Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

liveadexchanger.com redirects even in python


  • This topic is locked This topic is locked
10 replies to this topic

#1 hahayeahhahah

hahayeahhahah

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 16 August 2017 - 06:56 AM

Hi. I have a nasty virus that redirects to https ://www.liveadexchanger.com/script/preurl.php?r=1626479 once every 10 requests.

It came from this download for abdGui_1_0.exe. http ://d-h.st/e2pA

The download also installed a bitcoin miner maxtool.exe

Thanks

 

Attached File  FRST.txt   70.09KB   4 downloadsAttached File  Addition.txt   65.98KB   3 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2017 01
Ran by pm (administrator) on ASUS (16-08-2017 13:35:35)
Running from C:\Users\pm\Downloads
Loaded Profiles: pm (Available Profiles: pm & Ditte & ad)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {0ad47607-0912-11e6-82eb-5404a6420d2f} - V:\SETUP.EXE
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {631c6fc3-0934-11e6-8128-e0b9a545f00a} - V:\setup.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {73beb98b-fa6c-11e6-b4ee-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {73beb9aa-fa6c-11e6-b4ee-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {a7b01f32-0ee2-11e7-a486-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {ad0d1bad-08b9-11e6-9663-5404a6420d2f} - V:\SETUP.EXE
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fa7f42a9-1555-11e7-85ac-5404a6420d2f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL X:\setup.hta
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb3c5cb3-0f97-11e7-9704-5404a6420d2f} - W:\setup.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb44b405-367e-11e7-b658-5404a6420d2f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb44b5c9-367e-11e7-b658-5404a6420d2f} - W:\Autoplay.exe -auto
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2016-03-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-03-22] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-08-12] ()
Startup: C:\Users\pm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-08-12] ()
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ACE8923F-429F-48A6-983B-BAFAD7B7C11E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D76A125A-0254-4BF6-892B-6BFFB2654119}: [NameServer] 52.29.2.17
Tcpip\..\Interfaces\{D76A125A-0254-4BF6-892B-6BFFB2654119}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

