 - 2016-10-14 05:26 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-10-14 05:26 - 2016-10-14 05:26 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-14 05:19 - 2016-10-14 05:19 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2016-10-14 05:16 - 2016-10-14 05:27 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-10-14 05:12 - 2016-10-22 19:37 - 00000000 ____D C:\Users\Acinonyx
2016-10-14 05:12 - 2016-10-14 05:32 - 00000000 ____D C:\Users\DefaultAppPool
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Voisinage réseau
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Voisinage d'impression
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Modèles
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Mes documents
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Menu Démarrer
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Mes vidéos
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Mes images
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Ma musique
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Historique
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\Acinonyx\Voisinage réseau
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\Acinonyx\Voisinage d'impression
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\Acinonyx\Modèles
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\Acinonyx\Mes documents
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\Acinonyx\Menu Démarrer
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\Acinonyx\Documents\Mes vidéos
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\Acinonyx\Documents\Mes images
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\Acinonyx\Documents\Ma musique
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\Acinonyx\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2016-10-14 05:12 - 2016-10-14 05:12 - 00000000 _SHDL C:\Users\Acinonyx\AppData\Local\Historique
2016-10-14 05:08 - 2016-10-14 05:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-10-14 05:08 - 2016-10-14 05:08 - 00000000 ____D C:\ProgramData\AMD
2016-10-14 05:07 - 2016-10-16 05:04 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-14 05:07 - 2016-10-14 05:08 - 00000000 ____D C:\Program Files\ATI Technologies
2016-10-14 05:07 - 2016-10-14 05:07 - 00000000 ____D C:\WINDOWS\system32\sda
2016-10-14 05:06 - 2016-10-14 05:31 - 00000000 ____D C:\WINDOWS\system32\RTCOM
2016-10-14 05:06 - 2016-10-14 05:06 - 00000000 ____D C:\Program Files\Realtek
2016-10-14 05:06 - 2016-10-14 05:06 - 00000000 ____D C:\Program Files\AMD
2016-10-14 05:06 - 2016-10-14 05:06 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-10-14 05:05 - 2016-10-14 05:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-10-14 05:03 - 2016-10-22 23:21 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-10-14 05:03 - 2016-10-15 04:46 - 00338360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-14 05:03 - 2016-10-14 05:03 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-10-13 05:53 - 2016-10-13 05:53 - 00000000 ____D C:\KVRT_Data
2016-10-13 05:23 - 2016-03-25 14:33 - 00111392 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2016-10-11 11:48 - 2016-10-14 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-10-11 11:48 - 2016-10-11 11:51 - 00000000 ____D C:\Program Files\ZHPFix
2016-10-11 04:13 - 2016-10-15 01:29 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\ZHP
2016-10-11 04:08 - 2016-10-22 22:23 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-11 04:08 - 2016-10-14 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-11 04:08 - 2016-10-11 04:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-11 04:08 - 2016-10-11 04:08 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-11 04:08 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-10-11 04:08 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-11 04:08 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-10-10 16:46 - 2016-10-10 16:46 - 00000000 ____D C:\Users\Acinonyx\AppData\LocalLow\uTorrent
2016-10-10 05:11 - 2016-10-10 05:11 - 00000000 ____D C:\Users\Acinonyx\Documents\Artisteer Templates
2016-10-10 04:18 - 2016-10-10 04:18 - 00000000 ____D C:\Users\Acinonyx\AppData\Local\Apple Computer
2016-10-10 04:17 - 2016-10-10 04:17 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\Artisteer
2016-10-05 11:09 - 2016-10-05 11:09 - 00000000 ____D C:\Program Files\Sublime Text 3
2016-10-03 19:05 - 2016-10-04 01:31 - 00000000 ____D C:\Users\Acinonyx\Calibre Library
2016-09-30 09:50 - 2016-09-30 09:50 - 00000000 ____D C:\ProgramData\Adobe
2016-09-27 13:27 - 2016-09-27 13:27 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-09-27 09:02 - 2016-10-14 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2016-09-27 09:02 - 2016-09-27 09:02 - 00000000 ____D C:\Program Files\WinHTTrack
2016-09-23 23:10 - 2010-06-02 05:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-09-23 23:10 - 2010-05-26 12:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-09-23 23:10 - 2010-05-26 12:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-09-23 23:10 - 2010-05-26 12:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-09-23 23:10 - 2010-02-04 11:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-09-23 23:10 - 2010-02-04 11:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-09-23 23:10 - 2010-02-04 11:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-09-23 23:10 - 2010-02-04 11:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-09-23 23:10 - 2009-09-04 18:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-09-23 23:10 - 2009-09-04 18:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-09-23 23:10 - 2009-09-04 18:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-09-23 23:10 - 2009-09-04 18:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-09-23 23:10 - 2009-09-04 18:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-09-23 23:10 - 2009-09-04 18:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-09-23 23:10 - 2009-09-04 18:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-09-23 23:10 - 2009-03-16 15:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-09-23 23:10 - 2009-03-16 15:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-09-23 23:10 - 2009-03-16 15:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-09-23 23:10 - 2009-03-09 16:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-09-23 23:10 - 2008-10-27 11:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-09-23 23:10 - 2008-10-27 11:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-09-23 23:10 - 2008-10-27 11:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-09-23 23:10 - 2008-10-27 11:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-09-23 23:10 - 2008-10-10 05:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-09-23 23:10 - 2008-10-10 05:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-09-23 23:10 - 2008-10-10 05:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-09-23 23:10 - 2008-07-31 11:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-09-23 23:10 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-09-23 23:10 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-09-23 23:10 - 2008-07-10 12:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-09-23 23:10 - 2008-07-10 12:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-09-23 23:10 - 2008-07-10 12:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-09-23 23:10 - 2008-05-30 15:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2016-09-23 23:10 - 2008-05-30 15:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2016-09-23 23:10 - 2008-05-30 15:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2016-09-23 23:10 - 2008-05-30 15:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2016-09-23 23:10 - 2008-05-30 15:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2016-09-23 23:10 - 2008-05-30 15:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2016-09-23 23:10 - 2008-05-30 15:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2016-09-23 23:10 - 2008-03-05 17:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2016-09-23 23:10 - 2008-03-05 17:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2016-09-23 23:10 - 2008-03-05 17:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2016-09-23 23:10 - 2008-03-05 16:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2016-09-23 23:10 - 2008-03-05 16:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2016-09-23 23:10 - 2008-02-06 00:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2016-09-23 23:10 - 2007-10-22 04:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2016-09-23 23:10 - 2007-10-22 04:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2016-09-23 23:10 - 2007-10-12 16:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2016-09-23 23:10 - 2007-10-12 16:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2016-09-23 23:10 - 2007-10-02 10:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2016-09-23 23:10 - 2007-07-20 01:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2016-09-23 23:10 - 2007-07-19 19:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2016-09-23 23:10 - 2007-07-19 19:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2016-09-23 23:10 - 2007-07-19 19:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2016-09-23 23:10 - 2007-06-20 21:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2016-09-23 23:10 - 2007-05-16 17:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2016-09-23 23:10 - 2007-05-16 17:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2016-09-23 23:10 - 2007-05-16 17:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2016-09-23 23:10 - 2007-04-04 19:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2016-09-23 23:10 - 2007-04-04 19:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-09-23 23:10 - 2007-03-15 17:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2016-09-23 23:10 - 2007-03-12 17:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2016-09-23 23:10 - 2007-03-12 17:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2016-09-23 23:10 - 2007-03-05 13:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2016-09-23 23:10 - 2007-01-24 16:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2016-09-23 23:09 - 2006-12-08 13:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2016-09-23 23:09 - 2006-11-29 14:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2016-09-23 23:09 - 2006-09-28 17:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2016-09-23 23:09 - 2006-09-28 17:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2016-09-23 23:09 - 2006-07-28 10:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2016-09-23 23:09 - 2006-07-28 10:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2016-09-23 23:09 - 2006-05-31 08:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2016-09-23 23:09 - 2006-03-31 13:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2016-09-23 23:09 - 2006-03-31 13:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2016-09-23 23:09 - 2006-03-31 13:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2016-09-23 23:09 - 2006-02-03 09:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2016-09-23 23:09 - 2006-02-03 09:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2016-09-23 23:09 - 2006-02-03 09:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2016-09-23 23:09 - 2005-12-05 19:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2016-09-23 23:09 - 2005-07-22 20:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2016-09-23 23:09 - 2005-05-26 16:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2016-09-23 23:09 - 2005-03-18 18:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2016-09-23 23:09 - 2005-02-05 20:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2016-09-22 16:45 - 2016-09-22 16:45 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-09-22 11:43 - 2016-10-14 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-09-22 11:43 - 2016-09-22 11:43 - 00002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-09-22 11:43 - 2016-09-22 11:43 - 00002476 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-09-22 11:43 - 2016-09-22 11:43 - 00002470 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-09-22 11:43 - 2016-09-22 11:43 - 00002433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-09-22 11:43 - 2016-09-22 11:43 - 00002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-09-22 11:43 - 2016-09-22 11:43 - 00002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-09-22 11:43 - 2016-09-22 11:43 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-22 22:23 - 2016-07-06 13:33 - 00000000 ____D C:\ProgramData\ProductData
2016-10-22 20:25 - 2016-07-16 19:15 - 00572178 _____ C:\WINDOWS\system32\perfh00C.dat
2016-10-22 20:25 - 2016-07-16 19:15 - 00107896 _____ C:\WINDOWS\system32\perfc00C.dat
2016-10-22 20:25 - 2016-07-05 17:52 - 01605470 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-22 20:20 - 2016-07-16 04:22 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-10-22 20:18 - 2016-07-16 10:28 - 00000000 ____D C:\WINDOWS\INF
2016-10-22 19:43 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-22 19:26 - 2016-07-06 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-10-22 19:25 - 2016-07-06 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-10-22 19:25 - 2016-07-06 13:29 - 00000000 ____D C:\ProgramData\IObit
2016-10-22 18:31 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-10-22 18:18 - 2016-07-11 23:18 - 00000000 ____D C:\Users\Acinonyx\AppData\Local\ElevatedDiagnostics
2016-10-21 23:28 - 2016-07-05 20:44 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\Skype
2016-10-21 17:33 - 2016-07-16 10:29 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-21 05:48 - 2016-07-16 10:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-21 04:22 - 2016-07-12 01:03 - 00000000 ____D C:\Users\Acinonyx\Documents\My Kindle Content
2016-10-20 21:25 - 2014-01-27 10:38 - 00000000 ____D C:\AdwCleaner
2016-10-19 16:56 - 2016-07-16 10:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-19 16:56 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-10-19 16:53 - 2016-07-12 21:10 - 00000000 ____D C:\Program Files\Microsoft Office
2016-10-19 00:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-16 01:19 - 2016-07-05 17:49 - 00000000 ____D C:\Users\Acinonyx\AppData\Local\Packages
2016-10-15 04:34 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\appcompat
2016-10-14 12:59 - 2016-07-10 17:29 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\vlc
2016-10-14 06:17 - 2016-05-01 10:30 - 00000000 ___RD C:\Users\Acinonyx\OneDrive
2016-10-14 06:09 - 2016-02-13 14:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-14 06:01 - 2016-07-16 10:30 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-10-14 05:53 - 2016-07-16 19:18 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ___RD C:\Program Files\Windows Defender
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\setup
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\Provisioning
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-10-14 05:53 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-14 05:53 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-10-14 05:51 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\rescache
2016-10-14 05:48 - 2016-07-16 10:29 - 00000000 ____D C:\ProgramData\USOPrivate
2016-10-14 05:48 - 2016-07-16 04:22 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-10-14 05:47 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Windows NT
2016-10-14 05:44 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-10-14 05:44 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\Registration
2016-10-14 05:44 - 2016-07-05 17:10 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-10-14 05:41 - 2016-07-16 19:16 - 00000000 ____D C:\WINDOWS\OCR
2016-10-14 05:39 - 2016-07-16 19:15 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-10-14 05:39 - 2016-07-16 19:15 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-10-14 05:39 - 2016-07-16 19:15 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-10-14 05:39 - 2016-07-16 19:15 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-10-14 05:39 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-10-14 05:39 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\servicing
2016-10-14 05:36 - 2016-07-16 10:29 - 00000000 __RHD C:\Users\Public\Libraries
2016-10-14 05:27 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-10-14 05:27 - 2016-07-10 02:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2016-10-14 05:27 - 2016-07-10 02:55 - 00000000 ____D C:\WINDOWS\system32\Codecs
2016-10-14 05:27 - 2016-07-05 17:38 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-10-14 05:26 - 2016-07-05 16:48 - 00000000 ____D C:\Users\Default.migrated
2016-10-14 05:19 - 2016-07-19 08:18 - 00000000 ____D C:\WINDOWS\system32\install
2016-10-14 05:19 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\spool
2016-10-14 05:19 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-10-14 05:19 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-10-14 05:19 - 2016-07-05 17:21 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2016-10-14 05:18 - 2016-07-06 12:42 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-10-14 05:17 - 2016-09-13 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2016
2016-10-14 05:17 - 2016-08-29 04:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2016-10-14 05:17 - 2016-08-27 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-14 05:17 - 2016-08-22 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 4
2016-10-14 05:17 - 2016-08-21 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-14 05:17 - 2016-08-13 00:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-10-14 05:17 - 2016-08-13 00:07 - 00000000 ____D C:\WINDOWS\fr
2016-10-14 05:17 - 2016-08-03 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2016-10-14 05:17 - 2016-08-01 03:31 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-10-14 05:17 - 2016-08-01 03:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.6
2016-10-14 05:17 - 2016-07-26 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2016-10-14 05:17 - 2016-07-19 08:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2016-10-14 05:17 - 2016-07-11 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-14 05:17 - 2016-07-10 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-10-14 05:17 - 2016-07-06 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitnami
2016-10-14 05:17 - 2016-07-06 12:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2016-10-14 05:17 - 2016-07-05 17:21 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-10-14 05:17 - 2016-07-05 17:21 - 00000000 ____D C:\Program Files\MSBuild
2016-10-14 05:17 - 2009-07-14 11:00 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-10-14 05:14 - 2016-08-17 23:00 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop
2016-10-14 05:14 - 2016-07-12 01:03 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-10-14 05:11 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-10-14 05:08 - 2016-07-16 10:29 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-10-14 05:08 - 2016-07-16 10:29 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-10-14 05:08 - 2016-07-16 10:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-14 05:06 - 2012-01-03 21:27 - 00000000 ____D C:\AMD
2016-10-14 04:03 - 2016-07-16 19:44 - 00000000 ___HD C:\$WINDOWS.~BT
2016-10-14 04:00 - 2016-07-06 13:32 - 00000256 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_Acinonyx.job
2016-10-14 03:40 - 2016-07-28 23:35 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-13 22:40 - 2016-07-28 23:35 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-13 04:21 - 2016-08-21 23:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-12 02:50 - 2016-07-05 20:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-12 02:21 - 2016-07-05 20:10 - 141042968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-11 02:00 - 2016-09-18 18:31 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\TeamViewer
2016-10-11 02:00 - 2016-09-13 23:20 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\SmartDraw
2016-10-11 02:00 - 2016-09-13 23:18 - 00000000 ____D C:\SmartDraw 2016
2016-10-11 01:59 - 2016-07-05 21:54 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\uTorrent
2016-10-11 01:28 - 2016-05-05 12:03 - 00000000 ____D C:\Users\Acinonyx\dwhelper
2016-10-10 04:18 - 2016-07-10 05:34 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\Apple Computer
2016-10-09 15:56 - 2016-07-06 13:29 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\IObit
2016-10-05 11:09 - 2016-07-09 11:04 - 00000000 ____D C:\Users\Acinonyx\AppData\Local\Sublime Text 3
2016-10-03 21:21 - 2016-08-03 12:54 - 00000000 ____D C:\Program Files\Calibre2
2016-10-03 21:04 - 2016-08-03 12:54 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\calibre
2016-09-30 09:50 - 2016-08-01 00:54 - 00000000 ____D C:\Program Files\Adobe
2016-09-29 22:51 - 2016-08-01 03:32 - 00000000 ___HD C:\adobeTemp
2016-09-29 22:51 - 2016-08-01 00:54 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-09-29 22:51 - 2016-07-05 17:49 - 00000000 ____D C:\Users\Acinonyx\AppData\Roaming\Adobe
2016-09-28 17:55 - 2016-08-01 00:48 - 00000000 ____D C:\Users\Acinonyx\AppData\Local\Adobe
2016-09-27 13:27 - 2016-07-05 20:43 - 00000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2016-10-15 03:47 - 2016-10-15 03:47 - 0007607 _____ () C:\Users\Acinonyx\AppData\Local\Resmon.ResmonCfg
2016-07-05 17:38 - 2016-07-05 17:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Acinonyx\ZHPCleaner.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-14 05:03
 