FireFox:
========
FF DefaultProfile: 3hscxf3n.default-1502395277761
FF DefaultProfile: uadbijbe.default-1502441354637
FF ProfilePath: C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761 [2017-08-11]
FF Extension: (Brief) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\brief@mozdev.org.xpi [2017-08-10]
FF Extension: (checkCompatibility2) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\check-compatibility2@googlecode.com.xpi [2017-08-11]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2017-08-10]
FF Extension: (Reddit Enhancement Suite) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-08-10]
FF Extension: (ScrapBook X) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\scrapbookx@addons.mozilla.org.xpi [2017-08-11]
FF Extension: (LastPass: Free Password Manager) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\support@lastpass.com [2017-08-10]
FF Extension: (uBlock Origin) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\uBlock0@raymondhill.net.xpi [2017-08-10]
FF Extension: (Tab Mix Plus) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-10]
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [not found]
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\brief@mozdev.org.xpi [not found]
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\scrapbookx@addons.mozilla.org.xpi [not found]
FF ProfilePath: C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637 [2017-08-16]
FF Homepage: Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637 -> about:blank
FF NetworkProxy: Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637 -> type", 0
FF Extension: (Brief) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\brief@mozdev.org.xpi [2017-08-11]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2017-08-13]
FF Extension: (Privacy Badger) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2017-08-13]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\marcoagpinto@mail.telepac.pt [2017-08-11]
FF Extension: (ScrapBook X) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\scrapbookx@addons.mozilla.org.xpi [2017-08-11]
FF Extension: (LastPass: Free Password Manager) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\support@lastpass.com [2017-08-11]
FF Extension: (uBlock Origin) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\uBlock0@raymondhill.net.xpi [2017-08-11]
FF Extension: (Tab Mix Plus) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-11]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-08-09] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-08-09] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-08-09] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-02] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-26] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @gpac/osmozilla,version=1.0 -> C:\Program Files (x86)\GPAC\nposmozilla.dll [2017-04-27] ( )
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\pm\AppData\Local\htyh\application\htwebHelper.dll [No File]
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-26] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] -  <not found>
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-21] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-21] (Dropbox, Inc.)
S4 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-08-10] (Dropbox, Inc.)
S4 Ext2Srv; C:\Program Files\Ext2Fsd\Ext2Srv.exe [32256 2016-04-13] (www.ext2fsd.com)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-04-05] (NVIDIA Corporation)
S4 Jackett; C:\ProgramData\Jackett\JackettService.exe [376320 2017-08-12] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-04-05] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-04-05] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-04-05] (NVIDIA Corporation)
S4 Radarr; C:\ProgramData\Radarr\bin\radarr.console.exe [90112 2017-07-12] (radarr.tv) [File not signed]
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [800256 2016-04-13] (www.ext2fsd.com)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
S4 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-07-11] ()
R4 KProcessHacker3; C:\Program Files\Process Hacker 2\kprocesshacker.sys [45208 2016-03-29] (wj32)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-04-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21] (The OpenVPN Project)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-18] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [137920 2017-04-18] (Oracle Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-08-10] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-08-10] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 13:35 - 2017-08-16 13:35 - 000000000 ____D C:\Users\pm\Downloads\FRST-OlderVersion
2017-08-16 11:42 - 2017-08-16 11:42 - 001133520 _____ C:\Users\pm\Documents\ad.pcapng
2017-08-16 11:42 - 2017-08-16 11:42 - 000000000 ____D C:\Users\pm\Documents\ad
2017-08-16 11:23 - 2017-08-16 11:23 - 000000327 _____ C:\Windows\system32\InstallUtil.InstallLog
2017-08-15 19:51 - 2017-08-15 19:51 - 002600648 _____ (Sandboxie Holdings, LLC) C:\Users\pm\Downloads\SandboxieInstall.exe
2017-08-15 19:43 - 2017-08-15 19:43 - 005491448 _____ (Sandboxie Holdings, LLC) C:\Users\pm\Downloads\SandboxieInstall64-520.exe
2017-08-15 18:43 - 2017-08-15 18:43 - 000000000 ____D C:\ProgramData\Emsisoft
2017-08-15 18:41 - 2017-08-15 19:36 - 000000000 ____D C:\EEK
2017-08-15 18:40 - 2017-08-15 18:36 - 000053247 _____ C:\Users\pm\Downloads\zoek-results.txt
2017-08-15 18:23 - 2017-08-15 18:24 - 363880120 _____ C:\Users\pm\Downloads\EmsisoftEmergencyKit.exe
2017-08-15 18:18 - 2017-08-15 18:18 - 000000000 ____D C:\zoek_backup
2017-08-15 17:46 - 2017-08-15 17:46 - 001309184 _____ C:\Users\pm\Downloads\zoek.exe
2017-08-15 17:42 - 2017-08-15 17:56 - 000073190 _____ C:\Users\pm\Downloads\Addition.txt
2017-08-15 17:39 - 2017-08-16 13:36 - 000015975 _____ C:\Users\pm\Downloads\FRST.txt
2017-08-15 17:39 - 2017-08-16 13:35 - 002395648 _____ (Farbar) C:\Users\pm\Downloads\FRST64.exe
2017-08-15 17:39 - 2017-08-16 13:35 - 000000000 ____D C:\FRST
2017-08-15 17:35 - 2017-08-15 17:35 - 000010655 _____ C:\Users\pm\Downloads\9bf7e98b54d49a6d993b-208cc2481f88e216cac0ea7ebff1cd1c5f31c872.zip
2017-08-15 17:01 - 2017-08-15 17:01 - 000002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-08-15 17:01 - 2017-08-15 17:01 - 000001945 _____ C:\Windows\epplauncher.mif
2017-08-15 17:01 - 2017-08-15 17:01 - 000000000 ____D C:\Program Files\Microsoft Security Client
2017-08-15 17:01 - 2017-08-15 17:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-08-15 17:00 - 2017-08-15 17:00 - 015065792 _____ (Microsoft Corporation) C:\Users\pm\Downloads\mseinstall.exe
2017-08-15 15:55 - 2017-08-15 17:21 - 000000000 ____D C:\Program Files\BCUninstaller
2017-08-15 15:55 - 2017-08-15 15:59 - 000000872 _____ C:\Users\Public\Desktop\BCUninstaller.lnk
2017-08-15 15:55 - 2017-08-15 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BCUninstaller
2017-08-15 15:54 - 2017-08-15 15:54 - 002692424 _____ (Marcin Szeniak ) C:\Users\pm\Downloads\BCUninstaller_3.13_setup.exe
2017-08-15 15:50 - 2017-08-16 10:35 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2017-08-15 15:50 - 2017-08-15 15:50 - 000001266 _____ C:\Users\Public\Desktop\Maiagames.lnk
2017-08-15 15:50 - 2017-08-15 15:50 - 000000000 ____D C:\ProgramData\GlarySoft
2017-08-15 15:49 - 2017-08-15 15:49 - 005236784 _____ C:\Users\pm\Downloads\ausetup.exe
2017-08-15 09:25 - 2017-08-15 09:26 - 163364753 _____ C:\Users\pm\Downloads\VGA_nVidia_Win7_64_Z817126754.zip
2017-08-15 09:25 - 2017-08-15 09:26 - 085755429 _____ C:\Users\pm\Downloads\VGA_Intel_Win7_64_Z815102405.zip
2017-08-15 09:25 - 2017-08-15 09:25 - 087318517 _____ C:\Users\pm\Downloads\Audio_Realtek_Win7_64_Z6016334.zip
2017-08-15 09:24 - 2017-08-15 09:24 - 104757922 _____ C:\Users\pm\Downloads\Bluetooth_AW_NB037_Win7_32_Win7_64_Z72065.zip
2017-08-15 09:24 - 2017-08-15 09:24 - 002609804 _____ C:\Users\pm\Downloads\Chipset_Intel_INFUpdate_Win7_32_64_Z9201021.zip
2017-08-15 09:24 - 2017-08-15 09:24 - 002089740 _____ C:\Users\pm\Downloads\WLAN_Atheros_PNP_Win7_64_Z920458.zip
2017-08-15 09:23 - 2017-08-15 09:23 - 008429031 _____ C:\Users\pm\Downloads\CardReader_Alcor_WIN7_32_WIN7_64_z181726026.zip
2017-08-15 09:23 - 2017-08-15 09:23 - 007213471 _____ C:\Users\pm\Downloads\Touchpad_Elantech_Win7_64_z70516.zip
2017-08-15 09:23 - 2017-08-15 09:23 - 005745288 _____ C:\Users\pm\Downloads\LAN_Realtek_Win7_64_Z7412162011.zip
2017-08-14 22:28 - 2017-08-14 22:28 - 000262144 _____ C:\Windows\system32\config\userdiff
2017-08-14 19:21 - 2017-08-14 19:21 - 000000085 _____ C:\Windows\wininit.ini
2017-08-14 17:55 - 2017-08-14 17:55 - 001761817 _____ C:\Users\pm\Downloads\TotalUninstaller.zip
2017-08-14 17:55 - 2017-08-14 17:55 - 000000000 ____D C:\Users\pm\Downloads\TotalUninstaller
2017-08-14 17:46 - 2017-08-14 17:46 - 000085395 _____ C:\Users\pm\Downloads\ofview-x64.zip
2017-08-14 17:45 - 2017-08-14 17:45 - 000069317 _____ C:\Users\pm\Downloads\ofview.zip
2017-08-14 16:17 - 2017-08-14 16:41 - 000000000 ____D C:\Users\pm\AppData\Local\VSIXInstaller
2017-08-14 15:50 - 2017-08-14 15:51 - 015177768 _____ (Cybergenic Corp ) C:\Users\pm\Downloads\esc_setup.exe
2017-08-14 12:13 - 2010-11-21 05:23 - 000383786 __RSH C:\bootmgr
2017-08-14 09:51 - 2017-08-14 09:51 - 000000002 _____ C:\$UpgDrv$
2017-08-14 09:31 - 2017-08-14 09:31 - 000001890 _____ C:\Windows\diagwrn.xml
2017-08-14 09:31 - 2017-08-14 09:31 - 000001890 _____ C:\Windows\diagerr.xml
2017-08-14 09:23 - 2017-08-14 09:23 - 000000000 ___SD C:\Windows\SysWOW64\GWX
2017-08-14 09:23 - 2017-08-14 09:23 - 000000000 ___SD C:\Windows\system32\GWX
2017-08-14 09:08 - 2017-08-14 09:09 - 000000000 ____D C:\Users\ad\AppData\Roaming\Notepad++
2017-08-14 09:08 - 2017-08-14 09:08 - 002857586 _____ C:\ad.reg
2017-08-14 09:08 - 2017-08-14 09:08 - 000000000 ____D C:\Users\ad\AppData\Local\NVIDIA Corporation
2017-08-14 09:05 - 2017-08-14 09:06 - 001643577 _____ C:\Users\ad.zip
2017-08-14 09:04 - 2017-08-14 09:04 - 000001413 _____ C:\Users\ad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-14 09:04 - 2017-08-14 09:04 - 000000020 ___SH C:\Users\ad\ntuser.ini
2017-08-14 09:04 - 2017-08-14 09:04 - 000000000 ____D C:\Users\ad\AppData\Roaming\Adobe
2017-08-14 09:04 - 2017-08-14 09:04 - 000000000 ____D C:\Users\ad\AppData\Local\NVIDIA
2017-08-14 09:04 - 2017-08-14 09:04 - 000000000 ____D C:\Users\ad
2017-08-14 09:04 - 2011-04-12 10:28 - 000000000 ____D C:\Users\ad\AppData\Roaming\Media Center Programs
2017-08-14 08:59 - 2017-08-14 08:59 - 000000000 ____D C:\Users\Ditte\AppData\Roaming\Process Hacker 2
2017-08-14 08:58 - 2017-08-14 08:58 - 000011314 _____ C:\Process Hacker Processes.txt
2017-08-14 08:58 - 2017-08-14 08:58 - 000005756 _____ C:\Process Hacker Processes ditte.txt
2017-08-13 23:04 - 2017-08-13 23:04 - 000149746 _____ C:\Windows\ntbtlog.txt
2017-08-13 21:25 - 2017-08-13 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2017-08-13 21:25 - 2017-08-13 21:25 - 000000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2017-08-13 14:00 - 2017-08-13 14:00 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-08-13 13:59 - 2017-08-14 19:23 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-08-13 13:59 - 2017-08-14 19:21 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-08-13 13:46 - 2017-08-13 13:46 - 000000000 ____D C:\Users\pm\AppData\Roaming\J River
2017-08-13 13:40 - 2017-08-13 13:40 - 000003118 _____ C:\Windows\System32\Tasks\{C22FEADB-E7BB-411A-A093-932578BBF0FC}
2017-08-13 13:39 - 2017-08-13 13:39 - 000000000 ____D C:\Users\pm\AppData\Local\AdAwareDesktop
2017-08-13 13:33 - 2017-08-13 13:33 - 000000000 ____D C:\Users\pm\AppData\Local\AdAwareUpdater
2017-08-12 20:54 - 2017-08-12 20:54 - 000000000 ____D C:\Users\pm\AppData\Local\ESET
2017-08-12 19:08 - 2017-08-12 19:08 - 000030406 _____ C:\ProgramData\agent.uninstall.1502557713.bdinstall.bin
2017-08-12 19:06 - 2017-08-12 19:06 - 000000000 ____D C:\ProgramData\bdch
2017-08-12 17:40 - 2017-08-12 20:35 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-11 18:18 - 2017-08-11 18:18 - 001612648 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-08-11 17:33 - 2017-08-11 17:33 - 000030878 _____ C:\ProgramData\agent.update.1502465607.bdinstall.bin
2017-08-11 10:48 - 2017-08-11 10:48 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-11 10:48 - 2017-08-11 10:48 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-11 10:48 - 2017-08-11 10:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-11 10:48 - 2017-08-11 10:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-11 09:23 - 2017-08-11 09:23 - 000000702 _____ C:\Users\pm\Desktop\block.txt
2017-08-11 09:19 - 2017-08-11 09:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-10 23:28 - 2017-08-15 19:25 - 000000000 ____D C:\ADWARE
2017-08-10 23:08 - 2017-08-10 23:08 - 000000000 ____D C:\ProgramData\Bitdefender
2017-08-10 22:53 - 2017-08-10 22:53 - 000000000 ____D C:\Users\pm\AppData\Roaming\QuickScan
2017-08-10 22:49 - 2017-08-10 22:49 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-08-10 22:49 - 2017-08-10 22:49 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-08-10 22:45 - 2017-08-10 22:45 - 000048556 _____ C:\ProgramData\agent.1502397905.bdinstall.bin
2017-08-10 22:45 - 2017-08-10 22:45 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-08-10 22:01 - 2017-08-11 10:49 - 000000000 ____D C:\Users\pm\Desktop\Old Firefox Data
2017-08-10 19:51 - 2017-08-10 19:53 - 000000000 ____D C:\Users\pm\.FBReader
2017-08-10 19:51 - 2017-08-10 19:51 - 000001885 _____ C:\Users\pm\Desktop\FBReader.lnk
2017-08-10 19:51 - 2017-08-10 19:51 - 000001885 _____ C:\Users\Ditte\Desktop\FBReader.lnk
2017-08-10 19:51 - 2017-08-10 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
2017-08-10 19:50 - 2017-08-10 19:50 - 000000000 ____D C:\Users\pm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
2017-08-10 19:50 - 2017-08-10 19:50 - 000000000 ____D C:\Program Files (x86)\FBReader
2017-08-10 19:03 - 2017-08-10 19:03 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-08-10 19:03 - 2017-08-10 19:03 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-08-10 19:03 - 2017-08-10 19:03 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-08-10 19:03 - 2017-08-10 19:03 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-08-09 19:52 - 2017-08-09 19:52 - 000000000 ____D C:\Users\pm\AppData\Roaming\BBCiPlayerDownloads
2017-08-09 19:51 - 2017-08-09 19:51 - 000001138 _____ C:\Users\pm\Desktop\BBC iPlayer Downloads.lnk
2017-08-09 19:51 - 2017-08-09 19:51 - 000000000 ____D C:\Users\pm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2017-08-09 19:51 - 2017-08-09 19:51 - 000000000 ____D C:\Users\pm\AppData\Local\BBC
2017-08-09 09:11 - 2017-07-29 16:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 09:11 - 2017-07-21 16:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-09 09:11 - 2017-07-21 16:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-09 09:11 - 2017-07-21 16:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-09 09:11 - 2017-07-21 16:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-09 09:11 - 2017-07-15 20:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-09 09:11 - 2017-07-15 19:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 09:11 - 2017-07-14 17:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 09:11 - 2017-07-14 17:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 09:11 - 2017-07-14 17:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 09:11 - 2017-07-14 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-09 09:11 - 2017-07-14 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-09 09:11 - 2017-07-14 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 09:11 - 2017-07-14 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-09 09:11 - 2017-07-14 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-09 09:11 - 2017-07-14 16:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 09:11 - 2017-07-14 16:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-09 09:11 - 2017-07-14 16:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-09 09:11 - 2017-07-14 09:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-09 09:11 - 2017-07-14 09:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-09 09:11 - 2017-07-14 08:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-09 09:11 - 2017-07-14 08:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-09 09:11 - 2017-07-14 08:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-09 09:11 - 2017-07-14 08:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-09 09:11 - 2017-07-14 08:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-09 09:11 - 2017-07-14 08:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-09 09:11 - 2017-07-14 08:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-09 09:11 - 2017-07-14 08:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-09 09:11 - 2017-07-14 08:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-09 09:11 - 2017-07-14 08:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-09 09:11 - 2017-07-14 08:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-09 09:11 - 2017-07-14 08:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-09 09:11 - 2017-07-14 08:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-09 09:11 - 2017-07-14 08:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-09 09:11 - 2017-07-14 08:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-09 09:11 - 2017-07-14 08:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-09 09:11 - 2017-07-14 07:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 09:11 - 2017-07-14 07:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-09 09:11 - 2017-07-14 07:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-09 09:11 - 2017-07-14 07:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-09 09:11 - 2017-07-14 07:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-09 09:11 - 2017-07-14 07:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-09 09:11 - 2017-07-14 07:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-09 09:11 - 2017-07-14 07:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-09 09:11 - 2017-07-14 07:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-09 09:11 - 2017-07-14 07:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-09 09:11 - 2017-07-14 07:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-09 09:11 - 2017-07-14 07:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-09 09:11 - 2017-07-14 07:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-09 09:11 - 2017-07-14 06:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-09 09:11 - 2017-07-14 06:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-09 09:11 - 2017-07-14 06:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-09 09:11 - 2017-07-14 05:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-09 09:11 - 2017-07-14 05:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-09 09:11 - 2017-07-14 04:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-09 09:11 - 2017-07-14 04:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-09 09:11 - 2017-07-14 04:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-09 09:11 - 2017-07-14 04:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-09 09:11 - 2017-07-14 04:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-09 09:11 - 2017-07-14 04:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-09 09:11 - 2017-07-14 04:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-09 09:11 - 2017-07-14 04:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-09 09:11 - 2017-07-14 04:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-09 09:11 - 2017-07-14 04:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-09 09:11 - 2017-07-14 04:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-09 09:11 - 2017-07-14 04:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-09 09:11 - 2017-07-14 04:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-09 09:11 - 2017-07-14 04:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-09 09:11 - 2017-07-14 04:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-09 09:11 - 2017-07-14 04:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-09 09:11 - 2017-07-14 04:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-09 09:11 - 2017-07-14 04:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-09 09:11 - 2017-07-14 04:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-09 09:11 - 2017-07-14 04:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-09 09:11 - 2017-07-14 04:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-09 09:11 - 2017-07-14 04:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-09 09:11 - 2017-07-14 04:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-09 09:11 - 2017-07-14 04:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-09 09:11 - 2017-07-14 04:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-09 09:11 - 2017-07-14 04:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-09 09:11 - 2017-07-14 04:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-09 09:11 - 2017-07-14 03:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-09 09:11 - 2017-07-14 03:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-09 09:11 - 2017-07-14 03:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-09 09:11 - 2017-07-08 17:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 09:11 - 2017-07-08 17:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 09:11 - 2017-07-07 17:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-09 09:11 - 2017-07-07 17:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 09:11 - 2017-07-07 17:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-09 09:11 - 2017-07-07 17:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 09:11 - 2017-07-07 17:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 09:11 - 2017-07-07 17:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 09:11 - 2017-07-07 17:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-09 09:11 - 2017-07-07 17:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-09 09:11 - 2017-07-07 17:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000019260 _____ C:\Windows\SysWOW64\aalixr16.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 09:11 - 2017-07-07 17:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 09:11 - 2017-07-07 17:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 09:11 - 2017-07-07 17:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 09:11 - 2017-07-07 16:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-09 09:11 - 2017-07-07 16:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 09:11 - 2017-07-07 16:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 09:11 - 2017-07-07 16:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 09:11 - 2017-07-07 16:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 09:11 - 2017-07-07 16:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 09:11 - 2017-07-07 16:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 09:11 - 2017-07-07 16:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-09 09:11 - 2017-07-07 16:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-09 09:11 - 2017-07-07 16:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-09 09:11 - 2017-07-07 16:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-09 09:11 - 2017-07-07 16:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-09 09:11 - 2017-07-07 16:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-09 09:11 - 2017-07-07 16:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 16:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 16:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 16:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-08 10:16 - 2017-08-08 10:16 - 000000000 ____D C:\Users\pm\AppData\Local\Windscribe
2017-08-08 10:14 - 2017-08-08 19:32 - 000000000 ____D C:\Program Files (x86)\Windscribe
2017-08-08 10:14 - 2017-04-21 04:16 - 000045560 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2017-08-05 20:05 - 2017-08-05 20:05 - 004591846 _____ C:\Users\pm\xmltv.php@username=griever92@gmail.com&password=8Q7Jynnn39
2017-08-05 20:05 - 2017-08-05 20:05 - 000000000 _____ C:\Users\pm\xmltv.php@username=griever92@gmail.com
2017-08-04 20:17 - 2017-08-12 20:50 - 000014420 _____ C:\Windows\System32\Tasks\max
2017-07-31 19:38 - 2017-07-31 19:38 - 000000000 ____D C:\Users\pm\AppData\Local\XmlExplorer
2017-07-31 19:37 - 2017-07-31 19:37 - 000002727 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XML Explorer.lnk
2017-07-31 19:37 - 2017-07-31 19:37 - 000002715 _____ C:\Users\Public\Desktop\XML Explorer.lnk
2017-07-31 19:37 - 2017-07-31 19:37 - 000000000 ____D C:\Program Files (x86)\XML Explorer
2017-07-31 19:28 - 2017-07-31 19:30 - 000000000 ____D C:\WiiBackupManager_Build78
2017-07-25 20:20 - 2017-07-25 20:20 - 000000649 _____ C:\Users\pm\.gitconfig
2017-07-24 17:04 - 2017-07-24 17:03 - 000000270 _____ C:\Users\pm\ra.xml.2
2017-07-24 17:01 - 2017-07-24 16:56 - 000000326 _____ C:\Users\pm\ra.xml.1
2017-07-24 16:57 - 2017-07-24 16:56 - 000000326 _____ C:\Users\pm\ra.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 13:35 - 2017-07-11 15:29 - 000051162 _____ C:\Windows\ZAM.krnl.trace
2017-08-16 13:35 - 2017-07-11 15:29 - 000020500 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-08-16 12:32 - 2016-04-22 19:45 - 000000000 ____D C:\Users\pm
2017-08-16 12:05 - 2009-07-14 06:45 - 000023152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-16 12:05 - 2009-07-14 06:45 - 000023152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-16 12:00 - 2016-04-22 21:48 - 000003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-08-16 11:55 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-16 11:51 - 2016-04-23 07:28 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-08-16 11:51 - 2016-04-23 07:28 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-08-16 11:51 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-08-16 11:36 - 2017-03-08 13:28 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-08-16 11:33 - 2016-04-23 13:15 - 000000000 ____D C:\ProgramData\Skype
2017-08-16 11:31 - 2016-05-10 12:24 - 000000000 ____D C:\temp
2017-08-16 11:31 - 2016-04-23 06:46 - 000000000 ____D C:\Users\pm\AppData\Roaming\Adobe
2017-08-16 11:26 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-08-16 11:19 - 2017-01-06 13:15 - 000000000 ____D C:\Users\pm\AppData\Local\Android
2017-08-16 11:01 - 2017-01-06 13:12 - 000000000 ____D C:\Program Files\Android
2017-08-16 11:00 - 2016-04-23 08:08 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-16 10:58 - 2016-04-23 08:06 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-08-16 10:57 - 2017-03-26 10:46 - 000000000 ____D C:\Octave
2017-08-16 10:49 - 2017-03-22 11:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-08-16 10:49 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-16 10:40 - 2017-03-22 10:57 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-08-15 19:05 - 2017-07-11 16:27 - 000000000 ____D C:\Program Files\Sandboxie
2017-08-15 19:05 - 2017-07-11 14:38 - 000000000 ____D C:\ProgramData\WindowsErrorReporting
2017-08-15 19:05 - 2016-04-22 21:03 - 000000000 ____D C:\Program Files\KMSpico
2017-08-15 19:04 - 2016-04-23 05:39 - 000008192 __RSH C:\BOOTSECT.BAK
2017-08-15 18:51 - 2016-04-22 20:46 - 000109528 _____ C:\Users\pm\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-15 18:50 - 2009-07-14 06:45 - 005095016 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-15 18:26 - 2016-06-21 22:04 - 000000000 ____D C:\Users\pm\AppData\Local\CrashDumps
2017-08-15 17:22 - 2016-04-23 07:22 - 000000000 ____D C:\Program Files\Microsoft Office
2017-08-15 17:22 - 2011-04-12 10:28 - 000000000 ____D C:\Windows\ShellNew
2017-08-15 17:06 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-15 17:06 - 2009-07-14 04:34 - 000000387 _____ C:\Windows\win.ini
2017-08-15 16:57 - 2017-07-02 19:22 - 000000000 ___HD C:\adobeTemp
2017-08-15 16:57 - 2016-04-23 08:03 - 000000000 ____D C:\ProgramData\Adobe
2017-08-15 16:56 - 2016-04-23 08:07 - 000000000 ____D C:\Program Files\Adobe
2017-08-15 16:49 - 2016-04-23 08:02 - 000000000 ____D C:\Users\pm\AppData\Local\Adobe
2017-08-15 16:39 - 2017-03-26 17:40 - 000000000 ____D C:\Users\pm\AppData\Roaming\MathWorks
2017-08-15 16:39 - 2017-03-26 17:40 - 000000000 ____D C:\Users\pm\AppData\Local\MathWorks
2017-08-15 00:43 - 2016-04-23 07:31 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-08-15 00:43 - 2009-07-14 07:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2017-08-15 00:43 - 2009-07-14 05:20 - 000000000 __RSD C:\Windows\Media
2017-08-15 00:43 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Registration
2017-08-15 00:01 - 2017-04-03 22:11 - 000000000 ____D C:\Program Files\CamStudio 2.7
2017-08-14 23:57 - 2016-04-22 20:57 - 000000000 ____D C:\Program Files\7-Zip
2017-08-14 18:13 - 2017-03-22 11:01 - 000000000 ____D C:\Windows\SysWOW64\1033
2017-08-14 18:13 - 2017-03-22 10:59 - 000000000 ____D C:\Windows\system32\1033
2017-08-14 17:58 - 2016-04-23 08:14 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-08-14 16:44 - 2017-03-22 10:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-08-14 15:24 - 2017-06-17 17:52 - 000000000 ____D C:\ProgramData\Ableton
2017-08-14 09:27 - 2017-07-11 15:20 - 000003448 _____ C:\Users\pm\Desktop\Rkill.txt
2017-08-14 09:24 - 2017-07-11 15:21 - 000000000 ____D C:\Users\pm\Desktop\rkill
2017-08-14 09:04 - 2009-07-14 06:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-08-13 21:51 - 2016-04-26 09:53 - 000000000 ____D C:\Users\pm\AppData\Roaming\uTorrent
2017-08-13 21:11 - 2009-07-14 07:13 - 000785878 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-13 20:59 - 2016-04-24 20:43 - 000018516 _____ C:\Users\pm\.bash_history
2017-08-13 13:46 - 2017-05-17 09:41 - 000000000 ____D C:\Program Files (x86)\J River
2017-08-12 23:27 - 2017-03-22 11:29 - 000000000 ____D C:\Users\pm\Documents\Visual Studio 2015
2017-08-12 23:20 - 2016-05-21 18:36 - 000000000 ____D C:\Program Files\Process Hacker 2
2017-08-12 21:12 - 2017-06-21 10:06 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-12 21:12 - 2017-06-21 10:06 - 000000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-12 20:50 - 2017-06-21 10:06 - 000003908 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-08-12 20:50 - 2017-06-21 10:06 - 000003656 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-08-12 20:50 - 2017-03-08 13:30 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-12 20:50 - 2016-08-18 20:31 - 000004314 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-12 20:50 - 2016-04-22 21:03 - 000003360 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2017-08-12 20:50 - 2016-04-22 20:47 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-12 20:50 - 2016-04-22 20:47 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-12 19:10 - 2016-05-10 12:45 - 000000000 ____D C:\Windows\system32\appmgmt
2017-08-11 23:00 - 2016-04-24 18:55 - 000001990 ____H C:\Users\pm\Documents\Default.rdp
2017-08-11 23:00 - 2009-07-14 07:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-08-11 17:36 - 2017-06-10 00:26 - 000000000 ____D C:\Users\pm\AppData\Local\Everything
2017-08-11 17:36 - 2017-06-08 20:48 - 000000000 ____D C:\Users\pm\AppData\Roaming\Everything
2017-08-11 17:21 - 2016-04-22 20:47 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-11 17:20 - 2016-04-22 20:48 - 000000000 ____D C:\Users\pm\AppData\Local\Google
2017-08-11 13:57 - 2017-02-13 12:31 - 000000000 ____D C:\Users\pm\AppData\LocalLow\Mozilla
2017-08-11 10:48 - 2016-05-08 15:57 - 000000000 ____D C:\Users\pm\AppData\Roaming\Mozilla
2017-08-11 10:26 - 2017-06-21 10:12 - 000000000 ___RD C:\Users\pm\Dropbox
2017-08-11 09:55 - 2009-07-14 04:34 - 000412456 _____ C:\Windows\system32\Drivers\etc\HOSTS.bak
2017-08-11 09:20 - 2017-06-21 10:06 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-10 22:42 - 2017-07-11 14:38 - 000003154 _____ C:\Windows\System32\Tasks\588c13b2cf0f592950aea01f6c9a4be8
2017-08-10 22:10 - 2017-07-04 11:04 - 000000000 ____D C:\Program Files (x86)\EasiestSoft
2017-08-10 22:08 - 2017-07-04 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasiestSoft
2017-08-10 15:52 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2017-08-10 10:26 - 2016-04-23 00:01 - 000000000 ____D C:\Windows\system32\MRT
2017-08-10 10:15 - 2016-04-23 00:01 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-09 20:31 - 2017-04-26 19:43 - 000000000 ____D C:\Users\pm\Desktop\iPlayer Recordings
2017-08-09 20:26 - 2017-04-26 19:17 - 000000000 ____D C:\Users\pm\.get_iplayer
2017-08-09 17:47 - 2016-08-18 20:31 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-09 17:47 - 2016-08-18 20:31 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 17:47 - 2016-08-18 20:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-09 17:47 - 2016-08-18 20:31 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-09 09:05 - 2016-04-23 09:40 - 000000000 ____D C:\Windows\system32\catroot2.orig
2017-08-08 20:24 - 2016-04-22 20:56 - 000000000 ____D C:\Users\pm\AppData\Roaming\vlc
2017-08-08 19:35 - 2009-07-14 05:20 - 000000000 __RHD C:\Users\Public\Libraries
2017-08-08 19:17 - 2017-07-11 15:28 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-08-08 19:07 - 2017-06-17 12:18 - 000000000 ____D C:\Kodi17.3 FULL
2017-08-06 23:41 - 2016-04-23 08:42 - 000000600 _____ C:\Users\pm\AppData\Roaming\winscp.rnd
2017-08-04 20:17 - 2017-05-13 09:43 - 000000000 ____D C:\Users\pm\AppData\Roaming\Google
2017-08-03 20:55 - 2016-06-22 21:48 - 000000000 ____D C:\utils
2017-08-02 11:04 - 2016-04-23 10:03 - 000000000 ____D C:\ProgramData\Oracle
2017-08-02 09:08 - 2017-03-03 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-08-02 09:08 - 2016-05-10 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-02 09:08 - 2016-05-10 12:46 - 000000000 ____D C:\Program Files\Java
2017-08-02 09:06 - 2016-05-10 12:46 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-08-01 21:39 - 2017-06-01 20:51 - 000000000 ____D C:\Kodi17.3
2017-07-22 11:17 - 2016-04-26 20:20 - 000000000 ____D C:\Kodi16.1

==================== Files in the root of some directories =======

2016-04-26 09:28 - 2016-04-26 09:28 - 021572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-04-03 22:21 - 2017-04-03 22:21 - 000000072 _____ () C:\Users\pm\AppData\Roaming\Camdata.ini
2017-04-03 22:21 - 2017-04-03 22:21 - 000000408 _____ () C:\Users\pm\AppData\Roaming\CamLayout.ini
2017-04-03 22:21 - 2017-04-03 22:21 - 000000408 _____ () C:\Users\pm\AppData\Roaming\CamShapes.ini
2017-04-03 22:21 - 2017-04-03 22:21 - 000004537 _____ () C:\Users\pm\AppData\Roaming\CamStudio.cfg
2017-04-03 22:11 - 2017-04-03 22:11 - 000000096 _____ () C:\Users\pm\AppData\Roaming\version2.xml
2016-04-23 08:42 - 2017-08-06 23:41 - 000000600 _____ () C:\Users\pm\AppData\Roaming\winscp.rnd
2017-04-02 19:15 - 2017-04-02 20:21 - 000000600 _____ () C:\Users\pm\AppData\Local\PUTTY.RND
2017-05-31 10:58 - 2017-05-31 10:58 - 000001218 _____ () C:\Users\pm\AppData\Local\recently-used.xbel
2016-05-15 18:23 - 2016-05-15 18:23 - 000007667 _____ () C:\Users\pm\AppData\Local\Resmon.ResmonCfg
2017-08-10 22:45 - 2017-08-10 22:45 - 000048556 _____ () C:\ProgramData\agent.1502397905.bdinstall.bin
2017-08-12 19:08 - 2017-08-12 19:08 - 000030406 _____ () C:\ProgramData\agent.uninstall.1502557713.bdinstall.bin
2017-08-11 17:33 - 2017-08-11 17:33 - 000030878 _____ () C:\ProgramData\agent.update.1502465607.bdinstall.bin
2017-07-11 15:14 - 2017-07-11 15:14 - 000000004 _____ () C:\ProgramData\_lg.3sap

Some files in TEMP:
====================
2017-08-16 11:23 - 2017-02-14 12:59 - 000104928 _____ (Emby Media) C:\Users\pm\AppData\Local\Temp\MediaBrowser.Uninstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-11 09:14

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2017 01
Ran by pm (16-08-2017 13:37:13)
Running from C:\Users\pm\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-04-22 17:45:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ad (S-1-5-21-3544083035-440599331-3152633296-1006 - Administrator - Enabled) => C:\Users\ad
Administrator (S-1-5-21-3544083035-440599331-3152633296-500 - Administrator - Disabled)
Ditte (S-1-5-21-3544083035-440599331-3152633296-1002 - Administrator - Enabled) => C:\Users\Ditte
Guest (S-1-5-21-3544083035-440599331-3152633296-501 - Limited - Disabled)
pm (S-1-5-21-3544083035-440599331-3152633296-1000 - Administrator - Enabled) => C:\Users\pm

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
ActiveState ActivePython 2.7.10.12 (64-bit) (HKLM\...\{87968C36-E9B2-4318-AF57-CEDF95F6B4E5}) (Version: 2.7.12 - ActiveState Software Inc.)
ActiveState ActiveTcl 8.6.4.1 (64-bit) (HKLM\...\ActiveTcl 8.6.4.1 (64-bit)) (Version: 8.6.4.1 (64-bit) - ActiveState Software Inc.)
adobe (HKLM\...\{20FD3B0E-D450-488F-AB68-7DA0EC0E4913}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.4 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avidemux 2.6 - 32 bits (32-bit) (HKLM-x32\...\Avidemux 2.6 - 32 bits) (Version: 2.6.20.170428 - )
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
BCUninstaller (HKLM\...\{f4fef76c-1aa9-441c-af7e-d27f58d898d1}_is1) (Version: 3.14.0.27674 - Marcin Szeniak)
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{B2429EA1-767E-4947-A458-F2204A2AA1BB}) (Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.14.40.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.1.0.6 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.10.2 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.0.1.3 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.20.0 - Canon Inc.)
CMake (HKLM\...\{7EFC6372-ACA9-459B-A7C8-BB2CA6C2CE19}) (Version: 3.8.1 - Kitware)
Crazybump (remove only) (HKLM-x32\...\Crazybump) (Version:  - )
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
Dropbox (HKLM-x32\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Emby Server (HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\Emby Server) (Version: 3.2 - Emby Team)
Epic Games Launcher (HKLM-x32\...\{CD8F9CE5-23D6-417E-93F0-D9A06D94E8F5}) (Version: 1.1.105.0 - Epic Games, Inc.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - )
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
Ext2Fsd 0.66 (HKLM\...\Ext2Fsd_is1) (Version: 0.66 - Matt Wu)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )
Fresco Logic USB3.0 Host Controller (HKLM\...\{021EE8E1-B2F5-40D0-8EFB-BB711C2860FF}) (Version: 3.0.116.3 - Fresco Logic Inc.)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
get_iplayer (HKLM-x32\...\get_iplayer) (Version: 3.00.0 - )
Git version 2.8.1 (HKLM\...\Git_is1) (Version: 2.8.1 - The Git Development Community)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gow (HKLM-x32\...\Gow) (Version:  - )
GPAC (remove only) (HKLM-x32\...\GPAC) (Version:  - )
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashCheck Shell Extension (x86-64) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HostsMan 4.6.103 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.6.103.0 - abelhadigital.com)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
ImageMagick 7.0.2-9 Q8 (64-bit) (2016-08-14) (HKLM\...\ImageMagick 7.0.2 Q8 (64-bit)_is1) (Version: 7.0.2 - ImageMagick Studio LLC)
Inkscape 0.92.1 (HKLM-x32\...\Inkscape) (Version: 0.92.1 - Inkscape Project)
Inno Setup version 5.5.9 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.9 - jrsoftware.org)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{27276DC1-66AA-4B16-918D-5AB1EEDF09C6}) (Version: 6.0.5 - Intel Corporation)
ioquake3 (HKLM-x32\...\ioquake3) (Version:  - )
Jackett version 0.7.1533.0 (HKLM-x32\...\{C2A9FC00-AA48-4F17-9A72-62FBCEE2785B}_is1) (Version: 0.7.1533.0 - Jackett  Inc.)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 1.31 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.31 - Dominik Reichl)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Kodi (HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\Kodi) (Version:  - XBMC-Foundation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.8 - Hermann Schinagl)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version:  - )
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.12 - Magical Jelly Bean)
MediaInfo 0.7.94 (HKLM\...\MediaInfo) (Version: 0.7.94 - MediaArea.net)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Git Credential Manager for Windows 1.2.2 (HKLM\...\{9F0CBE43-690B-4C03-8845-6AC2CDB29815}_is1) (Version: 1.2.2 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24516 (HKLM-x32\...\{b8e12890-118d-4721-8e54-05d978086712}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 55.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 55.0.1 (x64 en-GB)) (Version: 55.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
MPC-HC 1.7.10 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
My Program version 1.5 (HKLM-x32\...\{A1C20F59-33A7-4C13-A46B-F14D21F3D7DA}_is1) (Version: 1.5 - My Company, Inc.)
Node.js (HKLM\...\{84F68739-3B44-4D36-ABDB-2151A23C9C3D}) (Version: 6.10.0 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
Nullsoft Install System (HKLM-x32\...\NSIS) (Version: 3.01 - )
NVIDIA GeForce Experience 2.11.2.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.66 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Python 2.7 winpdb-1.4.6 (HKLM-x32\...\winpdb-py2.7) (Version:  - )
Python 2.7.13 (HKLM-x32\...\{4A656C6C-D24A-473F-9747-3A8D00907A03}) (Version: 2.7.13150 - Python Software Foundation)
Qtracker (HKLM-x32\...\Qtracker) (Version: 4.92 - )
Quake III Arena (HKLM-x32\...\ioquake3-q3a) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.2.66 - NVIDIA Corporation) Hidden
Slik Subversion 1.9.5 (x86) (HKLM-x32\...\{A946CD71-F0DB-4CED-95D5-05354D6408DC}) (Version: 1.9.5140 - SlikSvn & The SharpSvn Project)
Spotify (HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Trust CR-1200 16-in-1 USB2 CARD READER (HKLM-x32\...\{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC8}) (Version: 1.00.0000 - )
UBitMenuUK (HKLM-x32\...\{66712957-4DF1-4896-B67F-474D14C506FC}_is1) (Version: 01.0.4 - UBit Schweiz AG)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Universal CRT Redistributable (HKLM-x32\...\{2268A04F-5702-C969-FA06-D4EF52E5C8DA}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{463CE323-9AD6-9DD4-24C8-649032E5CF09}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{162CBC73-EDF0-EBB8-2782-F7ABF9CE5B76}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WebGrab+Plus (HKLM-x32\...\{AEDBC508-8A29-453C-9C3C-A72728F2AD31}) (Version: 1.1.1 - ServerCare)
WebGrab+Plus (HKLM-x32\...\WebGrab+Plus_is1) (Version: 2.0 - WebGrab+Plus)
WG-Dependencies (HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\4cae215cafa50d85) (Version: 1.0.0.0 - WG-Dependencies)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinDirStat 1.1.2 (HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\WinDirStat) (Version:  - )
Windows SDK AddOn (HKLM-x32\...\{75C39BA6-1D02-4BEA-844F-0EA6C4B7FA1B}) (Version: 10.1.0.0 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
wxPython 3.0.2.0 for Python 2.7 (HKLM-x32\...\wxPython3.0-py27_is1) (Version: 3.0.2.0 - Total Control Software)
XML Explorer (HKLM-x32\...\{13CD7D45-69DA-4C83-A8EA-488A396B6920}) (Version: 4.0.5 - XML Explorer)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3544083035-440599331-3152633296-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll => No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-03-08] ()
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2011-03-13] (Atheros Commnucations)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2011-03-13] (Atheros Commnucations)
ContextMenuHandlers3: [HashCheck Shell Extension] -> {705977C7-86CB-4743-BFAF-6908BD19B7B0} => C:\Windows\system32\ShellExt\HashCheck.dll [2009-07-04] (code.kliu.org)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Utilities\bin\x64\TxView.dll [2010-06-02] (Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-03-22] (NVIDIA Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07825988-CFE7-4F3A-8D16-5AF8C8B2F60A} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {0F364660-CEEC-4799-A25B-01FB11BE8729} - System32\Tasks\{D7E54978-5AA0-4098-9A98-E9BBC2ECD392} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\Downloads\windirstat1_1_2_setup.exe -d C:\Users\pm\Downloads
Task: {1D398D8F-8FC5-4EA2-949A-A7DCD70BBDA1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {289658D7-2AC7-4828-8AF1-D1E7A55C5B66} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2B02928B-3993-49D6-B5A6-BF4DA2A4FEC9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {2FABB869-87C4-428A-B8EF-A9A975067ED3} - System32\Tasks\{E5213287-66CA-4E3B-8CBE-0AF529386894} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\Downloads\AviSynth_260.exe -d C:\Users\pm\Downloads
Task: {3F4D2C38-91FE-4E95-92DE-8A6BDC7D4E5B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4EB0A454-00BA-4CFA-9E13-4EA5DC4C5312} - \Feed Mornenanium Screen -> No File <==== ATTENTION
Task: {6180790B-F96F-4B3B-9CF0-A5BAB357341D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-21] (Dropbox, Inc.)
Task: {73D5E932-7178-4C47-9F6D-0069CD48619A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9E566DB3-8F7F-436D-96C3-3F80F0363C6B} - \Sling -> No File <==== ATTENTION
Task: {A6F39917-1163-4924-A4BA-E0A0B62BD582} - System32\Tasks\{56612291-2677-4B65-BCBC-5654E65A8612} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\Downloads\dofsetup.exe -d C:\Users\pm\Downloads
Task: {AF9B523D-DF39-4ADE-A6F3-AB1FC4DDD9CE} - System32\Tasks\{C22FEADB-E7BB-411A-A093-932578BBF0FC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\J River\Media Center 21\JRMediaUninstall.exe"
Task: {B3923F59-8C52-4A15-BF80-5ECCB1D596BD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-21] (Dropbox, Inc.)
Task: {B5B59706-18D9-4019-9A21-CB9B260AB3A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B5C7B785-5203-45D2-B9B7-67622BD08A36} - System32\Tasks\{C3DF5442-2CEC-47BF-B7CA-48946B36CABC} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {B5D6E86D-878E-4520-A219-8081087EAF86} - System32\Tasks\max => C:\Windows\Max\maxtool.exe
Task: {C7E6B557-86E2-47C1-9B9B-298CC7168533} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {C834B3C8-72E4-446E-A38D-3C4264EDACEE} - System32\Tasks\588c13b2cf0f592950aea01f6c9a4be8 => sc start 588c13b2cf0f592950aea01f6c9a4be8 <==== ATTENTION
Task: {CDE9F9AB-3231-4B6D-9F2E-5D09AB4F7177} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {D83F4659-DA8F-45B3-AC2D-D7BF26E134D4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {DC0EAC5B-3818-49E8-A4C1-928F61193BB1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DC219A9D-E8D6-462E-A326-97796DCCC7D1} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {E6BCD8D0-81F7-452A-89E7-56B1957DC0F0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-04-22] ()
Task: {EB56F2F2-EF57-4CB8-8718-5E8521ADDF96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {EBBA7950-3114-41A1-AAB4-6BB71DC9CEF5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EDC41165-62E0-4A31-8700-591A27F21C1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FA5D8B8E-558C-46F0-9159-6710D15811FE} - System32\Tasks\{04738616-D08E-49E6-A085-0C6A7FFFA264} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\Downloads\WinFlash_Win7_32_Win7_64_Z2311\Setup.exe -d C:\Users\pm\Downloads\WinFlash_Win7_32_Win7_64_Z2311

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-08-21 10:29 - 2016-08-21 10:29 - 000594944 _____ () C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2015-11-22 22:05 - 2015-11-22 22:05 - 001530880 _____ () C:\Program Files\EqualizerAPO\libsndfile-1.dll
2014-03-15 23:29 - 2014-03-15 23:29 - 002604934 _____ () C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2016-04-21 19:02 - 2016-03-22 06:12 - 000020536 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 000192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2017-03-08 04:42 - 2017-03-08 04:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-23 10:16 - 2016-03-22 06:12 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-08-12 23:32 - 000449178 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru

There are 14690 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3544083035-440599331-3152633296-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 52.29.2.17 - 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Atheros Bt&Wlan Coex Agent => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: Ext2Srv => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: Media Center 21 Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4F4E625C-BDAD-4441-9CC2-21C3C93B5E7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{7A725B79-CA19-4821-9885-655C53D42415}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{C4E66C81-B95F-47DE-BD25-ACC6088B2D1E}C:\users\pm\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\users\pm\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [UDP Query User{ECDE9A5C-519A-41F4-BC08-B1EA8E8C0976}C:\users\pm\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\users\pm\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [{820179C4-278E-4254-BD5F-2302A381CAC6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1E20ECE7-70A2-4475-B276-A5B05CB142D5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CA0DE2C8-816F-4513-9D0D-1F3DCFD889C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{646C4621-AE3F-4765-B12A-13E48D2C14BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{52487246-C19F-439E-9976-BCF4A8E5984D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1394C895-DDC4-4BE8-8989-A723D986DB24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AA9DEC99-046E-4880-B63C-6E40756FFC87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{33A89995-D818-438A-854A-D1A311A42CE5}C:\quake iii arena\quake3.exe] => (Allow) C:\quake iii arena\quake3.exe
FirewallRules: [UDP Query User{D0F283F8-B8DC-4F03-A4AE-67C1F5DC94B4}C:\quake iii arena\quake3.exe] => (Allow) C:\quake iii arena\quake3.exe
FirewallRules: [TCP Query User{8567DD3E-C181-40A5-A8A8-4C16D389630C}C:\quake iii arena\quake3.exe] => (Allow) C:\quake iii arena\quake3.exe
FirewallRules: [UDP Query User{214765FD-D098-4C4E-A21B-978A21C1453C}C:\quake iii arena\quake3.exe] => (Allow) C:\quake iii arena\quake3.exe
FirewallRules: [{FE982A2B-FCB5-4F3F-A9D0-C75692A4F2A8}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{2BAC5200-75A0-403B-8A1C-97FF7CA724DD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{DC005BDA-099E-423C-A04A-9ED33E8182F0}C:\program files (x86)\ioquake3\ioquake3.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioquake3.x86.exe
FirewallRules: [UDP Query User{7EE3F6FD-E5E7-4F6F-AB93-2D78BC08A7D3}C:\program files (x86)\ioquake3\ioquake3.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioquake3.x86.exe
FirewallRules: [{DD9A9076-11BE-47D6-A672-88839155471C}] => (Allow) C:\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{E51DE5AD-5971-4D4D-A6A7-768718B147F6}] => (Allow) C:\Far Cry 4\bin\FarCry4.exe
FirewallRules: [TCP Query User{36AB9658-FF52-46CA-9228-E370CEDB5F39}C:\kodi16.1\portable_data\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\kodi16.1\portable_data\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [UDP Query User{30F25FD3-725A-4658-9E54-CC9E90A7E46B}C:\kodi16.1\portable_data\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\kodi16.1\portable_data\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [TCP Query User{497D05FC-F39A-4627-B35C-C1473BC994F3}C:\users\pm\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pm\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1AFD633A-CED9-44FF-94FB-5B1BA33B1A88}C:\users\pm\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pm\appdata\roaming\spotify\spotify.exe
FirewallRules: [[SpotiWall by ries]] => (Block) C:\Users\pm\AppData\Roaming\Spotify\Spotify.exe
FirewallRules: [TCP Query User{853ECF5A-42DD-4F4B-A06C-57A6286EA626}C:\kodi16.1\portable_data.dev\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\kodi16.1\portable_data.dev\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [UDP Query User{516B24C5-2255-4AF6-B632-B538F429DAFC}C:\kodi16.1\portable_data.dev\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\kodi16.1\portable_data.dev\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [TCP Query User{4A63AB62-0398-4A12-BDF4-8F1DD10C176C}C:\users\pm\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\pm\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [UDP Query User{6758EAED-3856-42F8-A6C6-29EA9D389B9E}C:\users\pm\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\pm\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [TCP Query User{4C19D39E-40AB-4B27-A558-7A103F78E4C2}C:\users\pm\eclipse\java-neon2\eclipse\eclipse.exe] => (Allow) C:\users\pm\eclipse\java-neon2\eclipse\eclipse.exe
FirewallRules: [UDP Query User{4E4391D1-4D5C-46DB-BCAF-8BAF7266965A}C:\users\pm\eclipse\java-neon2\eclipse\eclipse.exe] => (Allow) C:\users\pm\eclipse\java-neon2\eclipse\eclipse.exe
FirewallRules: [TCP Query User{1B130581-2414-4F20-9C8F-81216E0CCE70}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{9E4F8E09-A0CE-4B57-B2AB-194EDBF67351}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [TCP Query User{B53E02C0-ADFD-4088-9DF2-0BF8281A09B0}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{A373E0E7-AB68-4529-808E-D2F922691984}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{983D7F98-E710-4E8C-86A2-D7F2B296E32D}C:\users\pm\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe] => (Allow) C:\users\pm\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe
FirewallRules: [UDP Query User{C4ED8B99-785B-40A6-90F6-9385B0FDEC91}C:\users\pm\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe] => (Allow) C:\users\pm\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe
FirewallRules: [TCP Query User{7EED58BD-2813-4090-B840-87498E99FC4A}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [UDP Query User{8F0FBEA1-FF92-4595-B2D5-422490C71A4B}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [{D339A361-0424-40AE-AEBB-68DD66707AAD}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{6DB7E930-CF46-411A-A423-503AAB498F46}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{2D7D5AA5-F82B-456B-A26B-297B8102FEDA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AA38D664-4475-4CE6-B263-86E33B121EF9}] => (Allow) LPort=1688
FirewallRules: [{D607018B-97A8-4F7E-86CA-E0BDBCEB586B}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{9385C76F-BFA1-4F69-A87C-559716FC4C27}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{A92885FD-3B43-4CCC-BE90-8C942ABE3A68}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{46AEF2FD-4F47-429E-8AF2-73C5660F03AE}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{6AE95E49-1657-4CC2-B39B-4FAF3D085B2D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C3CFA2A6-9548-4B86-A77A-B7436944A5BF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{03340280-A068-4141-81A9-D82A75B56A6A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{36CF9E84-8DD0-4548-AD97-40D84E72F282}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{5E2F44BE-69B3-4C59-8412-361C9B9D3C12}C:\kodi17.3 full\kodi.exe] => (Allow) C:\kodi17.3 full\kodi.exe
FirewallRules: [UDP Query User{6630B154-F4D6-4F38-A7BC-8170D5C0B667}C:\kodi17.3 full\kodi.exe] => (Allow) C:\kodi17.3 full\kodi.exe
FirewallRules: [TCP Query User{B859574B-52D7-42D0-B1E5-F7C6E73A977F}C:\kodi16.1\kodi.exe] => (Allow) C:\kodi16.1\kodi.exe
FirewallRules: [UDP Query User{7C8BB25F-C82A-4FE8-93F1-33AA85073463}C:\kodi16.1\kodi.exe] => (Allow) C:\kodi16.1\kodi.exe
FirewallRules: [TCP Query User{1E752DA2-BC97-4432-B1D6-48874008B726}C:\kodi17.3\kodi.exe] => (Allow) C:\kodi17.3\kodi.exe
FirewallRules: [UDP Query User{D902F372-574F-4CAB-9C56-3A79FF09EC6F}C:\kodi17.3\kodi.exe] => (Allow) C:\kodi17.3\kodi.exe

==================== Restore Points =========================

15-08-2017 00:05:36 Scheduled Checkpoint
15-08-2017 12:01:34 Windows Update
15-08-2017 16:12:18 BCUninstaller is uninstalling 1 application(s)
15-08-2017 17:01:55 Removed Microsoft Office Professional Plus 2016
15-08-2017 17:02:11 PROPLUS
15-08-2017 18:25:00 zoek.exe restore point
15-08-2017 22:25:59 Windows Update
16-08-2017 09:02:52 Device Driver Package Install: SysProgs.org Storage controllers
16-08-2017 09:05:42 Installed Microsoft Office Professional Plus 2016
16-08-2017 09:06:10 PROPLUS
16-08-2017 09:41:52 Windows Update
16-08-2017 09:44:47 Installed Fresco Logic USB3.0 Host Controller
16-08-2017 10:36:42 Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4
16-08-2017 10:53:38 Windows Software Development Kit - Windows 10.0.10586.212
16-08-2017 10:58:52 Plex Media Server
16-08-2017 11:24:13 Removed Microsoft Visual C++ Compiler Package for Python 2.7
16-08-2017 11:25:24 Removed Oracle VM VirtualBox 5.1.20
16-08-2017 11:27:57 Removed Blender
16-08-2017 11:33:23 Removed Skype™ 7.32
16-08-2017 11:34:12 Removed Adobe Acrobat Reader DC.
16-08-2017 11:50:26 Removed Microsoft SQL Server 2016 LocalDB
16-08-2017 11:51:24 Removed Microsoft SQL Server 2012 Express LocalDB

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Module
Description: Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2017 10:46:02 AM) (Source: HlpCtntMgr) (EventID: 1003) (User: )
Description: Help Content Manager exited with error: NoBooksToUninstall

Error: (08/16/2017 10:22:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/16/2017 10:22:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2017 06:52:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2017 06:52:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2017 06:25:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysSpec.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23864, time stamp: 0x595fa536
Exception code: 0x0eedfade
Fault offset: 0x0000c54f
Faulting process id: 0xe8
Faulting application start time: 0x01d315e320e868dc
Faulting application path: C:\Users\pm\AppData\Local\Temp\sysspec\SysSpec.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 60084a67-81d6-11e7-aad3-5404a6420d2f

Error: (08/15/2017 04:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Kodi.exe, version: 16.1.0.0, time stamp: 0x571c922e
Faulting module name: python27.dll, version: 2.7.8150.1013, time stamp: 0x53b1ecd6
Exception code: 0x40000015
Fault offset: 0x001161bb
Faulting process id: 0x1258
Faulting application start time: 0x01d315d353861e27
Faulting application path: C:\Kodi16.1\Kodi.exe
Faulting module path: C:\Kodi16.1\python27.dll
Report Id: f91d08b3-81c6-11e7-aad3-5404a6420d2f

Error: (08/15/2017 04:12:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a4ff5742-0539-4ee9-ac89-e47eee3b6a20}

Error: (08/15/2017 03:51:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/15/2017 03:51:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (08/16/2017 11:55:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (08/15/2017 06:51:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Atheros Bt&Wlan Coex Agent service to connect.

Error: (08/15/2017 05:05:00 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Install

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: asus\pm

    Current Engine Version:

    Previous Engine Version: 0.0.0.0

    Error code: 0x80070652

    Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (08/15/2017 05:05:00 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Install

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiVirus

    Update Type: Full

    User: asus\pm

    Current Engine Version:

    Previous Engine Version: 0.0.0.0

    Error code: 0x80070652

    Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (08/15/2017 05:04:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version:

    Update Source: User

    Update Stage: Install

    Source Path:

    Signature Type:

    Update Type:

    User: asus\pm

    Current Engine Version:

    Previous Engine Version:

    Error code: 0x80070652

    Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (08/15/2017 05:03:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 0.0.0.0

    Error code: 0x8024402f

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (08/15/2017 05:02:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 0.0.0.0

    Error code: 0x8024402f

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (08/15/2017 08:54:03 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.

Error: (08/14/2017 05:46:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\NirSoftOpenedFilesDriver.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/14/2017 03:52:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.


CodeIntegrity:
===================================
  Date: 2017-06-30 01:25:38.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:25:37.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:25:33.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:25:31.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:22:30.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:22:30.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:22:29.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 39%
Total physical RAM: 8097.06 MB
Available physical RAM: 4937.15 MB
Total Virtual: 16192.31 MB
Available Virtual: 14002.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:344.76 GB) (Free:214.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:99.52 GB) (Free:56.75 GB) NTFS
Drive f: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:411.96 GB) NTFS
Drive m: (FILMS) (Network) (Total:1691.04 GB) (Free:97.09 GB) NTFS
Drive p: (FILMS) (Network) (Total:1691.04 GB) (Free:97.09 GB) NTFS
Drive v: (FILMS) (Network) (Total:1691.04 GB) (Free:97.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=344.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=99.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 76544EBB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by Oh My!, 19 August 2017 - 06:08 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 19 August 2017 - 07:33 PM

Greetings hahayeahhahah and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall any products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 hahayeahhahah

hahayeahhahah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 20 August 2017 - 03:11 AM

Hi Gary. Thanks for your help.

Here are the 3 files.

Joe

 

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\kodi16.1\portable_data\addons\script.module.youtube.dl\lib\youtube_dl\extractor\cracked.py
c:\kodi16.1\portable_data\addons\script.module.youtube.dl\lib\youtube_dl\extractor\crackle.py
c:\kodi16.1\portable_data\userdata\addon_data\plugin.video.metalliq\players\explore.crackler.q.metalliq.json
c:\kodi16.1\portable_data.dev\userdata\addon_data\plugin.video.meta\players\provider.official.crackler.direct.play.meta.json
c:\kodi16.1\portable_data.tdb\addons\script.module.youtube.dl\lib\youtube_dl\extractor\cracked.py
c:\kodi16.1\portable_data.tdb\addons\script.module.youtube.dl\lib\youtube_dl\extractor\crackle.py
c:\kodi16.1\portable_data.tdb\userdata\addon_data\plugin.video.metalliq\players\q.crackle2.browse.play.metalliq.json
c:\kodi16.1\portable_data.tdb\userdata\addon_data\plugin.video.metalliq\players\q.crackler.browse.play.metalliq.json
c:\kodi16.1\portable_data.tdb\userdata\addon_data\plugin.video.metalliq\players\q.newcrackle.browse.play.metalliq.json
c:\kodi16.1\portable_data.vpn\addons\script.module.youtube.dl\lib\youtube_dl\extractor\cracked.py
c:\kodi16.1\portable_data.vpn\addons\script.module.youtube.dl\lib\youtube_dl\extractor\crackle.py
c:\kodi16.1 play\portable_data\addons\script.module.youtube.dl\lib\youtube_dl\extractor\cracked.py
c:\kodi16.1 play\portable_data\addons\script.module.youtube.dl\lib\youtube_dl\extractor\crackle.py
c:\kodi16.1 play\portable_data\userdata\addon_data\plugin.video.meta\players\provider.official.crackler.direct.play.meta.json
c:\kodi16.1 play\portable_data\userdata\addon_data\plugin.video.metalliq\players\explore.crackler.q.metalliq.json
c:\kodi17.0\portable_data.1\userdata\addon_data\plugin.video.meta\players\provider.official.crackler.direct.play.meta.json
c:\kodi17.1 play\portable_data\addons\script.module.youtube.dl\lib\youtube_dl\extractor\cracked.py
c:\kodi17.1 play\portable_data\addons\script.module.youtube.dl\lib\youtube_dl\extractor\crackle.py
c:\kodi17.1 play\portable_data\addons\temp\57333b11-d31a-4756-99e8-64bead33c9e1\lib\youtube_dl\extractor\cracked.py
c:\kodi17.1 play\portable_data\addons\temp\57333b11-d31a-4756-99e8-64bead33c9e1\lib\youtube_dl\extractor\crackle.py
c:\kodi17.1 play\portable_data\addons\temp\66566959-6fff-47dd-afc0-f9a5f2463b45\lib\youtube_dl\extractor\cracked.py
c:\kodi17.1 play\portable_data\addons\temp\66566959-6fff-47dd-afc0-f9a5f2463b45\lib\youtube_dl\extractor\crackle.py
c:\kodi17.1 play\portable_data\userdata\addon_data\plugin.video.meta\players\provider.official.crackler.direct.play.meta.json
c:\kodi17.1 play\portable_data\userdata\addon_data\plugin.video.metalliq\players\explore.crackler.q.metalliq.json
c:\kodi17.3\portable_data.1\addons\script.module.youtube.dl\lib\youtube_dl\extractor\cracked.py
c:\kodi17.3\portable_data.1\addons\script.module.youtube.dl\lib\youtube_dl\extractor\crackle.py
c:\kodi17.3\portable_data.1\userdata\addon_data\plugin.video.metalliq\players\explore.crackler.q.metalliq.json
c:\kodi17.3 full\portable_data.ass\userdata\addon_data\plugin.video.vader\tvshows\south park\south park - s15 e05 - crack baby athletic association.strm
c:\kodi17.3 full\portable_data.default\addons\script.module.youtube.dl\lib\youtube_dl\extractor\cracked.py
c:\kodi17.3 full\portable_data.default\addons\script.module.youtube.dl\lib\youtube_dl\extractor\crackle.py
c:\kodi17.3 full\portable_data.default\userdata\addon_data\plugin.video.metalliq\players\explore.crackler.q.metalliq.json
c:\mame\mame0184b_32bit\merged\cracksht.zip
c:\mame\mame0184b_32bit\merged\j6crack.zip
c:\mame\mame0184b_32bit\merged\mt_crack.zip
c:\mame\mameui64\folders\output\series-cracker  slot.ini
c:\mame\mameui64\folders\output\series-crackin' dj.ini
c:\mame\mameui64\folders\output\series-firecracker  slot.ini
c:\mingw\msys\1.0\bin\ssh-keygen.exe
c:\program files\blender foundation\blender\bin\default\2.78\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\git\usr\bin\ssh-keygen.exe
c:\program files (x86)\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files (x86)\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.cpp
c:\program files (x86)\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.h
c:\python27\lib\site-packages\twisted\conch\scripts\ckeygen.py
c:\python27\lib\site-packages\twisted\conch\scripts\ckeygen.pyc
c:\python27\lib\site-packages\twisted\conch\test\test_ckeygen.py
c:\python27\lib\site-packages\twisted\conch\test\test_ckeygen.pyc
c:\python27\scripts\ckeygen.exe
c:\users\pm\documents\blender\game\2.78\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\users\pm\documents\spmc\plugin.video.meta\players\provider.crackler.meta.json
c:\users\pm\documents\spmc\plugin.video.meta\players\provider.official.crackler.direct.play.meta.json
c:\users\pm\kivy\mame\output\series-cracker  slot.ini
c:\users\pm\kivy\mame\output\series-crackin' dj.ini
c:\users\pm\kivy\mame\output\series-firecracker  slot.ini
scanner sequence 3.ZZ.11.LHLBC0
 ----- EOF -----
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by pm (administrator) on ASUS (20-08-2017 09:55:01)
Running from C:\Users\pm\Downloads
Loaded Profiles: pm (Available Profiles: pm & Ditte & ad)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {0ad47607-0912-11e6-82eb-5404a6420d2f} - V:\SETUP.EXE
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {631c6fc3-0934-11e6-8128-e0b9a545f00a} - V:\setup.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {73beb98b-fa6c-11e6-b4ee-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {73beb9aa-fa6c-11e6-b4ee-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {a7b01f32-0ee2-11e7-a486-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {ad0d1bad-08b9-11e6-9663-5404a6420d2f} - V:\SETUP.EXE
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fa7f42a9-1555-11e7-85ac-5404a6420d2f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL X:\setup.hta
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb3c5cb3-0f97-11e7-9704-5404a6420d2f} - W:\setup.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb44b405-367e-11e7-b658-5404a6420d2f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb44b5c9-367e-11e7-b658-5404a6420d2f} - W:\Autoplay.exe -auto
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2016-03-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-03-22] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-08-12] ()
Startup: C:\Users\pm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-08-12] ()
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ACE8923F-429F-48A6-983B-BAFAD7B7C11E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D76A125A-0254-4BF6-892B-6BFFB2654119}: [NameServer] 52.29.2.17
Tcpip\..\Interfaces\{D76A125A-0254-4BF6-892B-6BFFB2654119}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