==================== End of FRST.txt ============================

 
ADDITION
 

 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by Acinonyx (22-10-2016 23:47:12)
Running from D:\programm\FRST
Microsoft Windows 10 Pro Version 1607 (X86) (2016-10-14 03:48:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrateur (S-1-5-21-3819432453-1527812735-2303823119-500 - Administrator - Disabled)
Acinonyx (S-1-5-21-3819432453-1527812735-2303823119-1000 - Administrator - Enabled) => C:\Users\Acinonyx
DefaultAccount (S-1-5-21-3819432453-1527812735-2303823119-503 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3819432453-1527812735-2303823119-1003 - Limited - Enabled)
Invité (S-1-5-21-3819432453-1527812735-2303823119-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: IObit Malware Fighter (Disabled - Out of date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
7-Zip 16.02 (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Advanced SystemCare 9 (HKLM\...\Advanced SystemCare_is1) (Version: 9.4.0 - IObit)
Amazon Kindle (HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon)
AMD Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Artisteer 4 (HKLM\...\Artisteer 4) (Version: 4.3 - Extensoft)
Brother MFL-Pro Suite DCP-1510 series (HKLM\...\{90C24B16-9C28-44AB-8C63-BB9822218E18}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
calibre (HKLM\...\{E287031B-230C-4127-AA44-598FA9CE3478}) (Version: 2.69.0 - Kovid Goyal)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DokanSetup (Version: 0.6.40.0 - MegaBackup Corp) Hidden
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Driver Booster 4.0 (HKLM\...\Driver Booster_is1) (Version: 4.0.4 - IObit)
Galerie de photos (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 54.0.2840.59 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
IObit Malware Fighter 4 (HKLM\...\IObit Malware Fighter_is1) (Version: 4.3 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.4.0.125 - IObit)
IQ Option (HKLM\...\IQ Option) (Version: 1.0 - IQOption)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Media Player Codec Pack 4.4.0 (HKLM\...\Media Player - Codec Pack) (Version: 4.4.0 - Media Player Codec Pack)
Microsoft Office 365 Business - bg-bg (HKLM\...\O365BusinessRetail - bg-bg) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Office 365 Business - fr-fr (HKLM\...\O365BusinessRetail - fr-fr) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7745 - Realtek Semiconductor Corp.)
Scribus 1.4.6 (HKLM\...\Scribus 1.4.6) (Version: 1.4.6 - The Scribus Team)
Skype™ 7.28 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM\...\Smart Defrag_is1) (Version: 5.1.0 - IObit)
SmartEdit for Word (HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\{b921a1a5-2fea-4c81-b79a-ee2fdd94dd0b}) (Version: 5.2.0.1 - Bad Wolf Software)
SmartEdit for Word (Version: 5.2.0.1 - Bad Wolf Software) Hidden
Sublime Text Build 3103 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Live (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-22 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
ZHPFix 2015 (HKLM\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000_Classes\CLSID\{7D412BE9-9568-4012-B55B-D00D944D6BDF}\InprocServer32 -> C:\Users\Acinonyx\AppData\Local\SmartEdit for Word\adxloader.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0203BDAF-8890-47F1-9D8C-A8D494CC988C} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag\SmartDefrag.exe [2016-06-13] (IObit)
Task: {025FD6DB-6E0F-4983-9F5B-54554E90CBE0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-19] (Microsoft Corporation)
Task: {7764DCB9-8974-4457-A44C-C0C908457B80} - System32\Tasks\Uninstaller_SkipUac_Acinonyx => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-06-24] (IObit)
Task: {777003F7-B741-4103-889F-1AFAC29534D8} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Acinonyx\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-25] (Microsoft Corporation)
Task: {7AC2AF76-A632-40C7-B933-79FAD8CE6D44} - System32\Tasks\ASC9_SkipUac_Système => C:\Program Files\IObit\Advanced SystemCare\ASC.exe [2016-08-16] (IObit)
Task: {7D02C2CF-DBAC-40C7-8B4F-393D27B1B413} - System32\Tasks\SmartDefrag_Update => C:\Program Files\IObit\Smart Defrag\AutoUpdate.exe [2016-06-01] (IObit)
Task: {7D9B84D1-4915-49EF-B9E3-FF3409E1F6D0} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
Task: {86457815-732B-43BB-BA00-818BB7AA9846} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-05] (Google Inc.)
Task: {87EEBE84-6549-4ED8-AB7C-ABF1E3CAFC9E} - \TweakBit\PCRepairKit\Time for deal -> No File <==== ATTENTION
Task: {8B48E573-FFC9-4AFD-9080-A6BA28EC803D} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {A03B795A-553D-4D6A-9D42-17AEB4F40E65} - System32\Tasks\Driver Booster SkipUAC (Acinonyx) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {B34A21A2-B9A6-4CF1-B875-0AF2DB40E477} - System32\Tasks\{5428DFBB-2BC6-426A-BDB8-3F8F03E1F61B} => pcalua.exe -a "D:\PROGRAMMES POUR WINDOWS\DCP-1510-inst-A1-eu2.EXE"
Task: {B90A455E-4573-4BA1-8DC2-85D1D0173F0A} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
Task: {D3242182-421D-40A3-B360-D8C4E0DD7389} - System32\Tasks\ASC9_SkipUac_Acinonyx => C:\Program Files\IObit\Advanced SystemCare\ASC.exe [2016-08-16] (IObit)
Task: {DB113824-DB20-43C4-89D1-D696D257A19A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {DD19BB4E-227B-4607-A989-57D18D2F5AC1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {F6A4AF95-995A-40CC-9B53-E6358F4C667E} - \TweakBit\PCRepairKit\Start PCRepairKit оn logon -> No File <==== ATTENTION
Task: {FE972FBD-54A6-448F-8205-A4D8E3F36580} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-05] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ASC9_SkipUac_Acinonyx.job => C:\Program Files\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\ASC9_SkipUac_Système.job => C:\Program Files\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Acinonyx.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 10:25 - 2016-07-16 10:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-06 13:32 - 2016-03-31 18:57 - 00625440 _____ () C:\Program Files\IObit\LiveUpdate\ProductStatistics.dll
2016-10-19 16:41 - 2016-10-19 16:41 - 08923840 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-10-12 16:43 - 2016-01-11 17:03 - 00899872 _____ () C:\Program Files\IObit\Smart Defrag\webres.dll
2016-10-12 16:43 - 2016-01-11 17:02 - 00630048 _____ () C:\Program Files\IObit\Smart Defrag\ProductStatistics.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-14 06:14 - 2016-10-14 06:14 - 01383616 _____ () C:\Users\Acinonyx\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-07-16 10:25 - 2016-07-16 10:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00492032 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01149440 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 01725440 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-14 05:50 - 2016-10-14 05:50 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-19 08:24 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2015-08-21 22:08 - 2015-08-21 22:08 - 00095744 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-10-14 06:15 - 2016-10-14 06:15 - 00118976 _____ () C:\Users\Acinonyx\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-10-22 19:25 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files\IObit\Advanced SystemCare\webres.dll
2016-10-22 19:25 - 2015-12-28 13:49 - 00629536 _____ () C:\Program Files\IObit\Advanced SystemCare\ProductStatistics.dll
2015-10-07 22:13 - 2015-10-07 22:13 - 00055992 _____ () C:\Windows\System32\Codecs\UpdateChecker.exe
2016-10-22 22:24 - 2016-10-22 22:24 - 00011264 _____ () C:\Users\Acinonyx\AppData\Local\Temp\nsjDBBB.tmp\System.dll
2016-08-29 04:28 - 2016-03-31 18:57 - 00899872 _____ () C:\Program Files\IObit\IObit Malware Fighter\webres.dll
2016-08-29 04:26 - 2016-03-31 18:57 - 00188704 _____ () C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
2016-08-29 04:26 - 2016-03-31 18:57 - 00151840 _____ () C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
2016-08-29 04:28 - 2016-03-31 18:57 - 00625440 _____ () C:\Program Files\IObit\IObit Malware Fighter\ProductStatistics.dll
2016-10-22 19:26 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2016-10-22 19:26 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-10-14 03:31 - 2016-10-12 07:43 - 01819240 _____ () C:\Program Files\Google\Chrome\Application\54.0.2840.59\libglesv2.dll
2016-10-14 03:31 - 2016-10-12 07:43 - 00093288 _____ () C:\Program Files\Google\Chrome\Application\54.0.2840.59\libegl.dll
2016-08-29 04:25 - 2016-03-31 18:57 - 00355616 _____ () C:\Program Files\IObit\IObit Malware Fighter\madExcept_.bpl
2016-08-29 04:25 - 2016-03-31 18:57 - 00190240 _____ () C:\Program Files\IObit\IObit Malware Fighter\madBasic_.bpl
2016-08-29 04:25 - 2016-03-31 18:57 - 00057632 _____ () C:\Program Files\IObit\IObit Malware Fighter\madDisAsm_.bpl
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-10-13 05:45 - 2016-10-13 05:45 - 00000707 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3819432453-1527812735-2303823119-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Acinonyx\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{850851db-5786-4ddd-a2e0-44f087d45fb4}.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C8522EDA-6D28-4AAF-A305-86B967B1A401}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{3A9FA21A-49FF-4E7E-AFF4-D43C1FD9E325}] => (Allow) C:\Program Files\Artisteer 4\bin\Artisteer.exe
FirewallRules: [{3771F871-F0A4-4339-8C79-F0E6945F89D9}] => (Allow) LPort=1900
FirewallRules: [{D67F279E-D28C-4424-966E-BE43CAD3AE4C}] => (Allow) LPort=2869
FirewallRules: [{49C15F76-2F89-493F-91B3-94C115FE76A2}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2149A8D6-7B4E-42CE-BCB0-2E1C7488DE59}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{174274AE-4506-46CC-8EBE-B52A64FDC3D0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6A9A12F3-96A4-4B83-8BCC-9D2FA28DF19A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{634615A7-DD48-4587-A0BA-C8EB3185DC10}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F5C98DBD-09CD-4EFF-B2DE-BE0675201D91}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{090F85A3-E1E1-4A13-9DB9-0A4D91F58696}] => (Allow) C:\Users\Acinonyx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A2896A6-D843-47D3-A890-D864CBBE7847}] => (Allow) C:\Users\Acinonyx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{846FC003-F051-42B9-895D-01C0FB5369DE}] => (Allow) C:\Users\Acinonyx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7520D3E6-F463-4E97-8427-2FF493D6EC20}] => (Allow) C:\Users\Acinonyx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C9DC05EA-28E5-46F0-946E-6D1A18091C41}] => (Allow) C:\Users\Acinonyx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{78767A53-4F17-4B33-A20F-5663B47E1E1F}] => (Allow) C:\Users\Acinonyx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{82FA0459-0FF3-4377-AEE8-6694859113E8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5E390DED-1CBD-4D5A-9D39-BE94EB62149A}] => (Allow) C:\Program Files\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{D9D818BB-707E-48E6-B808-B10BC46A5134}] => (Allow) C:\Program Files\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{66A9E99B-5B3C-4012-8A7F-594F1106861F}] => (Allow) C:\Program Files\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{658A9F85-4E0A-4222-887E-D56010764103}] => (Allow) C:\Program Files\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{771B3491-7DB3-4E6E-A21E-02EAE2D4AA6D}] => (Allow) C:\Program Files\IObit\Driver Booster\4.0.4\AutoUpdate.exe
FirewallRules: [{E09BDD24-6EE0-4833-87B9-64B97F74456B}] => (Allow) C:\Program Files\IObit\Driver Booster\4.0.4\AutoUpdate.exe
 
==================== Restore Points =========================
 
14-10-2016 08:12:35 Windows Update
18-10-2016 00:15:33 Windows Update
21-10-2016 05:47:41 Programme d’installation pour les modules Windows
22-10-2016 20:02:13 Driver Booster : Realtek USB 2.0 Card Reader
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/22/2016 09:07:44 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Détails :
(HRESULT : 0x80040210) (0x80040210)
 
Error: (10/22/2016 08:03:32 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Détails :
(HRESULT : 0x80040210) (0x80040210)
 
Error: (10/22/2016 08:03:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Détails :
(HRESULT : 0x80040210) (0x80040210)
 
Error: (10/22/2016 08:02:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.
 
System Error:
Accès refusé.
.
 
Error: (10/22/2016 08:02:10 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Accès refusé.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Opération :
   Données du rédacteur en cours de collecte
 
Contexte :
   ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
   Nom du rédacteur: System Writer
   ID d’instance du rédacteur: {43b34e02-3c31-4763-bf07-7a109700650c}
 
Error: (10/22/2016 07:25:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Smart Defrag.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2b10
 
Start Time: 01d22c8924f9d879
 
Termination Time: 4294967295
 
Application Path: C:\Users\Acinonyx\AppData\Local\Temp\is-LNOFD.tmp\Smart Defrag.tmp
 
Report Id: 7bb5bef9-987c-11e6-b425-c89cdc2a59ec
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/22/2016 07:24:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 16.10.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 272c
 
Start Time: 01d22c7afda277a9
 
Termination Time: 4294967295
 
Application Path: D:\programm\FRST\FRST.exe
 
Report Id: 6a59b9a3-987c-11e6-b425-c89cdc2a59ec
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/22/2016 01:56:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACINONYX-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/22/2016 01:56:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACINONYX-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/22/2016 01:56:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ACINONYX-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/22/2016 11:22:04 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (10/22/2016 10:23:07 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: The propres à l’application permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user AUTORITE NT\Système SID (S-1-5-18) from address LocalHost (avec LRPC) running in the application container Non disponible SID (Non disponible). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/22/2016 08:52:15 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (10/22/2016 08:51:40 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (10/22/2016 08:20:10 PM) (Source: DCOM) (EventID: 10010) (User: ACINONYX-PC)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
 
Error: (10/22/2016 07:24:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/22/2016 06:28:18 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (10/22/2016 01:56:26 PM) (Source: DCOM) (EventID: 10001) (User: ACINONYX-PC)
Description: Unable to start a DCOM Server: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca as Non disponible/Non disponible. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
 
Error: (10/22/2016 01:52:47 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: The propres à l’application permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user AUTORITE NT\Système SID (S-1-5-18) from address LocalHost (avec LRPC) running in the application container Non disponible SID (Non disponible). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/22/2016 01:46:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AdvancedSystemCareService9 service failed to start due to the following error: 
The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-22 21:48:11.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-22 21:48:11.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-22 21:48:11.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-21 03:12:40.607
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-21 03:12:40.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-21 03:12:40.578
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-21 00:17:09.950
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-21 00:17:09.941
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-21 00:17:09.922
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-18 16:28:59.591
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-350 Processor
Percentage of memory in use: 78%
Total physical RAM: 2299.27 MB
Available physical RAM: 505.26 MB
Total Virtual: 6267.27 MB
Available Virtual: 3184.25 MB
 
==================== Drives ================================
 
Drive a: (DOCUMENTS) (Fixed) (Total:27.5 GB) (Free:27.36 GB) NTFS
Drive b: (ACINONYX-1) (Fixed) (Total:26 GB) (Free:25.85 GB) NTFS
Drive c: (Packard Bell) (Fixed) (Total:662.34 GB) (Free:598.76 GB) NTFS
Drive d: (DATA) (Fixed) (Total:660.83 GB) (Free:639.61 GB) NTFS
Drive e: (SAMSUNG) (Fixed) (Total:2794.51 GB) (Free:1604.59 GB) NTFS
Drive f: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Not Active) - (Size=20.5 GB) - (Type=27)
Partition 3: (Active) - (Size=100 MB) - (Type=42)
Partition 4: (Not Active) - (Size=662.3 GB) - (Type=42)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================

 
Thank you for your time!
 
Acinonyx
                    
........|\___/|
........)'•...•'(
......=\=.Y.=/=
.........\ -''-/ 
.........)===(..._
......../........\....\\
.......|.m..m.|...//   
....../............\.// 
......\............//  
____/\___/\__

Edited by Oh My!, 22 October 2016 - 06:38 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 22 October 2016 - 07:42 PM

No problem, I appreciate you going through the extra work to make it easier for me to read.

In answer to your questions, at this point there is no evidence of the type of malware that steals personal information or allows Backdoor access without your knowledge. If something surfaces raising that concern I will certainly let you know.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
  • Please download Revo Uninstaller Free and save it to your Desktop
  • Double click revosetup.exe then select Run
  • Select English then click OK
  • Select I accept the agreement then click Next 2 times
  • Click Install
  • Click Finish to start the program
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
IObit Malware Fighter 4
IObit Uninstaller
Advanced SystemCare 9
Driver Booster 4.0
Smart Defrag 5
  • When prompted if you want to uninstall click Yes
  • When the built-in uninstaller is finished click OK
  • Click Scan
  • If presented, on the Found leftover Registry items Check the items in bold only. You may have to expand some folders by clicking the "+" mark
  • Click Delete then Yes
  • Click Finish
  • If presented, on the Found leftover files and folders window click Select All, click Finish, then click Yes
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF user.js: detected! => C:\Users\Acinonyx\AppData\Roaming\Mozilla\Firefox\Profiles\roslei0d.default\user.js [2016-10-15]
Task: {87EEBE84-6549-4ED8-AB7C-ABF1E3CAFC9E} - \TweakBit\PCRepairKit\Time for deal -> No File <==== ATTENTION
Task: {F6A4AF95-995A-40CC-9B53-E6358F4C667E} - \TweakBit\PCRepairKit\Start PCRepairKit оn logon -> No File <==== ATTENTION
Folder: C:\Users\Acinonyx\AppData\Local\Temp\nsjDBBB.tmp
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop
  • Right-click on TDSSKiller.exe and select Run As Administrator
  • Click Accept on the End User License Agreement
  • Click Accept on the KSN Statement
  • Click Change parameters
  • Place a check mark in the following boxes

Detect TDLFS file system
Verify file digital signatures

  • Click OK
  • Click Start Scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects
  • If an infected file is detected, the default action will be Cure...do not change it
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now
  • Hit the Windows Key + E at the same time
  • Double click your Local Disk C: drive
  • Locate the file similar to TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that file in your reply
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. For additional help see here and here
  • Double click the aswMBR.exe file to run it. If requested, allow Avast to update the antivirus engine definitions
  • Leave the default settings then click Scan
  • When done, you will see Scan finished successfully. Click on Save log and save the file to your desktop
  • Copy and paste the contents of the log in your reply
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs uninstall?
  • Fixlist
  • RogueKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Acinonyx

Acinonyx
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:44 AM

Posted 23 October 2016 - 04:19 PM

  :hello:  Gary, I hope I did the things right this time!  :scratchhead:

 

Uninstalled :

mTorrent (Hope this was the P2P you mentioned)

IObit Malware Fighter 4

IObit Uninstaller
Advanced SystemCare 9
Driver Booster 4.0
Smart Defrag 5

 

FIXLOG.TXT

Fix result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016

Ran by Acinonyx (23-10-2016 18:16:15) Run:1

Running from D:\programm\FRST

Loaded Profiles: Acinonyx (Available Profiles: Acinonyx)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  No File

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  No File

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

FF user.js: detected! => C:\Users\Acinonyx\AppData\Roaming\Mozilla\Firefox\Profiles\roslei0d.default\user.js [2016-10-15]

Task: {87EEBE84-6549-4ED8-AB7C-ABF1E3CAFC9E} - \TweakBit\PCRepairKit\Time for deal -> No File <==== ATTENTION

Task: {F6A4AF95-995A-40CC-9B53-E6358F4C667E} - \TweakBit\PCRepairKit\Start PCRepairKit оn logon -> No File <==== ATTENTION

Folder: C:\Users\Acinonyx\AppData\Local\Temp\nsjDBBB.tmp

*****************

 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1" => key removed successfully.

HKCR\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2" => key removed successfully.

HKCR\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303} => key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3" => key removed successfully.

HKCR\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB} => key not found.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.

C:\Users\Acinonyx\AppData\Roaming\Mozilla\Firefox\Profiles\roslei0d.default\user.js => not found.

C:\Users\Acinonyx\AppData\Roaming\Mozilla\Firefox\Profiles\roslei0d.default\user.js => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87EEBE84-6549-4ED8-AB7C-ABF1E3CAFC9E}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87EEBE84-6549-4ED8-AB7C-ABF1E3CAFC9E}" => key removed successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\PCRepairKit\Time for deal => key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6A4AF95-995A-40CC-9B53-E6358F4C667E}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6A4AF95-995A-40CC-9B53-E6358F4C667E}" => key removed successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\PCRepairKit\Start PCRepairKit оn logon => key could not remove. ErrorCode: 0xC000000D

 

========================= Folder: C:\Users\Acinonyx\AppData\Local\Temp\nsjDBBB.tmp ========================

 

not found.

 

====== End of Folder: ======

 

 

==== End of Fixlog 18:16:44 ====

 

RK.TXT

RogueKiller V12.7.3.0 [Oct 17 2016] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/download/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 10 (10.0.14393) 32 bits version

Started in : Normal mode

User : Acinonyx [Administrator]

Started from : C:\Program Files\RogueKiller\RogueKiller.exe

Mode : Scan -- Date : 10/23/2016 18:30:48 (Duration : 01:37:01)

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 1 ¤¤¤

[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ WMI : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 

¤¤¤ Web browsers : 1 ¤¤¤

[PUP][CHROME:Addon] Default : Grammarly for Chrome [kbfnbcaeplbcioakkpcpgfkobkghlhen] -> Found

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD15EADS-22P8B0 +++++

--- User ---

[MBR] bef96be10e7fea92c05fb83897698b0c

[BSP] 709d96ce5b9368214caaf3be347d884e : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 MB

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20992 MB

2 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 42993664 | Size: 100 MB

3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 43198464 | Size: 678232 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: Samsung D3 Station USB Device +++++

Error reading User MBR! ([57] The parameter is incorrect. )

Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )

Error reading LL2 MBR! ([32] The request is not supported. )

 

TDSSKiller.3.1.0.11_23.10.2016_21.12.07_log.txt

 

21:12:07.0228 0x34ac  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31

21:12:21.0866 0x34ac  ============================================================

21:12:21.0866 0x34ac  Current date / time: 2016/10/23 21:12:21.0866

21:12:21.0866 0x34ac  SystemInfo:

21:12:21.0866 0x34ac 

21:12:21.0866 0x34ac  OS Version: 10.0.14393 ServicePack: 0.0

21:12:21.0867 0x34ac  Product type: Workstation

21:12:21.0867 0x34ac  ComputerName: ACINONYX-PC

21:12:21.0868 0x34ac  UserName: Acinonyx

21:12:21.0868 0x34ac  Windows directory: C:\WINDOWS

21:12:21.0868 0x34ac  System windows directory: C:\WINDOWS

21:12:21.0868 0x34ac  Processor architecture: Intel x86

21:12:21.0868 0x34ac  Number of processors: 2

21:12:21.0868 0x34ac  Page size: 0x1000

21:12:21.0868 0x34ac  Boot type: Normal boot

21:12:21.0868 0x34ac  CodeIntegrityOptions = 0x00000000

21:12:21.0868 0x34ac  ============================================================

21:12:23.0620 0x34ac  KLMD registered as C:\WINDOWS\system32\drivers\05187718.sys

21:12:23.0620 0x34ac  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.321, osProperties = 0x18

21:12:26.0219 0x34ac  System UUID: {5BFD5BE0-E76D-1238-4A35-0558F9D9E7F5}

21:12:28.0656 0x34ac  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020

21:12:28.0658 0x34ac  Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1475000 ( 2794.52 Gb ), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:12:37.0945 0x34ac  ============================================================

21:12:37.0946 0x34ac  \Device\Harddisk0\DR0:

21:12:37.0968 0x34ac  MBR partitions:

21:12:37.0968 0x34ac  \Device\Harddisk1\DR1:

21:12:37.0970 0x34ac  MBR partitions:

21:12:37.0970 0x34ac  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x2BAA0A20

21:12:37.0970 0x34ac  ============================================================

21:12:38.0104 0x34ac  E: <-> \Device\Harddisk1\DR1\Partition1

21:12:38.0104 0x34ac  ============================================================

21:12:38.0104 0x34ac  Initialize success

21:12:38.0104 0x34ac  ============================================================

21:12:51.0926 0x3594  ============================================================

21:12:51.0926 0x3594  Scan started

21:12:51.0926 0x3594  Mode: Manual; SigCheck; TDLFS;

21:12:51.0927 0x3594  ============================================================

21:12:51.0927 0x3594  KSN ping started

21:12:52.0163 0x3594  KSN ping finished: true

21:12:53.0587 0x3594  ================ Scan system memory ========================

21:12:53.0587 0x3594  System memory - ok

21:12:53.0588 0x3594  ================ Scan services =============================

21:12:53.0647 0x3594  1394ohci - ok

21:12:53.0661 0x3594  3ware - ok

21:12:53.0674 0x3594  ACPI - ok

21:12:53.0689 0x3594  AcpiDev - ok

21:12:53.0702 0x3594  acpiex - ok

21:12:53.0717 0x3594  acpipagr - ok

21:12:53.0732 0x3594  AcpiPmi - ok

21:12:53.0747 0x3594  acpitime - ok

21:12:53.0757 0x3594  AdobeUpdateService - ok

21:12:53.0782 0x3594  ADP80XX - ok

21:12:53.0804 0x3594  AFD - ok

21:12:53.0826 0x3594  AGSService - ok

21:12:53.0841 0x3594  ahcache - ok

21:12:53.0855 0x3594  AJRouter - ok

21:12:53.0871 0x3594  ALG - ok

21:12:53.0885 0x3594  AMD External Events Utility - ok

21:12:53.0900 0x3594  AMD FUEL Service - ok

21:12:53.0923 0x3594  amdide - ok

21:12:53.0938 0x3594  amdiox86 - ok

21:12:53.0953 0x3594  AmdK8 - ok

21:12:53.0963 0x3594  amdkmdag - ok

21:12:53.0977 0x3594  amdkmdap - ok

21:12:53.0991 0x3594  AmdPPM - ok

21:12:54.0007 0x3594  amdsata - ok

21:12:54.0021 0x3594  amdsbs - ok

21:12:54.0036 0x3594  amdxata - ok

21:12:54.0051 0x3594  AppID - ok

21:12:54.0066 0x3594  AppIDSvc - ok

21:12:54.0081 0x3594  Appinfo - ok

21:12:54.0095 0x3594  applockerfltr - ok

21:12:54.0109 0x3594  AppMgmt - ok

21:12:54.0123 0x3594  AppReadiness - ok

21:12:54.0138 0x3594  AppVClient - ok

21:12:54.0154 0x3594  AppvStrm - ok

21:12:54.0169 0x3594  AppvVemgr - ok

21:12:54.0183 0x3594  AppvVfs - ok

21:12:54.0198 0x3594  AppXSvc - ok

21:12:54.0213 0x3594  arcsas - ok

21:12:54.0227 0x3594  AsyncMac - ok

21:12:54.0241 0x3594  atapi - ok

21:12:54.0264 0x3594  AtiHDAudioService - ok

21:12:54.0278 0x3594  AudioEndpointBuilder - ok

21:12:54.0293 0x3594  Audiosrv - ok

21:12:54.0308 0x3594  AxInstSV - ok

21:12:54.0322 0x3594  BasicDisplay - ok

21:12:54.0337 0x3594  BasicRender - ok

21:12:54.0357 0x3594  bcmfn - ok

21:12:54.0372 0x3594  bcmfn2 - ok

21:12:54.0388 0x3594  BDESVC - ok

21:12:54.0403 0x3594  Beep - ok

21:12:54.0418 0x3594  BFE - ok

21:12:54.0433 0x3594  BITS - ok

21:12:54.0447 0x3594  bowser - ok

21:12:54.0463 0x3594  BrokerInfrastructure - ok

21:12:54.0477 0x3594  Browser - ok

21:12:54.0491 0x3594  BrYNSvc - ok

21:12:54.0505 0x3594  BthAvrcpTg - ok

21:12:54.0520 0x3594  BthHFEnum - ok

21:12:54.0534 0x3594  bthhfhid - ok

21:12:54.0549 0x3594  BthHFSrv - ok

21:12:54.0562 0x3594  BTHMODEM - ok

21:12:54.0585 0x3594  bthserv - ok

21:12:54.0600 0x3594  buttonconverter - ok

21:12:54.0615 0x3594  CapImg - ok

21:12:54.0630 0x3594  cdfs - ok

21:12:54.0643 0x3594  CDPSvc - ok

21:12:54.0658 0x3594  CDPUserSvc - ok

21:12:54.0681 0x3594  cdrom - ok

21:12:54.0699 0x3594  CertPropSvc - ok

21:12:54.0713 0x3594  circlass - ok

21:12:54.0723 0x3594  CLFS - ok

21:12:54.0738 0x3594  ClickToRunSvc - ok

21:12:54.0754 0x3594  ClipSVC - ok

21:12:54.0771 0x3594  clreg - ok

21:12:54.0793 0x3594  CmBatt - ok

21:12:54.0808 0x3594  CNG - ok

21:12:54.0822 0x3594  cnghwassist - ok

21:12:54.0837 0x3594  CompositeBus - ok

21:12:54.0854 0x3594  COMSysApp - ok

21:12:54.0870 0x3594  condrv - ok

21:12:54.0885 0x3594  CoreMessagingRegistrar - ok

21:12:54.0905 0x3594  cpuz138 - ok

21:12:54.0928 0x3594  CryptSvc - ok

21:12:54.0942 0x3594  CSC - ok

21:12:54.0957 0x3594  CscService - ok

21:12:54.0972 0x3594  dam - ok

21:12:54.0987 0x3594  dc3d - ok

21:12:55.0009 0x3594  DcomLaunch - ok

21:12:55.0023 0x3594  DcpSvc - ok

21:12:55.0037 0x3594  defragsvc - ok

21:12:55.0054 0x3594  DeviceAssociationService - ok

21:12:55.0069 0x3594  DeviceInstall - ok

21:12:55.0084 0x3594  DevQueryBroker - ok

21:12:55.0099 0x3594  Dfsc - ok

21:12:55.0115 0x3594  Dhcp - ok

21:12:55.0129 0x3594  diagnosticshub.standardcollector.service - ok

21:12:55.0143 0x3594  DiagTrack - ok

21:12:55.0158 0x3594  disk - ok

21:12:55.0172 0x3594  DmEnrollmentSvc - ok

21:12:55.0187 0x3594  dmvsc - ok

21:12:55.0202 0x3594  dmwappushservice - ok

21:12:55.0217 0x3594  Dnscache - ok

21:12:55.0231 0x3594  DokanMb - ok

21:12:55.0253 0x3594  dot3svc - ok

21:12:55.0268 0x3594  DPS - ok

21:12:55.0284 0x3594  drmkaud - ok

21:12:55.0299 0x3594  DsmSvc - ok

21:12:55.0312 0x3594  DsSvc - ok

21:12:55.0326 0x3594  DXGKrnl - ok

21:12:55.0340 0x3594  Eaphost - ok

21:12:55.0354 0x3594  EFS - ok

21:12:55.0369 0x3594  EhStorClass - ok

21:12:55.0384 0x3594  EhStorTcgDrv - ok

21:12:55.0398 0x3594  embeddedmode - ok

21:12:55.0415 0x3594  EntAppSvc - ok

21:12:55.0429 0x3594  ErrDev - ok

21:12:55.0459 0x3594  EventSystem - ok

21:12:55.0473 0x3594  exfat - ok

21:12:55.0488 0x3594  fastfat - ok

21:12:55.0503 0x3594  Fax - ok

21:12:55.0519 0x3594  fdc - ok

21:12:55.0533 0x3594  fdPHost - ok

21:12:55.0548 0x3594  FDResPub - ok

21:12:55.0562 0x3594  fhsvc - ok

21:12:55.0579 0x3594  FileCrypt - ok

21:12:55.0590 0x3594  FileInfo - ok

21:12:55.0604 0x3594  Filetrace - ok

21:12:55.0621 0x3594  flpydisk - ok

21:12:55.0637 0x3594  FltMgr - ok

21:12:55.0653 0x3594  FontCache - ok

21:12:55.0669 0x3594  FrameServer - ok

21:12:55.0683 0x3594  FsDepends - ok

21:12:55.0702 0x3594  Fs_Rec - ok

21:12:55.0718 0x3594  fvevol - ok

21:12:55.0740 0x3594  gencounter - ok

21:12:55.0750 0x3594  genericusbfn - ok

21:12:55.0764 0x3594  GPIO - ok

21:12:55.0782 0x3594  GPIOClx0101 - ok

21:12:55.0796 0x3594  gpsvc - ok

21:12:55.0810 0x3594  GpuEnergyDrv - ok

21:12:55.0825 0x3594  gupdate - ok

21:12:55.0841 0x3594  gupdatem - ok

21:12:55.0856 0x3594  HDAudBus - ok

21:12:55.0870 0x3594  HidBatt - ok

21:12:55.0887 0x3594  HidBth - ok

21:12:55.0901 0x3594  hidi2c - ok

21:12:55.0915 0x3594  hidinterrupt - ok

21:12:55.0929 0x3594  HidIr - ok

21:12:55.0942 0x3594  hidserv - ok

21:12:55.0957 0x3594  HidUsb - ok

21:12:55.0971 0x3594  HomeGroupListener - ok

21:12:55.0988 0x3594  HomeGroupProvider - ok

21:12:56.0000 0x3594  HpSAMD - ok

21:12:56.0014 0x3594  HTTP - ok

21:12:56.0028 0x3594  HWiNFO32 - ok

21:12:56.0042 0x3594  hwpolicy - ok

21:12:56.0056 0x3594  hyperkbd - ok

21:12:56.0070 0x3594  i8042prt - ok

21:12:56.0086 0x3594  iagpio - ok

21:12:56.0100 0x3594  iai2c - ok

21:12:56.0115 0x3594  iaioi2c - ok