FireFox:
========
FF DefaultProfile: 3hscxf3n.default-1502395277761
FF DefaultProfile: uadbijbe.default-1502441354637
FF ProfilePath: C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761 [2017-08-11]
FF Extension: (Brief) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\brief@mozdev.org.xpi [2017-08-10]
FF Extension: (checkCompatibility2) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\check-compatibility2@googlecode.com.xpi [2017-08-11]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2017-08-10]
FF Extension: (Reddit Enhancement Suite) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-08-10]
FF Extension: (ScrapBook X) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\scrapbookx@addons.mozilla.org.xpi [2017-08-11]
FF Extension: (LastPass: Free Password Manager) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\support@lastpass.com [2017-08-10]
FF Extension: (uBlock Origin) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\uBlock0@raymondhill.net.xpi [2017-08-10]
FF Extension: (Tab Mix Plus) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox.1\Profiles\3hscxf3n.default-1502395277761\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-10]
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [not found]
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\brief@mozdev.org.xpi [not found]
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\scrapbookx@addons.mozilla.org.xpi [not found]
FF ProfilePath: C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637 [2017-08-20]
FF Homepage: Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637 -> about:blank
FF NetworkProxy: Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637 -> type", 0
FF Extension: (Brief) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\brief@mozdev.org.xpi [2017-08-11]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2017-08-13]
FF Extension: (Privacy Badger) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2017-08-13]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\marcoagpinto@mail.telepac.pt [2017-08-11]
FF Extension: (ScrapBook X) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\scrapbookx@addons.mozilla.org.xpi [2017-08-20]
FF Extension: (LastPass: Free Password Manager) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\support@lastpass.com [2017-08-11]
FF Extension: (uBlock Origin) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\uBlock0@raymondhill.net.xpi [2017-08-11]
FF Extension: (Tab Mix Plus) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\uadbijbe.default-1502441354637\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-02] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-26] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @gpac/osmozilla,version=1.0 -> C:\Program Files (x86)\GPAC\nposmozilla.dll [2017-04-27] ( )
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\pm\AppData\Local\htyh\application\htwebHelper.dll [No File]
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-26] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] -  <not found>
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-21] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-21] (Dropbox, Inc.)
S4 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-08-10] (Dropbox, Inc.)
S4 Ext2Srv; C:\Program Files\Ext2Fsd\Ext2Srv.exe [32256 2016-04-13] (www.ext2fsd.com)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-04-05] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-04-05] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-04-05] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-04-05] (NVIDIA Corporation)
S4 Radarr; C:\ProgramData\Radarr\bin\radarr.console.exe [90112 2017-07-12] (radarr.tv) [File not signed]
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [800256 2016-04-13] (www.ext2fsd.com)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
S4 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-07-11] ()
R4 KProcessHacker3; C:\Program Files\Process Hacker 2\kprocesshacker.sys [45208 2016-03-29] (wj32)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-04-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21] (The OpenVPN Project)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-18] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [137920 2017-04-18] (Oracle Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-08-10] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-08-10] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-20 09:55 - 2017-08-20 09:55 - 000015378 _____ C:\Users\pm\Downloads\FRST.txt
2017-08-20 09:54 - 2017-08-20 09:34 - 002395648 _____ (Farbar) C:\Users\pm\Downloads\FRST64.exe
2017-08-20 09:54 - 2017-08-20 09:33 - 000005112 _____ C:\Users\pm\Downloads\ckfiles.txt
2017-08-20 09:54 - 2017-08-20 08:35 - 000468480 _____ () C:\Users\pm\Downloads\CKScanner.exe
2017-08-17 14:03 - 2017-08-17 14:03 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-08-17 14:03 - 2017-08-17 14:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-08-17 14:00 - 2017-08-17 14:00 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2017-08-16 11:42 - 2017-08-16 11:42 - 001133520 _____ C:\Users\pm\Documents\ad.pcapng
2017-08-16 11:42 - 2017-08-16 11:42 - 000000000 ____D C:\Users\pm\Documents\ad
2017-08-16 11:23 - 2017-08-16 11:23 - 000000327 _____ C:\Windows\system32\InstallUtil.InstallLog
2017-08-15 18:43 - 2017-08-15 18:43 - 000000000 ____D C:\ProgramData\Emsisoft
2017-08-15 18:41 - 2017-08-15 19:36 - 000000000 ____D C:\EEK
2017-08-15 18:18 - 2017-08-15 18:18 - 000000000 ____D C:\zoek_backup
2017-08-15 17:39 - 2017-08-20 09:55 - 000000000 ____D C:\FRST
2017-08-15 17:01 - 2017-08-15 17:01 - 000002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-08-15 17:01 - 2017-08-15 17:01 - 000001945 _____ C:\Windows\epplauncher.mif
2017-08-15 17:01 - 2017-08-15 17:01 - 000000000 ____D C:\Program Files\Microsoft Security Client
2017-08-15 17:01 - 2017-08-15 17:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-08-15 15:55 - 2017-08-20 08:33 - 000000000 ____D C:\Program Files\BCUninstaller
2017-08-15 15:50 - 2017-08-16 10:35 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2017-08-15 15:50 - 2017-08-15 15:50 - 000001266 _____ C:\Users\Public\Desktop\Maiagames.lnk
2017-08-15 15:50 - 2017-08-15 15:50 - 000000000 ____D C:\ProgramData\GlarySoft
2017-08-14 22:28 - 2017-08-14 22:28 - 000262144 _____ C:\Windows\system32\config\userdiff
2017-08-14 19:21 - 2017-08-14 19:21 - 000000085 _____ C:\Windows\wininit.ini
2017-08-14 16:17 - 2017-08-14 16:41 - 000000000 ____D C:\Users\pm\AppData\Local\VSIXInstaller
2017-08-14 12:13 - 2010-11-21 05:23 - 000383786 __RSH C:\bootmgr
2017-08-14 09:51 - 2017-08-14 09:51 - 000000002 _____ C:\$UpgDrv$
2017-08-14 09:31 - 2017-08-14 09:31 - 000001890 _____ C:\Windows\diagwrn.xml
2017-08-14 09:31 - 2017-08-14 09:31 - 000001890 _____ C:\Windows\diagerr.xml
2017-08-14 09:23 - 2017-08-14 09:23 - 000000000 ___SD C:\Windows\SysWOW64\GWX
2017-08-14 09:23 - 2017-08-14 09:23 - 000000000 ___SD C:\Windows\system32\GWX
2017-08-14 09:08 - 2017-08-14 09:09 - 000000000 ____D C:\Users\ad\AppData\Roaming\Notepad++
2017-08-14 09:08 - 2017-08-14 09:08 - 002857586 _____ C:\ad.reg
2017-08-14 09:08 - 2017-08-14 09:08 - 000000000 ____D C:\Users\ad\AppData\Local\NVIDIA Corporation
2017-08-14 09:05 - 2017-08-14 09:06 - 001643577 _____ C:\Users\ad.zip
2017-08-14 09:04 - 2017-08-14 09:04 - 000001413 _____ C:\Users\ad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-14 09:04 - 2017-08-14 09:04 - 000000020 ___SH C:\Users\ad\ntuser.ini
2017-08-14 09:04 - 2017-08-14 09:04 - 000000000 ____D C:\Users\ad\AppData\Roaming\Adobe
2017-08-14 09:04 - 2017-08-14 09:04 - 000000000 ____D C:\Users\ad\AppData\Local\NVIDIA
2017-08-14 09:04 - 2017-08-14 09:04 - 000000000 ____D C:\Users\ad
2017-08-14 09:04 - 2011-04-12 10:28 - 000000000 ____D C:\Users\ad\AppData\Roaming\Media Center Programs
2017-08-14 08:59 - 2017-08-14 08:59 - 000000000 ____D C:\Users\Ditte\AppData\Roaming\Process Hacker 2
2017-08-14 08:58 - 2017-08-14 08:58 - 000011314 _____ C:\Process Hacker Processes.txt
2017-08-14 08:58 - 2017-08-14 08:58 - 000005756 _____ C:\Process Hacker Processes ditte.txt
2017-08-13 23:04 - 2017-08-17 13:41 - 000480368 _____ C:\Windows\ntbtlog.txt
2017-08-13 14:00 - 2017-08-13 14:00 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-08-13 13:59 - 2017-08-14 19:23 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-08-13 13:59 - 2017-08-14 19:21 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-08-13 13:46 - 2017-08-13 13:46 - 000000000 ____D C:\Users\pm\AppData\Roaming\J River
2017-08-13 13:40 - 2017-08-13 13:40 - 000003118 _____ C:\Windows\System32\Tasks\{C22FEADB-E7BB-411A-A093-932578BBF0FC}
2017-08-13 13:39 - 2017-08-13 13:39 - 000000000 ____D C:\Users\pm\AppData\Local\AdAwareDesktop
2017-08-13 13:33 - 2017-08-13 13:33 - 000000000 ____D C:\Users\pm\AppData\Local\AdAwareUpdater
2017-08-12 20:54 - 2017-08-12 20:54 - 000000000 ____D C:\Users\pm\AppData\Local\ESET
2017-08-12 19:08 - 2017-08-12 19:08 - 000030406 _____ C:\ProgramData\agent.uninstall.1502557713.bdinstall.bin
2017-08-12 19:06 - 2017-08-12 19:06 - 000000000 ____D C:\ProgramData\bdch
2017-08-12 17:40 - 2017-08-12 20:35 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-11 18:18 - 2017-08-11 18:18 - 001612648 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-08-11 17:33 - 2017-08-11 17:33 - 000030878 _____ C:\ProgramData\agent.update.1502465607.bdinstall.bin
2017-08-11 10:48 - 2017-08-11 10:48 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-11 10:48 - 2017-08-11 10:48 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-11 10:48 - 2017-08-11 10:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-11 10:48 - 2017-08-11 10:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-11 09:23 - 2017-08-11 09:23 - 000000702 _____ C:\Users\pm\Desktop\block.txt
2017-08-11 09:19 - 2017-08-11 09:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-10 23:28 - 2017-08-15 19:25 - 000000000 ____D C:\ADWARE
2017-08-10 23:08 - 2017-08-10 23:08 - 000000000 ____D C:\ProgramData\Bitdefender
2017-08-10 22:53 - 2017-08-10 22:53 - 000000000 ____D C:\Users\pm\AppData\Roaming\QuickScan
2017-08-10 22:49 - 2017-08-10 22:49 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-08-10 22:49 - 2017-08-10 22:49 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-08-10 22:45 - 2017-08-10 22:45 - 000048556 _____ C:\ProgramData\agent.1502397905.bdinstall.bin
2017-08-10 22:45 - 2017-08-10 22:45 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-08-10 22:01 - 2017-08-11 10:49 - 000000000 ____D C:\Users\pm\Desktop\Old Firefox Data
2017-08-10 19:51 - 2017-08-10 19:53 - 000000000 ____D C:\Users\pm\.FBReader
2017-08-10 19:51 - 2017-08-10 19:51 - 000001885 _____ C:\Users\pm\Desktop\FBReader.lnk
2017-08-10 19:51 - 2017-08-10 19:51 - 000001885 _____ C:\Users\Ditte\Desktop\FBReader.lnk
2017-08-10 19:51 - 2017-08-10 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
2017-08-10 19:50 - 2017-08-10 19:50 - 000000000 ____D C:\Users\pm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
2017-08-10 19:50 - 2017-08-10 19:50 - 000000000 ____D C:\Program Files (x86)\FBReader
2017-08-10 19:03 - 2017-08-10 19:03 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-08-10 19:03 - 2017-08-10 19:03 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-08-10 19:03 - 2017-08-10 19:03 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-08-10 19:03 - 2017-08-10 19:03 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-08-09 19:52 - 2017-08-09 19:52 - 000000000 ____D C:\Users\pm\AppData\Roaming\BBCiPlayerDownloads
2017-08-09 19:51 - 2017-08-09 19:51 - 000001138 _____ C:\Users\pm\Desktop\BBC iPlayer Downloads.lnk
2017-08-09 19:51 - 2017-08-09 19:51 - 000000000 ____D C:\Users\pm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2017-08-09 19:51 - 2017-08-09 19:51 - 000000000 ____D C:\Users\pm\AppData\Local\BBC
2017-08-09 09:11 - 2017-07-29 16:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 09:11 - 2017-07-21 16:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-09 09:11 - 2017-07-21 16:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-09 09:11 - 2017-07-21 16:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-09 09:11 - 2017-07-21 16:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-09 09:11 - 2017-07-15 20:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-09 09:11 - 2017-07-15 19:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 09:11 - 2017-07-14 17:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 09:11 - 2017-07-14 17:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 09:11 - 2017-07-14 17:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 09:11 - 2017-07-14 17:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 09:11 - 2017-07-14 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-09 09:11 - 2017-07-14 17:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-09 09:11 - 2017-07-14 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-09 09:11 - 2017-07-14 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 09:11 - 2017-07-14 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-09 09:11 - 2017-07-14 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-09 09:11 - 2017-07-14 16:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 09:11 - 2017-07-14 16:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-09 09:11 - 2017-07-14 16:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-09 09:11 - 2017-07-14 09:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-09 09:11 - 2017-07-14 09:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-09 09:11 - 2017-07-14 08:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-09 09:11 - 2017-07-14 08:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-09 09:11 - 2017-07-14 08:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-09 09:11 - 2017-07-14 08:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-09 09:11 - 2017-07-14 08:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-09 09:11 - 2017-07-14 08:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-09 09:11 - 2017-07-14 08:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-09 09:11 - 2017-07-14 08:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-09 09:11 - 2017-07-14 08:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-09 09:11 - 2017-07-14 08:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-09 09:11 - 2017-07-14 08:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-09 09:11 - 2017-07-14 08:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-09 09:11 - 2017-07-14 08:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-09 09:11 - 2017-07-14 08:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-09 09:11 - 2017-07-14 08:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-09 09:11 - 2017-07-14 08:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-09 09:11 - 2017-07-14 07:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 09:11 - 2017-07-14 07:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-09 09:11 - 2017-07-14 07:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-09 09:11 - 2017-07-14 07:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-09 09:11 - 2017-07-14 07:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-09 09:11 - 2017-07-14 07:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-09 09:11 - 2017-07-14 07:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-09 09:11 - 2017-07-14 07:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-09 09:11 - 2017-07-14 07:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-09 09:11 - 2017-07-14 07:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-09 09:11 - 2017-07-14 07:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-09 09:11 - 2017-07-14 07:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-09 09:11 - 2017-07-14 07:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-09 09:11 - 2017-07-14 06:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-09 09:11 - 2017-07-14 06:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-09 09:11 - 2017-07-14 06:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-09 09:11 - 2017-07-14 05:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-09 09:11 - 2017-07-14 05:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-09 09:11 - 2017-07-14 04:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-09 09:11 - 2017-07-14 04:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-09 09:11 - 2017-07-14 04:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-09 09:11 - 2017-07-14 04:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-09 09:11 - 2017-07-14 04:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-09 09:11 - 2017-07-14 04:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-09 09:11 - 2017-07-14 04:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-09 09:11 - 2017-07-14 04:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-09 09:11 - 2017-07-14 04:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-09 09:11 - 2017-07-14 04:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-09 09:11 - 2017-07-14 04:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-09 09:11 - 2017-07-14 04:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-09 09:11 - 2017-07-14 04:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-09 09:11 - 2017-07-14 04:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-09 09:11 - 2017-07-14 04:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-09 09:11 - 2017-07-14 04:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-09 09:11 - 2017-07-14 04:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-09 09:11 - 2017-07-14 04:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-09 09:11 - 2017-07-14 04:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-09 09:11 - 2017-07-14 04:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-09 09:11 - 2017-07-14 04:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-09 09:11 - 2017-07-14 04:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-09 09:11 - 2017-07-14 04:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-09 09:11 - 2017-07-14 04:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-09 09:11 - 2017-07-14 04:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-09 09:11 - 2017-07-14 04:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-09 09:11 - 2017-07-14 04:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-09 09:11 - 2017-07-14 03:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-09 09:11 - 2017-07-14 03:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-09 09:11 - 2017-07-14 03:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-09 09:11 - 2017-07-08 17:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 09:11 - 2017-07-08 17:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 09:11 - 2017-07-07 17:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-09 09:11 - 2017-07-07 17:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 09:11 - 2017-07-07 17:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-09 09:11 - 2017-07-07 17:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 09:11 - 2017-07-07 17:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 09:11 - 2017-07-07 17:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 09:11 - 2017-07-07 17:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-09 09:11 - 2017-07-07 17:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-09 09:11 - 2017-07-07 17:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000019260 _____ C:\Windows\SysWOW64\aalixr16.dll
2017-08-09 09:11 - 2017-07-07 17:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 17:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 09:11 - 2017-07-07 17:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 09:11 - 2017-07-07 17:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 09:11 - 2017-07-07 17:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 09:11 - 2017-07-07 16:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-09 09:11 - 2017-07-07 16:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 09:11 - 2017-07-07 16:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 09:11 - 2017-07-07 16:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 09:11 - 2017-07-07 16:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 09:11 - 2017-07-07 16:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 09:11 - 2017-07-07 16:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 09:11 - 2017-07-07 16:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-09 09:11 - 2017-07-07 16:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-09 09:11 - 2017-07-07 16:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-09 09:11 - 2017-07-07 16:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-09 09:11 - 2017-07-07 16:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-09 09:11 - 2017-07-07 16:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-09 09:11 - 2017-07-07 16:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 16:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 16:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 09:11 - 2017-07-07 16:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-09 09:11 - 2017-07-01 15:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-08 10:16 - 2017-08-08 10:16 - 000000000 ____D C:\Users\pm\AppData\Local\Windscribe
2017-08-08 10:14 - 2017-08-08 19:32 - 000000000 ____D C:\Program Files (x86)\Windscribe
2017-08-08 10:14 - 2017-04-21 04:16 - 000045560 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2017-08-05 20:05 - 2017-08-05 20:05 - 004591846 _____ C:\Users\pm\xmltv.php@username=griever92@gmail.com&password=8Q7Jynnn39
2017-08-05 20:05 - 2017-08-05 20:05 - 000000000 _____ C:\Users\pm\xmltv.php@username=griever92@gmail.com
2017-08-04 20:17 - 2017-08-12 20:50 - 000014420 _____ C:\Windows\System32\Tasks\max
2017-07-31 19:38 - 2017-07-31 19:38 - 000000000 ____D C:\Users\pm\AppData\Local\XmlExplorer
2017-07-31 19:37 - 2017-07-31 19:37 - 000002727 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XML Explorer.lnk
2017-07-31 19:37 - 2017-07-31 19:37 - 000002715 _____ C:\Users\Public\Desktop\XML Explorer.lnk
2017-07-31 19:37 - 2017-07-31 19:37 - 000000000 ____D C:\Program Files (x86)\XML Explorer
2017-07-31 19:28 - 2017-07-31 19:30 - 000000000 ____D C:\WiiBackupManager_Build78
2017-07-25 20:20 - 2017-07-25 20:20 - 000000649 _____ C:\Users\pm\.gitconfig
2017-07-24 17:04 - 2017-07-24 17:03 - 000000270 _____ C:\Users\pm\ra.xml.2
2017-07-24 17:01 - 2017-07-24 16:56 - 000000326 _____ C:\Users\pm\ra.xml.1
2017-07-24 16:57 - 2017-07-24 16:56 - 000000326 _____ C:\Users\pm\ra.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-20 09:55 - 2017-07-11 15:29 - 000045305 _____ C:\Windows\ZAM.krnl.trace
2017-08-20 09:55 - 2017-07-11 15:29 - 000014343 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-08-20 09:10 - 2009-07-14 06:45 - 000023152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-20 09:10 - 2009-07-14 06:45 - 000023152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-20 09:00 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-20 08:59 - 2017-04-01 09:39 - 000000000 ____D C:\Program Files (x86)\Qtracker
2017-08-20 08:59 - 2016-04-23 08:02 - 000000000 ____D C:\Photoshop 16 LS20 (64-Bit)
2017-08-20 08:55 - 2016-05-03 13:34 - 000000000 ____D C:\Users\Public\Documents\HostsMan Backups
2017-08-20 08:34 - 2017-06-03 09:51 - 000000000 ____D C:\ProgramData\Jackett
2017-08-20 08:26 - 2016-04-22 21:48 - 000003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-08-18 11:29 - 2016-04-26 20:20 - 000000000 ____D C:\Kodi16.1
2017-08-17 18:35 - 2010-11-21 05:27 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-08-17 14:02 - 2017-04-04 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2017-08-17 13:15 - 2009-07-14 07:08 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-16 20:09 - 2017-06-01 20:51 - 000000000 ____D C:\Kodi17.3
2017-08-16 19:56 - 2017-06-17 12:18 - 000000000 ____D C:\Kodi17.3 FULL
2017-08-16 19:51 - 2016-04-26 09:53 - 000000000 ____D C:\Users\pm\AppData\Roaming\uTorrent
2017-08-16 19:51 - 2016-04-22 19:45 - 000000000 ____D C:\Users\pm
2017-08-16 15:47 - 2009-07-14 07:13 - 000785878 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-16 15:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-08-16 11:51 - 2016-04-23 07:28 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-08-16 11:51 - 2016-04-23 07:28 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-08-16 11:51 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-08-16 11:36 - 2017-03-08 13:28 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-08-16 11:33 - 2016-04-23 13:15 - 000000000 ____D C:\ProgramData\Skype
2017-08-16 11:31 - 2016-05-10 12:24 - 000000000 ____D C:\temp
2017-08-16 11:31 - 2016-04-23 06:46 - 000000000 ____D C:\Users\pm\AppData\Roaming\Adobe
2017-08-16 11:19 - 2017-01-06 13:15 - 000000000 ____D C:\Users\pm\AppData\Local\Android
2017-08-16 11:01 - 2017-01-06 13:12 - 000000000 ____D C:\Program Files\Android
2017-08-16 11:00 - 2016-04-23 08:08 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-16 10:58 - 2016-04-23 08:06 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-08-16 10:57 - 2017-03-26 10:46 - 000000000 ____D C:\Octave
2017-08-16 10:49 - 2017-03-22 11:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-08-16 10:49 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-16 10:40 - 2017-03-22 10:57 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-08-15 19:05 - 2017-07-11 16:27 - 000000000 ____D C:\Program Files\Sandboxie
2017-08-15 19:05 - 2017-07-11 14:38 - 000000000 ____D C:\ProgramData\WindowsErrorReporting
2017-08-15 19:04 - 2016-04-23 05:39 - 000008192 __RSH C:\BOOTSECT.BAK
2017-08-15 18:51 - 2016-04-22 20:46 - 000109528 _____ C:\Users\pm\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-15 18:50 - 2009-07-14 06:45 - 005095016 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-15 18:26 - 2016-06-21 22:04 - 000000000 ____D C:\Users\pm\AppData\Local\CrashDumps
2017-08-15 17:22 - 2016-04-23 07:22 - 000000000 ____D C:\Program Files\Microsoft Office
2017-08-15 17:22 - 2011-04-12 10:28 - 000000000 ____D C:\Windows\ShellNew
2017-08-15 17:06 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-15 17:06 - 2009-07-14 04:34 - 000000387 _____ C:\Windows\win.ini
2017-08-15 16:57 - 2017-07-02 19:22 - 000000000 ___HD C:\adobeTemp
2017-08-15 16:57 - 2016-04-23 08:03 - 000000000 ____D C:\ProgramData\Adobe
2017-08-15 16:56 - 2016-04-23 08:07 - 000000000 ____D C:\Program Files\Adobe
2017-08-15 16:49 - 2016-04-23 08:02 - 000000000 ____D C:\Users\pm\AppData\Local\Adobe
2017-08-15 16:39 - 2017-03-26 17:40 - 000000000 ____D C:\Users\pm\AppData\Roaming\MathWorks
2017-08-15 16:39 - 2017-03-26 17:40 - 000000000 ____D C:\Users\pm\AppData\Local\MathWorks
2017-08-15 00:43 - 2016-04-23 07:31 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-08-15 00:43 - 2009-07-14 07:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2017-08-15 00:43 - 2009-07-14 05:20 - 000000000 __RSD C:\Windows\Media
2017-08-15 00:43 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Registration
2017-08-15 00:01 - 2017-04-03 22:11 - 000000000 ____D C:\Program Files\CamStudio 2.7
2017-08-14 23:57 - 2016-04-22 20:57 - 000000000 ____D C:\Program Files\7-Zip
2017-08-14 18:13 - 2017-03-22 11:01 - 000000000 ____D C:\Windows\SysWOW64\1033
2017-08-14 18:13 - 2017-03-22 10:59 - 000000000 ____D C:\Windows\system32\1033
2017-08-14 17:58 - 2016-04-23 08:14 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-08-14 16:44 - 2017-03-22 10:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-08-14 15:24 - 2017-06-17 17:52 - 000000000 ____D C:\ProgramData\Ableton
2017-08-14 09:27 - 2017-07-11 15:20 - 000003448 _____ C:\Users\pm\Desktop\Rkill.txt
2017-08-14 09:24 - 2017-07-11 15:21 - 000000000 ____D C:\Users\pm\Desktop\rkill
2017-08-14 09:04 - 2009-07-14 06:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-08-13 20:59 - 2016-04-24 20:43 - 000018516 _____ C:\Users\pm\.bash_history
2017-08-13 13:46 - 2017-05-17 09:41 - 000000000 ____D C:\Program Files (x86)\J River
2017-08-12 23:27 - 2017-03-22 11:29 - 000000000 ____D C:\Users\pm\Documents\Visual Studio 2015
2017-08-12 23:20 - 2016-05-21 18:36 - 000000000 ____D C:\Program Files\Process Hacker 2
2017-08-12 21:12 - 2017-06-21 10:06 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-12 21:12 - 2017-06-21 10:06 - 000000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-12 20:50 - 2017-06-21 10:06 - 000003908 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-08-12 20:50 - 2017-06-21 10:06 - 000003656 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-08-12 20:50 - 2017-03-08 13:30 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-12 20:50 - 2016-08-18 20:31 - 000004314 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-12 20:50 - 2016-04-22 20:47 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-12 20:50 - 2016-04-22 20:47 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-12 19:10 - 2016-05-10 12:45 - 000000000 ____D C:\Windows\system32\appmgmt
2017-08-11 23:00 - 2016-04-24 18:55 - 000001990 ____H C:\Users\pm\Documents\Default.rdp
2017-08-11 23:00 - 2009-07-14 07:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-08-11 17:36 - 2017-06-10 00:26 - 000000000 ____D C:\Users\pm\AppData\Local\Everything
2017-08-11 17:36 - 2017-06-08 20:48 - 000000000 ____D C:\Users\pm\AppData\Roaming\Everything
2017-08-11 17:21 - 2016-04-22 20:47 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-11 17:20 - 2016-04-22 20:48 - 000000000 ____D C:\Users\pm\AppData\Local\Google
2017-08-11 13:57 - 2017-02-13 12:31 - 000000000 ____D C:\Users\pm\AppData\LocalLow\Mozilla
2017-08-11 10:48 - 2016-05-08 15:57 - 000000000 ____D C:\Users\pm\AppData\Roaming\Mozilla
2017-08-11 10:26 - 2017-06-21 10:12 - 000000000 ___RD C:\Users\pm\Dropbox
2017-08-11 09:55 - 2009-07-14 04:34 - 000412456 _____ C:\Windows\system32\Drivers\etc\HOSTS.bak
2017-08-11 09:20 - 2017-06-21 10:06 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-10 22:42 - 2017-07-11 14:38 - 000003154 _____ C:\Windows\System32\Tasks\588c13b2cf0f592950aea01f6c9a4be8
2017-08-10 22:10 - 2017-07-04 11:04 - 000000000 ____D C:\Program Files (x86)\EasiestSoft
2017-08-10 22:08 - 2017-07-04 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasiestSoft
2017-08-10 15:52 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2017-08-10 10:26 - 2016-04-23 00:01 - 000000000 ____D C:\Windows\system32\MRT
2017-08-10 10:15 - 2016-04-23 00:01 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-09 20:31 - 2017-04-26 19:43 - 000000000 ____D C:\Users\pm\Desktop\iPlayer Recordings
2017-08-09 20:26 - 2017-04-26 19:17 - 000000000 ____D C:\Users\pm\.get_iplayer
2017-08-09 17:47 - 2016-08-18 20:31 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-09 17:47 - 2016-08-18 20:31 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 17:47 - 2016-08-18 20:31 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-09 17:47 - 2016-08-18 20:31 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-09 09:05 - 2016-04-23 09:40 - 000000000 ____D C:\Windows\system32\catroot2.orig
2017-08-08 20:24 - 2016-04-22 20:56 - 000000000 ____D C:\Users\pm\AppData\Roaming\vlc
2017-08-08 19:35 - 2009-07-14 05:20 - 000000000 __RHD C:\Users\Public\Libraries
2017-08-08 19:17 - 2017-07-11 15:28 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-08-06 23:41 - 2016-04-23 08:42 - 000000600 _____ C:\Users\pm\AppData\Roaming\winscp.rnd
2017-08-04 20:17 - 2017-05-13 09:43 - 000000000 ____D C:\Users\pm\AppData\Roaming\Google
2017-08-03 20:55 - 2016-06-22 21:48 - 000000000 ____D C:\utils
2017-08-02 11:04 - 2016-04-23 10:03 - 000000000 ____D C:\ProgramData\Oracle
2017-08-02 09:08 - 2017-03-03 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-08-02 09:08 - 2016-05-10 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-02 09:08 - 2016-05-10 12:46 - 000000000 ____D C:\Program Files\Java
2017-08-02 09:06 - 2016-05-10 12:46 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