21:12:56.0130 0x3594  iaStorAV - ok

21:12:56.0144 0x3594  iaStorV - ok

21:12:56.0158 0x3594  icssvc - ok

21:12:56.0172 0x3594  IKEEXT - ok

21:12:56.0188 0x3594  IndirectKmd - ok

21:12:56.0210 0x3594  intelide - ok

21:12:56.0223 0x3594  intelpep - ok

21:12:56.0238 0x3594  intelppm - ok

21:12:56.0249 0x3594  iorate - ok

21:12:56.0262 0x3594  IpFilterDriver - ok

21:12:56.0277 0x3594  iphlpsvc - ok

21:12:56.0291 0x3594  IPMIDRV - ok

21:12:56.0305 0x3594  IPNAT - ok

21:12:56.0320 0x3594  irda - ok

21:12:56.0334 0x3594  IRENUM - ok

21:12:56.0349 0x3594  irmon - ok

21:12:56.0367 0x3594  isapnp - ok

21:12:56.0382 0x3594  iScsiPrt - ok

21:12:56.0396 0x3594  kbdclass - ok

21:12:56.0410 0x3594  kbdhid - ok

21:12:56.0423 0x3594  kdnic - ok

21:12:56.0438 0x3594  KeyIso - ok

21:12:56.0453 0x3594  KSecDD - ok

21:12:56.0468 0x3594  KSecPkg - ok

21:12:56.0482 0x3594  KtmRm - ok

21:12:56.0496 0x3594  LanmanServer - ok

21:12:56.0510 0x3594  LanmanWorkstation - ok

21:12:56.0525 0x3594  LcUvcUpper - ok

21:12:56.0547 0x3594  lfsvc - ok

21:12:56.0561 0x3594  LicenseManager - ok

21:12:56.0587 0x3594  LiveUpdateSvc - ok

21:12:56.0601 0x3594  lltdio - ok

21:12:56.0615 0x3594  lltdsvc - ok

21:12:56.0631 0x3594  lmhosts - ok

21:12:56.0653 0x3594  LSI_SAS - ok

21:12:56.0667 0x3594  LSI_SAS2i - ok

21:12:56.0681 0x3594  LSI_SAS3i - ok

21:12:56.0700 0x3594  LSI_SSS - ok

21:12:56.0715 0x3594  LSM - ok

21:12:56.0725 0x3594  luafv - ok

21:12:56.0739 0x3594  MapsBroker - ok

21:12:56.0754 0x3594  MBAMProtector - ok

21:12:56.0763 0x3594  MBAMScheduler - ok

21:12:56.0777 0x3594  MBAMService - ok

21:12:56.0809 0x3594  MBAMSwissArmy - ok

21:12:56.0822 0x3594  MBAMWebAccessControl - ok

21:12:56.0838 0x3594  megasas - ok

21:12:56.0853 0x3594  megasas2i - ok

21:12:56.0869 0x3594  megasr - ok

21:12:56.0884 0x3594  MessagingService - ok

21:12:56.0915 0x3594  MMCSS - ok

21:12:56.0930 0x3594  Modem - ok

21:12:56.0943 0x3594  monitor - ok

21:12:56.0957 0x3594  mouclass - ok

21:12:56.0971 0x3594  mouhid - ok

21:12:56.0987 0x3594  mountmgr - ok

21:12:57.0002 0x3594  MpKslb6bc2a0a - ok

21:12:57.0019 0x3594  mpsdrv - ok

21:12:57.0034 0x3594  MpsSvc - ok

21:12:57.0048 0x3594  MRxDAV - ok

21:12:57.0062 0x3594  mrxsmb - ok

21:12:57.0079 0x3594  mrxsmb10 - ok

21:12:57.0093 0x3594  mrxsmb20 - ok

21:12:57.0109 0x3594  MsBridge - ok

21:12:57.0123 0x3594  MSDTC - ok

21:12:57.0153 0x3594  Msfs - ok

21:12:57.0169 0x3594  msgpiowin32 - ok

21:12:57.0184 0x3594  mshidkmdf - ok

21:12:57.0198 0x3594  mshidumdf - ok

21:12:57.0212 0x3594  msisadrv - ok

21:12:57.0225 0x3594  MSiSCSI - ok

21:12:57.0239 0x3594  msiserver - ok

21:12:57.0254 0x3594  MSKSSRV - ok

21:12:57.0272 0x3594  MsLldp - ok

21:12:57.0287 0x3594  MSPCLOCK - ok

21:12:57.0302 0x3594  MSPQM - ok

21:12:57.0319 0x3594  MsRPC - ok

21:12:57.0341 0x3594  MsSecFlt - ok

21:12:57.0355 0x3594  mssmbios - ok

21:12:57.0370 0x3594  MSTEE - ok

21:12:57.0386 0x3594  MTConfig - ok

21:12:57.0402 0x3594  Mup - ok

21:12:57.0415 0x3594  mvumis - ok

21:12:57.0435 0x3594  NativeWifiP - ok

21:12:57.0453 0x3594  NcaSvc - ok

21:12:57.0469 0x3594  NcbService - ok

21:12:57.0483 0x3594  NcdAutoSetup - ok

21:12:57.0498 0x3594  NDIS - ok

21:12:57.0512 0x3594  NdisCap - ok

21:12:57.0528 0x3594  NdisImPlatform - ok

21:12:57.0550 0x3594  NdisTapi - ok

21:12:57.0563 0x3594  Ndisuio - ok

21:12:57.0577 0x3594  NdisVirtualBus - ok

21:12:57.0592 0x3594  NdisWan - ok

21:12:57.0605 0x3594  ndiswanlegacy - ok

21:12:57.0620 0x3594  ndproxy - ok

21:12:57.0636 0x3594  Ndu - ok

21:12:57.0652 0x3594  NetAdapterCx - ok

21:12:57.0668 0x3594  NetBIOS - ok

21:12:57.0692 0x3594  NetBT - ok

21:12:57.0708 0x3594  Netlogon - ok

21:12:57.0722 0x3594  Netman - ok

21:12:57.0735 0x3594  netprofm - ok

21:12:57.0751 0x3594  NetSetupSvc - ok

21:12:57.0764 0x3594  NetTcpPortSharing - ok

21:12:57.0788 0x3594  NgcCtnrSvc - ok

21:12:57.0803 0x3594  NgcSvc - ok

21:12:57.0819 0x3594  NlaSvc - ok

21:12:57.0834 0x3594  Npfs - ok

21:12:57.0848 0x3594  npsvctrig - ok

21:12:57.0862 0x3594  nsi - ok

21:12:57.0875 0x3594  nsiproxy - ok

21:12:57.0895 0x3594  NTFS - ok

21:12:57.0909 0x3594  Null - ok

21:12:57.0923 0x3594  nvraid - ok

21:12:57.0937 0x3594  nvstor - ok

21:12:57.0952 0x3594  OneSyncSvc - ok

21:12:57.0980 0x3594  ose - ok

21:12:57.0993 0x3594  p2pimsvc - ok

21:12:58.0007 0x3594  p2psvc - ok

21:12:58.0021 0x3594  Parport - ok

21:12:58.0037 0x3594  partmgr - ok

21:12:58.0052 0x3594  Parvdm - ok

21:12:58.0068 0x3594  PcaSvc - ok

21:12:58.0081 0x3594  pci - ok

21:12:58.0095 0x3594  pciide - ok

21:12:58.0108 0x3594  pcmcia - ok

21:12:58.0123 0x3594  pcw - ok

21:12:58.0139 0x3594  pdc - ok

21:12:58.0154 0x3594  PEAuth - ok

21:12:58.0169 0x3594  PeerDistSvc - ok

21:12:58.0185 0x3594  percsas2i - ok

21:12:58.0200 0x3594  percsas3i - ok

21:12:58.0241 0x3594  PhoneSvc - ok

21:12:58.0256 0x3594  PimIndexMaintenanceSvc - ok

21:12:58.0284 0x3594  pla - ok

21:12:58.0292 0x3594  PlugPlay - ok

21:12:58.0305 0x3594  PNRPAutoReg - ok

21:12:58.0321 0x3594  PNRPsvc - ok

21:12:58.0337 0x3594  PolicyAgent - ok

21:12:58.0358 0x3594  Power - ok

21:12:58.0372 0x3594  PptpMiniport - ok

21:12:58.0386 0x3594  PrintNotify - ok

21:12:58.0402 0x3594  Processor - ok

21:12:58.0419 0x3594  ProfSvc - ok

21:12:58.0434 0x3594  Psched - ok

21:12:58.0449 0x3594  QWAVE - ok

21:12:58.0464 0x3594  QWAVEdrv - ok

21:12:58.0478 0x3594  RasAcd - ok

21:12:58.0493 0x3594  RasAgileVpn - ok

21:12:58.0507 0x3594  RasAuto - ok

21:12:58.0521 0x3594  Rasl2tp - ok

21:12:58.0535 0x3594  RasMan - ok

21:12:58.0545 0x3594  RasPppoe - ok

21:12:58.0558 0x3594  RasSstp - ok

21:12:58.0572 0x3594  rdbss - ok

21:12:58.0593 0x3594  rdpbus - ok

21:12:58.0607 0x3594  RDPDR - ok

21:12:58.0637 0x3594  RdpVideoMiniport - ok

21:12:58.0652 0x3594  rdyboost - ok

21:12:58.0670 0x3594  RegFilter - ok

21:12:58.0686 0x3594  RemoteAccess - ok

21:12:58.0702 0x3594  RemoteRegistry - ok

21:12:58.0718 0x3594  RetailDemo - ok

21:12:58.0734 0x3594  RmSvc - ok

21:12:58.0747 0x3594  RpcEptMapper - ok

21:12:58.0761 0x3594  RpcLocator - ok

21:12:58.0775 0x3594  RpcSs - ok

21:12:58.0788 0x3594  rspndr - ok

21:12:58.0798 0x3594  rt640x86 - ok

21:12:58.0815 0x3594  RTSUER - ok

21:12:58.0830 0x3594  s3cap - ok

21:12:58.0847 0x3594  SamSs - ok

21:12:58.0861 0x3594  sbp2port - ok

21:12:58.0875 0x3594  SCardSvr - ok

21:12:58.0889 0x3594  ScDeviceEnum - ok

21:12:58.0903 0x3594  scfilter - ok

21:12:58.0919 0x3594  Schedule - ok

21:12:58.0935 0x3594  SCPolicySvc - ok

21:12:58.0950 0x3594  sdbus - ok

21:12:58.0963 0x3594  SDRSVC - ok

21:12:58.0978 0x3594  sdstor - ok

21:12:58.0994 0x3594  seclogon - ok

21:12:59.0007 0x3594  SENS - ok

21:12:59.0021 0x3594  Sense - ok

21:12:59.0036 0x3594  SensorDataService - ok

21:12:59.0053 0x3594  SensorService - ok

21:12:59.0068 0x3594  SensrSvc - ok

21:12:59.0083 0x3594  SerCx - ok

21:12:59.0097 0x3594  SerCx2 - ok

21:12:59.0113 0x3594  Serenum - ok

21:12:59.0127 0x3594  Serial - ok

21:12:59.0140 0x3594  sermouse - ok

21:12:59.0178 0x3594  SessionEnv - ok

21:12:59.0192 0x3594  sfloppy - ok

21:12:59.0207 0x3594  SharedAccess - ok

21:12:59.0222 0x3594  ShellHWDetection - ok

21:12:59.0237 0x3594  shpamsvc - ok

21:12:59.0252 0x3594  SiSRaid2 - ok

21:12:59.0268 0x3594  SiSRaid4 - ok

21:12:59.0283 0x3594  SkypeUpdate - ok

21:12:59.0298 0x3594  smphost - ok

21:12:59.0307 0x3594  SmsRouter - ok

21:12:59.0337 0x3594  SNMPTRAP - ok

21:12:59.0353 0x3594  spaceport - ok

21:12:59.0368 0x3594  SpbCx - ok

21:12:59.0384 0x3594  Spooler - ok

21:12:59.0398 0x3594  sppsvc - ok

21:12:59.0412 0x3594  srv - ok

21:12:59.0426 0x3594  srv2 - ok

21:12:59.0443 0x3594  srvnet - ok

21:12:59.0456 0x3594  SSDPSRV - ok

21:12:59.0471 0x3594  SstpSvc - ok

21:12:59.0485 0x3594  StateRepository - ok

21:12:59.0502 0x3594  stexstor - ok

21:12:59.0519 0x3594  StiSvc - ok

21:12:59.0535 0x3594  storahci - ok

21:12:59.0550 0x3594  storflt - ok

21:12:59.0558 0x3594  stornvme - ok

21:12:59.0573 0x3594  storqosflt - ok

21:12:59.0588 0x3594  StorSvc - ok

21:12:59.0602 0x3594  storufs - ok

21:12:59.0619 0x3594  storvsc - ok

21:12:59.0634 0x3594  svsvc - ok

21:12:59.0648 0x3594  swenum - ok

21:12:59.0661 0x3594  swprv - ok

21:12:59.0675 0x3594  Synth3dVsc - ok

21:12:59.0697 0x3594  SysMain - ok

21:12:59.0711 0x3594  SystemEventsBroker - ok

21:12:59.0726 0x3594  TabletInputService - ok

21:12:59.0741 0x3594  TapiSrv - ok

21:12:59.0755 0x3594  Tcpip - ok

21:12:59.0770 0x3594  Tcpip6 - ok

21:12:59.0791 0x3594  tcpipreg - ok

21:12:59.0813 0x3594  tdx - ok

21:12:59.0829 0x3594  terminpt - ok

21:12:59.0842 0x3594  TermService - ok

21:12:59.0857 0x3594  Themes - ok

21:12:59.0872 0x3594  TieringEngineService - ok

21:12:59.0887 0x3594  tiledatamodelsvc - ok

21:12:59.0902 0x3594  TimeBrokerSvc - ok

21:12:59.0918 0x3594  TPM - ok

21:12:59.0934 0x3594  TrkWks - ok

21:12:59.0957 0x3594  TrueSight - ok

21:12:59.0971 0x3594  TrustedInstaller - ok

21:12:59.0992 0x3594  TsUsbFlt - ok

21:13:00.0006 0x3594  TsUsbGD - ok

21:13:00.0021 0x3594  tsusbhub - ok

21:13:00.0036 0x3594  tunnel - ok

21:13:00.0052 0x3594  tzautoupdate - ok

21:13:00.0069 0x3594  UASPStor - ok

21:13:00.0085 0x3594  UcmCx0101 - ok

21:13:00.0101 0x3594  UcmTcpciCx0101 - ok

21:13:00.0115 0x3594  UcmUcsi - ok

21:13:00.0130 0x3594  Ucx01000 - ok

21:13:00.0144 0x3594  UdeCx - ok

21:13:00.0158 0x3594  udfs - ok

21:13:00.0172 0x3594  UEFI - ok

21:13:00.0188 0x3594  UevAgentDriver - ok

21:13:00.0202 0x3594  UevAgentService - ok

21:13:00.0219 0x3594  Ufx01000 - ok

21:13:00.0235 0x3594  UfxChipidea - ok

21:13:00.0251 0x3594  ufxsynopsys - ok

21:13:00.0279 0x3594  UI0Detect - ok

21:13:00.0292 0x3594  umbus - ok

21:13:00.0307 0x3594  UmPass - ok

21:13:00.0322 0x3594  UmRdpService - ok

21:13:00.0337 0x3594  UnistoreSvc - ok

21:13:00.0358 0x3594  upnphost - ok

21:13:00.0375 0x3594  UrsChipidea - ok

21:13:00.0390 0x3594  UrsCx01000 - ok

21:13:00.0406 0x3594  UrsSynopsys - ok

21:13:00.0421 0x3594  usbaudio - ok

21:13:00.0438 0x3594  usbccgp - ok

21:13:00.0452 0x3594  usbcir - ok

21:13:00.0469 0x3594  usbehci - ok

21:13:00.0484 0x3594  usbhub - ok

21:13:00.0500 0x3594  USBHUB3 - ok

21:13:00.0514 0x3594  usbohci - ok

21:13:00.0529 0x3594  usbprint - ok

21:13:00.0542 0x3594  usbscan - ok

21:13:00.0556 0x3594  usbser - ok

21:13:00.0572 0x3594  USBSTOR - ok

21:13:00.0589 0x3594  usbuhci - ok

21:13:00.0603 0x3594  USBXHCI - ok

21:13:00.0619 0x3594  UserDataSvc - ok

21:13:00.0641 0x3594  UserManager - ok

21:13:00.0655 0x3594  UsoSvc - ok

21:13:00.0670 0x3594  VaultSvc - ok

21:13:00.0685 0x3594  vdrvroot - ok

21:13:00.0702 0x3594  vds - ok

21:13:00.0718 0x3594  VerifierExt - ok

21:13:00.0734 0x3594  vhdmp - ok

21:13:00.0750 0x3594  vhf - ok

21:13:00.0768 0x3594  ViaC7 - ok

21:13:00.0784 0x3594  vmbus - ok

21:13:00.0800 0x3594  VMBusHID - ok

21:13:00.0815 0x3594  vmgid - ok

21:13:00.0830 0x3594  vmicguestinterface - ok

21:13:00.0844 0x3594  vmicheartbeat - ok

21:13:00.0859 0x3594  vmickvpexchange - ok

21:13:00.0873 0x3594  vmicrdv - ok

21:13:00.0887 0x3594  vmicshutdown - ok

21:13:00.0902 0x3594  vmictimesync - ok

21:13:00.0918 0x3594  vmicvmsession - ok

21:13:00.0932 0x3594  vmicvss - ok

21:13:00.0949 0x3594  volmgr - ok

21:13:00.0965 0x3594  volmgrx - ok

21:13:00.0979 0x3594  volsnap - ok

21:13:00.0992 0x3594  volume - ok

21:13:01.0007 0x3594  vsmraid - ok

21:13:01.0022 0x3594  VSS - ok

21:13:01.0037 0x3594  VSTXRAID - ok

21:13:01.0051 0x3594  vwifibus - ok

21:13:01.0067 0x3594  vwififlt - ok

21:13:01.0084 0x3594  W32Time - ok

21:13:01.0104 0x3594  WacomPen - ok

21:13:01.0119 0x3594  WalletService - ok

21:13:01.0135 0x3594  wanarp - ok

21:13:01.0152 0x3594  wanarpv6 - ok

21:13:01.0167 0x3594  wbengine - ok

21:13:01.0182 0x3594  WbioSrvc - ok

21:13:01.0196 0x3594  wcifs - ok

21:13:01.0211 0x3594  Wcmsvc - ok

21:13:01.0225 0x3594  wcncsvc - ok

21:13:01.0239 0x3594  wcnfs - ok

21:13:01.0253 0x3594  WdBoot - ok

21:13:01.0267 0x3594  Wdf01000 - ok

21:13:01.0283 0x3594  WdFilter - ok

21:13:01.0299 0x3594  WdiServiceHost - ok

21:13:01.0313 0x3594  WdiSystemHost - ok

21:13:01.0328 0x3594  wdiwifi - ok

21:13:01.0337 0x3594  WdNisDrv - ok

21:13:01.0351 0x3594  WdNisSvc - ok

21:13:01.0367 0x3594  WebClient - ok

21:13:01.0383 0x3594  Wecsvc - ok

21:13:01.0397 0x3594  WEPHOSTSVC - ok

21:13:01.0410 0x3594  wercplsupport - ok

21:13:01.0425 0x3594  WerSvc - ok

21:13:01.0439 0x3594  WFPLWFS - ok

21:13:01.0453 0x3594  WiaRpc - ok

21:13:01.0468 0x3594  WIMMount - ok

21:13:01.0487 0x3594  WinDefend - ok

21:13:01.0517 0x3594  WindowsTrustedRT - ok

21:13:01.0533 0x3594  WindowsTrustedRTProxy - ok

21:13:01.0549 0x3594  WinHttpAutoProxySvc - ok

21:13:01.0564 0x3594  winmgmt - ok

21:13:01.0578 0x3594  WinRM - ok

21:13:01.0620 0x3594  WINUSB - ok

21:13:01.0633 0x3594  wisvc - ok

21:13:01.0650 0x3594  Wlansvc - ok

21:13:01.0665 0x3594  wlidsvc - ok

21:13:01.0681 0x3594  WmiAcpi - ok

21:13:01.0705 0x3594  wmiApSrv - ok

21:13:01.0720 0x3594  WMPNetworkSvc - ok

21:13:01.0735 0x3594  Wof - ok

21:13:01.0757 0x3594  workfolderssvc - ok

21:13:01.0771 0x3594  WPDBusEnum - ok

21:13:01.0786 0x3594  WpdUpFltr - ok

21:13:01.0801 0x3594  WpnService - ok

21:13:01.0816 0x3594  WpnUserService - ok

21:13:01.0839 0x3594  ws2ifsl - ok

21:13:01.0852 0x3594  wscsvc - ok

21:13:01.0867 0x3594  WSearch - ok

21:13:01.0893 0x3594  wuauserv - ok

21:13:01.0907 0x3594  WudfPf - ok

21:13:01.0922 0x3594  WUDFRd - ok

21:13:01.0936 0x3594  wudfsvc - ok

21:13:01.0951 0x3594  WUDFWpdFs - ok

21:13:01.0967 0x3594  WUDFWpdMtp - ok

21:13:01.0982 0x3594  WwanSvc - ok

21:13:02.0000 0x3594  XblAuthManager - ok

21:13:02.0016 0x3594  XblGameSave - ok

21:13:02.0031 0x3594  xboxgip - ok

21:13:02.0044 0x3594  XboxNetApiSvc - ok

21:13:02.0059 0x3594  xinputhid - ok

21:13:02.0073 0x3594  ================ Scan global ===============================