==================== Files in the root of some directories =======

2016-04-26 09:28 - 2016-04-26 09:28 - 021572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-04-03 22:21 - 2017-04-03 22:21 - 000000072 _____ () C:\Users\pm\AppData\Roaming\Camdata.ini
2017-04-03 22:21 - 2017-04-03 22:21 - 000000408 _____ () C:\Users\pm\AppData\Roaming\CamLayout.ini
2017-04-03 22:21 - 2017-04-03 22:21 - 000000408 _____ () C:\Users\pm\AppData\Roaming\CamShapes.ini
2017-04-03 22:21 - 2017-04-03 22:21 - 000004537 _____ () C:\Users\pm\AppData\Roaming\CamStudio.cfg
2017-04-03 22:11 - 2017-04-03 22:11 - 000000096 _____ () C:\Users\pm\AppData\Roaming\version2.xml
2016-04-23 08:42 - 2017-08-06 23:41 - 000000600 _____ () C:\Users\pm\AppData\Roaming\winscp.rnd
2017-04-02 19:15 - 2017-04-02 20:21 - 000000600 _____ () C:\Users\pm\AppData\Local\PUTTY.RND
2017-05-31 10:58 - 2017-05-31 10:58 - 000001218 _____ () C:\Users\pm\AppData\Local\recently-used.xbel
2016-05-15 18:23 - 2016-05-15 18:23 - 000007667 _____ () C:\Users\pm\AppData\Local\Resmon.ResmonCfg
2017-08-10 22:45 - 2017-08-10 22:45 - 000048556 _____ () C:\ProgramData\agent.1502397905.bdinstall.bin
2017-08-12 19:08 - 2017-08-12 19:08 - 000030406 _____ () C:\ProgramData\agent.uninstall.1502557713.bdinstall.bin
2017-08-11 17:33 - 2017-08-11 17:33 - 000030878 _____ () C:\ProgramData\agent.update.1502465607.bdinstall.bin
2017-07-11 15:14 - 2017-07-11 15:14 - 000000004 _____ () C:\ProgramData\_lg.3sap

Some files in TEMP:
====================
2017-08-16 11:23 - 2017-02-14 12:59 - 000104928 _____ (Emby Media) C:\Users\pm\AppData\Local\Temp\MediaBrowser.Uninstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-11 09:14

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by pm (20-08-2017 09:55:27)
Running from C:\Users\pm\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-04-22 17:45:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ad (S-1-5-21-3544083035-440599331-3152633296-1006 - Administrator - Enabled) => C:\Users\ad
Administrator (S-1-5-21-3544083035-440599331-3152633296-500 - Administrator - Disabled)
Ditte (S-1-5-21-3544083035-440599331-3152633296-1002 - Administrator - Enabled) => C:\Users\Ditte
Guest (S-1-5-21-3544083035-440599331-3152633296-501 - Limited - Disabled)
pm (S-1-5-21-3544083035-440599331-3152633296-1000 - Administrator - Enabled) => C:\Users\pm

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
ActiveState ActivePython 2.7.10.12 (64-bit) (HKLM\...\{87968C36-E9B2-4318-AF57-CEDF95F6B4E5}) (Version: 2.7.12 - ActiveState Software Inc.)
ActiveState ActiveTcl 8.6.4.1 (64-bit) (HKLM\...\ActiveTcl 8.6.4.1 (64-bit)) (Version: 8.6.4.1 (64-bit) - ActiveState Software Inc.)
adobe (HKLM\...\{20FD3B0E-D450-488F-AB68-7DA0EC0E4913}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.4 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avidemux 2.6 - 32 bits (32-bit) (HKLM-x32\...\Avidemux 2.6 - 32 bits) (Version: 2.6.20.170428 - )
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{B2429EA1-767E-4947-A458-F2204A2AA1BB}) (Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.14.40.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.1.0.6 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.10.2 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.0.1.3 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.20.0 - Canon Inc.)
CMake (HKLM\...\{7EFC6372-ACA9-459B-A7C8-BB2CA6C2CE19}) (Version: 3.8.1 - Kitware)
Crazybump (remove only) (HKLM-x32\...\Crazybump) (Version:  - )
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
Dropbox (HKLM-x32\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Emby Server (HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\Emby Server) (Version: 3.2 - Emby Team)
Epic Games Launcher (HKLM-x32\...\{CD8F9CE5-23D6-417E-93F0-D9A06D94E8F5}) (Version: 1.1.105.0 - Epic Games, Inc.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - )
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
Ext2Fsd 0.66 (HKLM\...\Ext2Fsd_is1) (Version: 0.66 - Matt Wu)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )
Fresco Logic USB3.0 Host Controller (HKLM\...\{021EE8E1-B2F5-40D0-8EFB-BB711C2860FF}) (Version: 3.0.116.3 - Fresco Logic Inc.)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
get_iplayer (HKLM-x32\...\get_iplayer) (Version: 3.00.0 - )
Git version 2.8.1 (HKLM\...\Git_is1) (Version: 2.8.1 - The Git Development Community)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gow (HKLM-x32\...\Gow) (Version:  - )
GPAC (remove only) (HKLM-x32\...\GPAC) (Version:  - )
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashCheck Shell Extension (x86-64) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HostsMan 4.6.103 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.6.103.0 - abelhadigital.com)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
ImageMagick 7.0.2-9 Q8 (64-bit) (2016-08-14) (HKLM\...\ImageMagick 7.0.2 Q8 (64-bit)_is1) (Version: 7.0.2 - ImageMagick Studio LLC)
Inkscape 0.92.1 (HKLM-x32\...\Inkscape) (Version: 0.92.1 - Inkscape Project)
Inno Setup version 5.5.9 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.9 - jrsoftware.org)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{27276DC1-66AA-4B16-918D-5AB1EEDF09C6}) (Version: 6.0.5 - Intel Corporation)
ioquake3 (HKLM-x32\...\ioquake3) (Version:  - )
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 1.31 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.31 - Dominik Reichl)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
Kodi (HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\Kodi) (Version:  - XBMC-Foundation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.8 - Hermann Schinagl)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version:  - )
MediaInfo 0.7.94 (HKLM\...\MediaInfo) (Version: 0.7.94 - MediaArea.net)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Git Credential Manager for Windows 1.2.2 (HKLM\...\{9F0CBE43-690B-4C03-8845-6AC2CDB29815}_is1) (Version: 1.2.2 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24516 (HKLM-x32\...\{b8e12890-118d-4721-8e54-05d978086712}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 55.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 55.0.1 (x64 en-GB)) (Version: 55.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
MPC-HC 1.7.10 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
My Program version 1.5 (HKLM-x32\...\{A1C20F59-33A7-4C13-A46B-F14D21F3D7DA}_is1) (Version: 1.5 - My Company, Inc.)
Node.js (HKLM\...\{84F68739-3B44-4D36-ABDB-2151A23C9C3D}) (Version: 6.10.0 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
Nullsoft Install System (HKLM-x32\...\NSIS) (Version: 3.01 - )
NVIDIA GeForce Experience 2.11.2.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.66 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Python 2.7 winpdb-1.4.6 (HKLM-x32\...\winpdb-py2.7) (Version:  - )
Python 2.7.13 (HKLM-x32\...\{4A656C6C-D24A-473F-9747-3A8D00907A03}) (Version: 2.7.13150 - Python Software Foundation)
Quake III Arena (HKLM-x32\...\ioquake3-q3a) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.2.66 - NVIDIA Corporation) Hidden
Slik Subversion 1.9.5 (x86) (HKLM-x32\...\{A946CD71-F0DB-4CED-95D5-05354D6408DC}) (Version: 1.9.5140 - SlikSvn & The SharpSvn Project)
Spotify (HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Trust CR-1200 16-in-1 USB2 CARD READER (HKLM-x32\...\{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC8}) (Version: 1.00.0000 - )
UBitMenuUK (HKLM-x32\...\{66712957-4DF1-4896-B67F-474D14C506FC}_is1) (Version: 01.0.4 - UBit Schweiz AG)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Universal CRT Redistributable (HKLM-x32\...\{2268A04F-5702-C969-FA06-D4EF52E5C8DA}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{463CE323-9AD6-9DD4-24C8-649032E5CF09}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{162CBC73-EDF0-EBB8-2782-F7ABF9CE5B76}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WebGrab+Plus (HKLM-x32\...\{AEDBC508-8A29-453C-9C3C-A72728F2AD31}) (Version: 1.1.1 - ServerCare)
WebGrab+Plus (HKLM-x32\...\WebGrab+Plus_is1) (Version: 2.0 - WebGrab+Plus)
WG-Dependencies (HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\4cae215cafa50d85) (Version: 1.0.0.0 - WG-Dependencies)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinDirStat 1.1.2 (HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\WinDirStat) (Version:  - )
Windows SDK AddOn (HKLM-x32\...\{75C39BA6-1D02-4BEA-844F-0EA6C4B7FA1B}) (Version: 10.1.0.0 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
wxPython 3.0.2.0 for Python 2.7 (HKLM-x32\...\wxPython3.0-py27_is1) (Version: 3.0.2.0 - Total Control Software)
XML Explorer (HKLM-x32\...\{13CD7D45-69DA-4C83-A8EA-488A396B6920}) (Version: 4.0.5 - XML Explorer)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3544083035-440599331-3152633296-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll => No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-03-08] ()
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2011-03-13] (Atheros Commnucations)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2011-03-13] (Atheros Commnucations)
ContextMenuHandlers3: [HashCheck Shell Extension] -> {705977C7-86CB-4743-BFAF-6908BD19B7B0} => C:\Windows\system32\ShellExt\HashCheck.dll [2009-07-04] (code.kliu.org)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Utilities\bin\x64\TxView.dll [2010-06-02] (Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-03-22] (NVIDIA Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2016-04-19] (Hermann Schinagl)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F364660-CEEC-4799-A25B-01FB11BE8729} - System32\Tasks\{D7E54978-5AA0-4098-9A98-E9BBC2ECD392} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\Downloads\windirstat1_1_2_setup.exe -d C:\Users\pm\Downloads
Task: {1D398D8F-8FC5-4EA2-949A-A7DCD70BBDA1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {289658D7-2AC7-4828-8AF1-D1E7A55C5B66} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2B02928B-3993-49D6-B5A6-BF4DA2A4FEC9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {2FABB869-87C4-428A-B8EF-A9A975067ED3} - System32\Tasks\{E5213287-66CA-4E3B-8CBE-0AF529386894} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\Downloads\AviSynth_260.exe -d C:\Users\pm\Downloads
Task: {3F4D2C38-91FE-4E95-92DE-8A6BDC7D4E5B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4EB0A454-00BA-4CFA-9E13-4EA5DC4C5312} - \Feed Mornenanium Screen -> No File <==== ATTENTION
Task: {6180790B-F96F-4B3B-9CF0-A5BAB357341D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-21] (Dropbox, Inc.)
Task: {716862B0-70D9-4666-98E5-4CD48A69ADD3} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) <==== ATTENTION
Task: {73D5E932-7178-4C47-9F6D-0069CD48619A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9E566DB3-8F7F-436D-96C3-3F80F0363C6B} - \Sling -> No File <==== ATTENTION
Task: {A6F39917-1163-4924-A4BA-E0A0B62BD582} - System32\Tasks\{56612291-2677-4B65-BCBC-5654E65A8612} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\Downloads\dofsetup.exe -d C:\Users\pm\Downloads
Task: {AF9B523D-DF39-4ADE-A6F3-AB1FC4DDD9CE} - System32\Tasks\{C22FEADB-E7BB-411A-A093-932578BBF0FC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\J River\Media Center 21\JRMediaUninstall.exe"
Task: {B3923F59-8C52-4A15-BF80-5ECCB1D596BD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-21] (Dropbox, Inc.)
Task: {B5B59706-18D9-4019-9A21-CB9B260AB3A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B5C7B785-5203-45D2-B9B7-67622BD08A36} - System32\Tasks\{C3DF5442-2CEC-47BF-B7CA-48946B36CABC} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {B5D6E86D-878E-4520-A219-8081087EAF86} - System32\Tasks\max => C:\Windows\Max\maxtool.exe
Task: {C834B3C8-72E4-446E-A38D-3C4264EDACEE} - System32\Tasks\588c13b2cf0f592950aea01f6c9a4be8 => sc start 588c13b2cf0f592950aea01f6c9a4be8 <==== ATTENTION
Task: {CDE9F9AB-3231-4B6D-9F2E-5D09AB4F7177} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {DC0EAC5B-3818-49E8-A4C1-928F61193BB1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DC219A9D-E8D6-462E-A326-97796DCCC7D1} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {E6BCD8D0-81F7-452A-89E7-56B1957DC0F0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {EB56F2F2-EF57-4CB8-8718-5E8521ADDF96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {EBBA7950-3114-41A1-AAB4-6BB71DC9CEF5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EDC41165-62E0-4A31-8700-591A27F21C1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F7FD7F77-6AA3-460C-A075-0AF783989A1B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) <==== ATTENTION
Task: {FA5D8B8E-558C-46F0-9159-6710D15811FE} - System32\Tasks\{04738616-D08E-49E6-A085-0C6A7FFFA264} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\Downloads\WinFlash_Win7_32_Win7_64_Z2311\Setup.exe -d C:\Users\pm\Downloads\WinFlash_Win7_32_Win7_64_Z2311