21:13:02.0091 0x3594  [ Global ] - ok

21:13:02.0095 0x3594  ================ Scan MBR ==================================

21:13:02.0113 0x3594  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

21:13:02.0708 0x3594  \Device\Harddisk0\DR0 - ok

21:13:02.0734 0x3594  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

21:13:02.0896 0x3594  \Device\Harddisk1\DR1 - ok

21:13:02.0897 0x3594  ================ Scan VBR ==================================

21:13:02.0905 0x3594  [ 7A1BA37C3003009C71FF62F5DB378A75 ] \Device\Harddisk1\DR1\Partition1

21:13:02.0915 0x3594  \Device\Harddisk1\DR1\Partition1 - ok

21:13:02.0916 0x3594  ================ Scan generic autorun ======================

21:13:02.0916 0x3594  StartCCC - ok

21:13:02.0921 0x3594  ControlCenter4 - ok

21:13:02.0929 0x3594  RTHDVCPL - ok

21:13:02.0935 0x3594  BrStsMon00 - ok

21:13:02.0942 0x3594  BrStsInd00 - ok

21:13:02.0949 0x3594  WindowsDefender - ok

21:13:02.0954 0x3594  OneDriveSetup - ok

21:13:02.0962 0x3594  OneDriveSetup - ok

21:13:02.0968 0x3594  OneDrive - ok

21:13:02.0974 0x3594  Codec Pack Update Checker - ok

21:13:02.0982 0x3594  SmartRAM - ok

21:13:02.0987 0x3594  GoogleChromeAutoLaunch_9DEFA08D46C237F8534E2876CABE262C - ok

21:13:02.0994 0x3594  OneDriveSetup - ok

21:13:03.0001 0x3594  WAB Migrate - ok

21:13:03.0105 0x3594  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )

21:13:03.0121 0x3594  Win FW state via NFP2: enabled ( trusted )

21:13:03.0300 0x3594  ============================================================

21:13:03.0300 0x3594  Scan finished

21:13:03.0300 0x3594  ============================================================

21:13:03.0338 0x2c14  Detected object count: 0

21:13:03.0338 0x2c14  Actual detected object count: 0

21:18:19.0476 0x1120  Deinitialize success

aswMBR.txt

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software

Run date: 2016-10-23 21:45:25

-----------------------------

21:45:25.599    OS Version: Windows 6.2.9200

21:45:25.599    Number of processors: 2 586 0x100

21:45:25.605    ComputerName: ACINONYX-PC  UserName: Acinonyx

21:45:30.813    Initialize success

21:45:30.826    VM: initialized successfully

21:45:30.828    VM: Amd CPU supported

21:47:13.867    AVAST engine defs: 16102300

21:58:43.555    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000024

21:58:43.577    Disk 0 Vendor:   Size: 0MB BusType: 0

21:58:43.585    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000002b

21:58:43.591    Disk 1 Vendor:   Size: 0MB BusType: 0

21:58:43.610    Disk 0 MBR read successfully

21:58:43.619    Disk 0 MBR scan

21:58:43.834    Disk 0 Windows 7 default MBR code

21:58:43.841    Disk 0 MBR hidden

21:58:43.858    Disk 0 Partition 1 00     42          SFS                 0 MB offset 63

21:58:43.879    Disk 0 Partition 2 00     27 Hidden NTFS WinRE NTFS        20992 MB offset 2048

21:58:43.954    Disk 0 Partition 3 80 (A) 42          SFS NTFS          100 MB offset 42993664

21:58:44.068    Disk 0 Partition 4 00     42          SFS NTFS       678232 MB offset 43198464

21:58:44.157    Disk 0 scanning C:\WINDOWS\system32\drivers

21:58:44.172    Service scanning

21:59:36.460    Service MpKslc3e255fb C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{028597D6-7147-4875-9A24-DA0DF6E7A475}\MpKslc3e255fb.sys **LOCKED** 32

22:00:21.424    Modules scanning

22:00:21.457    Disk 0 trace - called modules:

22:00:21.477   

22:00:25.547    AVAST engine scan C:\

22:00:25.560    Disk 0 statistics 17/0/0 @ 0.18 MB/s

22:00:25.571    Scan finished successfully

22:17:45.794    Disk 0 MBR has been saved successfully to "D:\programm\MBR.dat"

22:17:46.032    The log file has been saved successfully to "D:\programm\aswMBR.txt"

 

Thank you for your time!

 

Regards,

 

Acinonyx
                    
........|\___/|
........)'•...•'(
......=\=.Y.=/=
.........\ -''-/ 
.........)===(..._
......../........\....\\
.......|.m..m.|...//   
....../............\.// 
......\............//  
____/\___/\__

 

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 23 October 2016 - 07:53 PM

Perfect! :)

I need to gather some additional information. Please do this.

===================================================

Farbar's Recovery Scan Tool Registry Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
MpKslc3e255fb
  • Click the Search Registry button
  • When completed click OK and a SearchReg.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SearchReg.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Acinonyx

Acinonyx
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:44 AM

Posted 24 October 2016 - 05:24 PM

:hello: Evening, Gary!

 

 

SearchReg.txt

 

Farbar Recovery Scan Tool (x86) Version: 16-10-2016

Ran by Acinonyx (25-10-2016 00:22:32)
Running from D:\programm\FRST
Boot Mode: Normal
 
================== Search Registry: "MpKslc3e255fb" ===========
 
 
====== End of Search ======
 

Thank you for your time!

 

Regards,

 

Acinonyx
                    
........|\___/|
........)'•...•'(
......=\=.Y.=/=
.........\ -''-/ 
.........)===(..._
......../........\....\\
.......|.m..m.|...//   
....../............\.// 
......\............//  
____/\___/\__



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 24 October 2016 - 06:07 PM

Thanks. Now do the same thing except select Search File(s) instead of Search Registry.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Acinonyx

Acinonyx
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:44 AM

Posted 24 October 2016 - 08:53 PM

:thumbup2:

 

Search.txt

 

Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by Acinonyx (25-10-2016 03:16:28)
Running from D:\programm\FRST
Boot Mode: Normal
 
================== Search Files: "MpKslc3e255fb" =============
 
====== End of Search ======
 
Regards, 
 
Acinonyx
                    
........|\___/|
........)'•...•'(
......=\=.Y.=/=
.........\ -''-/ 
.........)===(..._
......../........\....\\
.......|.m..m.|...//   
....../............\.// 
......\............//  
____/\___/\__


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 24 October 2016 - 09:05 PM

Can you update on your computer behavior?

Let's do this please.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook and save it to your Desktop.
  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:filefind
*MpKslc3e255fb*
:regfind
*MpKslc3e255fb*
:dir
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{028597D6-7147-4875-9A24-DA0DF6E7A475}\ /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Behavior?
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Acinonyx

Acinonyx
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:44 AM

Posted 25 October 2016 - 12:29 AM

Morning, Gary  :busy:

 

Behavior?

It got much better when I've uninstalled the Driver Booster and other (recommended) programs. Then, I have not had popups for a couple of days.

 

SystemLook log

SystemLook 30.07.11 by jpshortstuff

Log created at 07:15 on 25/10/2016 by Acinonyx
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*MpKslc3e255fb*"
No files found.
 
========== regfind ==========
 
Searching for "*MpKslc3e255fb*"
No data found.
 
========== dir ==========
 
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{028597D6-7147-4875-9A24-DA0DF6E7A475} - Unable to find folder.
 
-= EOF =-
 

I have some questions regarding this:  1). ref. Advanced System Care, is there another program to help me check registry errors and clean cookies, all that stuff; 2). I use Team Viewer to control my son's work, is it safe or I should/may use another alternative that can allow me block content "invisibly" while he's online?

 
Thank you for everything you do and mostly for your time!  :rolleyes:
 
Acinonyx
                    
........|\___/|
........)'•...•'(
......=\=.Y.=/=
.........\ -''-/ 
.........)===(..._
......../........\....\\
.......|.m..m.|...//   
....../............\.// 
......\............//  
____/\___/\__


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 PM

Posted 25 October 2016 - 08:35 AM

Gretings Simona,

We have been chasing that file/registry entry because it was identified by aswMBR. It seems it does not really exist and since your computer behavior has improved (I was wondering if that detection was involved) I am not going to worry about it.

BleepingComputer does not recommend the use of Registry cleaners because of the potential damage that can be done. In general I steer away from IOBIT but that is my personal preference. A smaller program is CCleaner but I would strongly suggest you do not use the registry related components. I am currently working on a Topic where a User inadvertently believed a registry entry should be removed and after having done that we have so far been unable to resolve his unbootable computer as a result of that deletion. This is just an example of the damage that can be done when the registry is manipulated. The risks are high if you are not well versed in registry issues.

I personally use TeamViewer Free and have not had any issues with it at all.

Let's run a couple of follow up scans.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users