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-08-21 10:29 - 2016-08-21 10:29 - 000594944 _____ () C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2015-11-22 22:05 - 2015-11-22 22:05 - 001530880 _____ () C:\Program Files\EqualizerAPO\libsndfile-1.dll
2014-03-15 23:29 - 2014-03-15 23:29 - 002604934 _____ () C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2016-04-21 19:02 - 2016-03-22 06:12 - 000020536 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 000192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2016-04-23 10:16 - 2016-03-22 06:12 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-04-24 20:04 - 2016-04-24 20:04 - 000204800 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
2017-03-08 04:42 - 2017-03-08 04:42 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2016-04-26 20:54 - 2016-04-26 20:53 - 001940480 _____ () C:\Program Files (x86)\Notepad++\plugins\XMLTools.dll
2016-04-26 20:54 - 2016-04-26 20:53 - 000103424 _____ () C:\Program Files (x86)\Notepad++\zlib1.dll
2016-04-26 20:54 - 2016-04-26 20:53 - 004535910 _____ () C:\Program Files (x86)\Notepad++\libxml2-2.dll
2016-04-26 20:54 - 2016-04-26 20:53 - 000941389 _____ () C:\Program Files (x86)\Notepad++\libxslt-1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-08-20 08:55 - 000000000 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3544083035-440599331-3152633296-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Atheros Bt&Wlan Coex Agent => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: Ext2Srv => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: Media Center 21 Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4F4E625C-BDAD-4441-9CC2-21C3C93B5E7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{7A725B79-CA19-4821-9885-655C53D42415}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{C4E66C81-B95F-47DE-BD25-ACC6088B2D1E}C:\users\pm\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\users\pm\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [UDP Query User{ECDE9A5C-519A-41F4-BC08-B1EA8E8C0976}C:\users\pm\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\users\pm\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [{820179C4-278E-4254-BD5F-2302A381CAC6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1E20ECE7-70A2-4475-B276-A5B05CB142D5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CA0DE2C8-816F-4513-9D0D-1F3DCFD889C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{646C4621-AE3F-4765-B12A-13E48D2C14BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{52487246-C19F-439E-9976-BCF4A8E5984D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1394C895-DDC4-4BE8-8989-A723D986DB24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AA9DEC99-046E-4880-B63C-6E40756FFC87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{33A89995-D818-438A-854A-D1A311A42CE5}C:\quake iii arena\quake3.exe] => (Allow) C:\quake iii arena\quake3.exe
FirewallRules: [UDP Query User{D0F283F8-B8DC-4F03-A4AE-67C1F5DC94B4}C:\quake iii arena\quake3.exe] => (Allow) C:\quake iii arena\quake3.exe
FirewallRules: [TCP Query User{8567DD3E-C181-40A5-A8A8-4C16D389630C}C:\quake iii arena\quake3.exe] => (Allow) C:\quake iii arena\quake3.exe
FirewallRules: [UDP Query User{214765FD-D098-4C4E-A21B-978A21C1453C}C:\quake iii arena\quake3.exe] => (Allow) C:\quake iii arena\quake3.exe
FirewallRules: [{FE982A2B-FCB5-4F3F-A9D0-C75692A4F2A8}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{2BAC5200-75A0-403B-8A1C-97FF7CA724DD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{DC005BDA-099E-423C-A04A-9ED33E8182F0}C:\program files (x86)\ioquake3\ioquake3.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioquake3.x86.exe
FirewallRules: [UDP Query User{7EE3F6FD-E5E7-4F6F-AB93-2D78BC08A7D3}C:\program files (x86)\ioquake3\ioquake3.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioquake3.x86.exe
FirewallRules: [{DD9A9076-11BE-47D6-A672-88839155471C}] => (Allow) C:\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{E51DE5AD-5971-4D4D-A6A7-768718B147F6}] => (Allow) C:\Far Cry 4\bin\FarCry4.exe
FirewallRules: [TCP Query User{36AB9658-FF52-46CA-9228-E370CEDB5F39}C:\kodi16.1\portable_data\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\kodi16.1\portable_data\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [UDP Query User{30F25FD3-725A-4658-9E54-CC9E90A7E46B}C:\kodi16.1\portable_data\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\kodi16.1\portable_data\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [TCP Query User{497D05FC-F39A-4627-B35C-C1473BC994F3}C:\users\pm\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pm\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1AFD633A-CED9-44FF-94FB-5B1BA33B1A88}C:\users\pm\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pm\appdata\roaming\spotify\spotify.exe
FirewallRules: [[SpotiWall by ries]] => (Block) C:\Users\pm\AppData\Roaming\Spotify\Spotify.exe
FirewallRules: [TCP Query User{853ECF5A-42DD-4F4B-A06C-57A6286EA626}C:\kodi16.1\portable_data.dev\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\kodi16.1\portable_data.dev\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [UDP Query User{516B24C5-2255-4AF6-B632-B538F429DAFC}C:\kodi16.1\portable_data.dev\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Allow) C:\kodi16.1\portable_data.dev\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [TCP Query User{4A63AB62-0398-4A12-BDF4-8F1DD10C176C}C:\users\pm\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\pm\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [UDP Query User{6758EAED-3856-42F8-A6C6-29EA9D389B9E}C:\users\pm\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\pm\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [TCP Query User{4C19D39E-40AB-4B27-A558-7A103F78E4C2}C:\users\pm\eclipse\java-neon2\eclipse\eclipse.exe] => (Allow) C:\users\pm\eclipse\java-neon2\eclipse\eclipse.exe
FirewallRules: [UDP Query User{4E4391D1-4D5C-46DB-BCAF-8BAF7266965A}C:\users\pm\eclipse\java-neon2\eclipse\eclipse.exe] => (Allow) C:\users\pm\eclipse\java-neon2\eclipse\eclipse.exe
FirewallRules: [TCP Query User{1B130581-2414-4F20-9C8F-81216E0CCE70}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{9E4F8E09-A0CE-4B57-B2AB-194EDBF67351}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [TCP Query User{B53E02C0-ADFD-4088-9DF2-0BF8281A09B0}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{A373E0E7-AB68-4529-808E-D2F922691984}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{983D7F98-E710-4E8C-86A2-D7F2B296E32D}C:\users\pm\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe] => (Allow) C:\users\pm\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe
FirewallRules: [UDP Query User{C4ED8B99-785B-40A6-90F6-9385B0FDEC91}C:\users\pm\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe] => (Allow) C:\users\pm\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe
FirewallRules: [TCP Query User{7EED58BD-2813-4090-B840-87498E99FC4A}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [UDP Query User{8F0FBEA1-FF92-4595-B2D5-422490C71A4B}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [{D339A361-0424-40AE-AEBB-68DD66707AAD}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{6DB7E930-CF46-411A-A423-503AAB498F46}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{2D7D5AA5-F82B-456B-A26B-297B8102FEDA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AA38D664-4475-4CE6-B263-86E33B121EF9}] => (Allow) LPort=1688
FirewallRules: [{D607018B-97A8-4F7E-86CA-E0BDBCEB586B}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{9385C76F-BFA1-4F69-A87C-559716FC4C27}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{A92885FD-3B43-4CCC-BE90-8C942ABE3A68}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{46AEF2FD-4F47-429E-8AF2-73C5660F03AE}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{6AE95E49-1657-4CC2-B39B-4FAF3D085B2D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C3CFA2A6-9548-4B86-A77A-B7436944A5BF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{03340280-A068-4141-81A9-D82A75B56A6A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{36CF9E84-8DD0-4548-AD97-40D84E72F282}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{5E2F44BE-69B3-4C59-8412-361C9B9D3C12}C:\kodi17.3 full\kodi.exe] => (Allow) C:\kodi17.3 full\kodi.exe
FirewallRules: [UDP Query User{6630B154-F4D6-4F38-A7BC-8170D5C0B667}C:\kodi17.3 full\kodi.exe] => (Allow) C:\kodi17.3 full\kodi.exe
FirewallRules: [TCP Query User{B859574B-52D7-42D0-B1E5-F7C6E73A977F}C:\kodi16.1\kodi.exe] => (Allow) C:\kodi16.1\kodi.exe
FirewallRules: [UDP Query User{7C8BB25F-C82A-4FE8-93F1-33AA85073463}C:\kodi16.1\kodi.exe] => (Allow) C:\kodi16.1\kodi.exe
FirewallRules: [TCP Query User{1E752DA2-BC97-4432-B1D6-48874008B726}C:\kodi17.3\kodi.exe] => (Allow) C:\kodi17.3\kodi.exe
FirewallRules: [UDP Query User{D902F372-574F-4CAB-9C56-3A79FF09EC6F}C:\kodi17.3\kodi.exe] => (Allow) C:\kodi17.3\kodi.exe

==================== Restore Points =========================

15-08-2017 16:12:18 BCUninstaller is uninstalling 1 application(s)
15-08-2017 17:01:55 Removed Microsoft Office Professional Plus 2016
15-08-2017 17:02:11 PROPLUS
15-08-2017 18:25:00 zoek.exe restore point
16-08-2017 10:36:42 Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4
16-08-2017 10:53:38 Windows Software Development Kit - Windows 10.0.10586.212
16-08-2017 10:58:52 Plex Media Server
16-08-2017 11:24:13 Removed Microsoft Visual C++ Compiler Package for Python 2.7
16-08-2017 11:25:24 Removed Oracle VM VirtualBox 5.1.20
16-08-2017 11:27:57 Removed Blender
16-08-2017 11:33:23 Removed Skype™ 7.32
16-08-2017 11:34:12 Removed Adobe Acrobat Reader DC.
16-08-2017 11:50:26 Removed Microsoft SQL Server 2016 LocalDB
16-08-2017 11:51:24 Removed Microsoft SQL Server 2012 Express LocalDB
17-08-2017 14:00:00 Windows Update
17-08-2017 22:13:46 Windows Update
18-08-2017 10:07:23 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
18-08-2017 11:33:09 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
18-08-2017 13:44:09 Installed Python 2.7.13
18-08-2017 13:46:29 Python 3.6.2 (32-bit)
19-08-2017 16:25:14 Installed Fresco Logic USB3.0 Host Controller

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Module
Description: Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2017 08:57:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/20/2017 08:57:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/20/2017 08:39:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/20/2017 08:39:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/17/2017 02:03:48 PM) (Source: MsiInstaller) (EventID: 1023) (User: asus)
Description: Product: Microsoft Silverlight - Update 'Microsoft Silverlight 5.1.50907.0' could not be installed. Error code 1603. Additional information is available in the log file C:\Users\pm\AppData\Local\Temp\SilverlightMSI.log.

Error: (08/17/2017 02:03:47 PM) (Source: MsiInstaller) (EventID: 11402) (User: asus)
Description: Product: Microsoft Silverlight -- Error 1402. Could not open key: HKEY_CURRENT_USER32\SOFTWARE\Classes\TypeLib\{283C8576-0726-4DBC-9609-3F855162009A}\0.8.5.0.  System error 1018.  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (08/17/2017 01:59:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/17/2017 01:59:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/17/2017 01:59:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/16/2017 04:44:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (08/20/2017 09:01:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (08/20/2017 08:50:01 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.249.1272.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.14003.0&avdelta=1.249.1272.0&asdelta=1.249.1272.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.14003.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (08/20/2017 08:50:01 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.249.1272.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.14003.0&avdelta=1.249.1272.0&asdelta=1.249.1272.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.14003.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (08/20/2017 08:23:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (08/17/2017 02:03:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Microsoft Silverlight (KB4023307).

Error: (08/17/2017 01:44:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.249.1077.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.14003.0

    Error code: 0x8024402f

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (08/17/2017 01:43:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (08/17/2017 01:41:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

Error: (08/17/2017 01:39:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/17/2017 01:39:07 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.249.1077.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: Default URL

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.14003.0

    Error code: 0x8007043c

    Error description: This service cannot be started in Safe Mode


CodeIntegrity:
===================================
  Date: 2017-06-30 01:25:38.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:25:37.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:25:33.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:25:31.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:22:30.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:22:30.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-30 01:22:29.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 8097.06 MB
Available physical RAM: 4525.73 MB
Total Virtual: 16192.31 MB
Available Virtual: 13067.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:344.76 GB) (Free:216.34 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:99.52 GB) (Free:43.67 GB) NTFS
Drive f: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:408.37 GB) NTFS
Drive m: (FILMS) (Network) (Total:1691.04 GB) (Free:96.62 GB) NTFS
Drive p: (FILMS) (Network) (Total:1691.04 GB) (Free:96.62 GB) NTFS
Drive v: (FILMS) (Network) (Total:1691.04 GB) (Free:96.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=344.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=99.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 76544EBB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 hahayeahhahah

hahayeahhahah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 20 August 2017 - 03:54 AM

Here is part of the debug log from Kodi that shows how the url is getting hijacked. The HEADER_IN url is nothing to do with the HEADER_OUT url.

 

10:45:16.835 T:2668   DEBUG: Curl::Debug - TEXT: Connected to vod-dash-uk-live.akamaized.net (51.255.103.217) port 80 (#4)
10:45:16.835 T:2668   DEBUG: Curl::Debug - HEADER_OUT: GET /usp/auth/vod/piff_abr_full_hd/e5ff25-p055q6nm/vf_p055q6nm_5845cbeb-7f58-4211-bc36-d05a32522194.ism.hlsv2.ism/dash/vf_p055q6nm_5845cbeb-7f58-4211-bc36-d05a32522194.ism.hlsv2-audio_eng=128000-2.m4s HTTP/1.1
10:45:16.835 T:2668   DEBUG: Curl::Debug - HEADER_OUT: Host: vod-dash-uk-live.akamaized.net
10:45:16.835 T:2668   DEBUG: Curl::Debug - HEADER_OUT: User-Agent: Kodi/17.3 (Windows NT 6.1; WOW64) App_Bitness/32 Version/17.3-Git:20170524-147cec4
10:45:16.835 T:2668   DEBUG: Curl::Debug - HEADER_OUT: Accept: */*
10:45:16.835 T:2668   DEBUG: Curl::Debug - HEADER_OUT: Accept-Encoding: gzip, deflate
10:45:16.835 T:2668   DEBUG: Curl::Debug - HEADER_OUT: Accept-Charset: UTF-8,*;q=0.8
10:45:16.835 T:2668   DEBUG: Curl::Debug - HEADER_OUT: Connection: keep-alive
10:45:16.852 T:2276   DEBUG: CActiveAESink::OpenSink - trying to open device DIRECTSOUND:default
10:45:16.858 T:2276   DEBUG: CAESinkDirectSound::Initialize: Using Window handle: 000501CA
10:45:16.860 T:2276   DEBUG: CAESinkDirectSound::Initialize: secondary buffer created
10:45:16.861 T:2276   DEBUG: CAESinkDirectSound::Initialize: Initializing DirectSound with the following parameters:
10:45:16.861 T:2276   DEBUG:   Audio Device    : Speakers (High Definition Audio Device)
10:45:16.861 T:2276   DEBUG:   Sample Rate     : 48000
10:45:16.861 T:2276   DEBUG:   Sample Format   : AE_FMT_FLOAT
10:45:16.861 T:2276   DEBUG:   Bits Per Sample : 32
10:45:16.861 T:2276   DEBUG:   Valid Bits/Samp : 32
10:45:16.861 T:2276   DEBUG:   Channel Count   : 2
10:45:16.861 T:2276   DEBUG:   Block Align     : 8
10:45:16.861 T:2276   DEBUG:   Avg. Bytes Sec  : 384000
10:45:16.861 T:2276   DEBUG:   Samples/Block   : 32
10:45:16.861 T:2276   DEBUG:   Format cBSize   : 22
10:45:16.861 T:2276   DEBUG:   Channel Layout  : FL,FR
10:45:16.861 T:2276   DEBUG:   Channel Mask    : 3
10:45:16.861 T:2276   DEBUG:   Frames          : 720
10:45:16.861 T:2276   DEBUG:   Frame Size      : 8
10:45:16.861 T:2276   DEBUG: CActiveAESink::OpenSink - DIRECTSOUND Initialized:
10:45:16.861 T:2276   DEBUG:   Output Device : default
10:45:16.861 T:2276   DEBUG:   Sample Rate   : 48000
10:45:16.861 T:2276   DEBUG:   Sample Format : AE_FMT_FLOAT
10:45:16.861 T:2276   DEBUG:   Channel Count : 2
10:45:16.861 T:2276   DEBUG:   Channel Layout: FL,FR
10:45:16.861 T:2276   DEBUG:   Frames        : 720
10:45:16.861 T:2276   DEBUG:   Frame Size    : 8
10:45:16.862 T:2168   DEBUG: CActiveAE::ClearDiscardedBuffers - buffer pool deleted
10:45:16.890 T:2276   DEBUG: Previous line repeats 1 times.
10:45:16.890 T:2276   DEBUG: CAESinkDirectSound::CheckPlayStatus: Resuming Playback
10:45:16.935 T:2668   DEBUG: Curl::Debug - HEADER_IN: HTTP/1.1 302 Found
10:45:16.936 T:2668   DEBUG: Curl::Debug - HEADER_IN: Content-Length:0
10:45:16.936 T:2668   DEBUG: Curl::Debug - HEADER_IN: Location:https://www.liveadexchanger.com/script/preurl.php?r=1626479
10:45:16.936 T:2668   DEBUG: Curl::Debug - TEXT: Excess found in a non pipelined read: excess = 8214 url = /usp/auth/vod/piff_abr_full_hd/e5ff25-p055q6nm/vf_p055q6nm_5845cbeb-7f58-4211-bc36-d05a32522194.ism.hlsv2.ism/dash/vf_p055q6nm_5845cbeb-7f58-4211-bc36-d05a32522194.ism.hlsv2-audio_eng=128000-2.m4s (zero-length body)
10:45:16.936 T:2668   DEBUG: Curl::Debug - TEXT: Connection #4 to host vod-dash-uk-live.akamaized.net left intact
10:45:16.936 T:2668   DEBUG: Curl::Debug - TEXT: Issue another request to this URL: 'https://www.liveadexchanger.com/script/preurl.php?r=1626479'
10:45:16.936 T:2668   DEBUG: Curl::Debug - TEXT: timeout on name lookup is not supported
10:45:17.000 T:2668   DEBUG: Curl::Debug - TEXT:   Trying 130.211.28.230...
 


Edited by hahayeahhahah, 20 August 2017 - 03:55 AM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 20 August 2017 - 02:20 PM

Thank you.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {0ad47607-0912-11e6-82eb-5404a6420d2f} - V:\SETUP.EXE
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {631c6fc3-0934-11e6-8128-e0b9a545f00a} - V:\setup.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {73beb98b-fa6c-11e6-b4ee-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {73beb9aa-fa6c-11e6-b4ee-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {a7b01f32-0ee2-11e7-a486-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {ad0d1bad-08b9-11e6-9663-5404a6420d2f} - V:\SETUP.EXE
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fa7f42a9-1555-11e7-85ac-5404a6420d2f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL X:\setup.hta
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb3c5cb3-0f97-11e7-9704-5404a6420d2f} - W:\setup.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb44b405-367e-11e7-b658-5404a6420d2f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb44b5c9-367e-11e7-b658-5404a6420d2f} - W:\Autoplay.exe -auto
GroupPolicy: Restriction
CHR HKLM\SOFTWARE\Policies\Google: Restriction
Tcpip\..\Interfaces\{D76A125A-0254-4BF6-892B-6BFFB2654119}: [NameServer] 52.29.2.17
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\brief@mozdev.org.xpi
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\scrapbookx@addons.mozilla.org.xpi
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\pm\AppData\Local\htyh\application\htwebHelper.dll
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
CHR HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh]
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe
C:\Windows\System32\Tasks\AutoKMS
C:\Program Files\KMSpico
C:\Windows\System32\Tasks\AutoPico Daily Restart
C:\Windows\System32\Tasks\588c13b2cf0f592950aea01f6c9a4be8
2017-07-11 15:14 - 2017-07-11 15:14 - 000000004 _____ () C:\ProgramData\_lg.3sap
CustomCLSID: HKU\S-1-5-21-3544083035-440599331-3152633296-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll
Task: {4EB0A454-00BA-4CFA-9E13-4EA5DC4C5312} - \Feed Mornenanium Screen
Task: {9E566DB3-8F7F-436D-96C3-3F80F0363C6B} - \Sling
Task: {B5C7B785-5203-45D2-B9B7-67622BD08A36} - System32\Tasks\{C3DF5442-2CEC-47BF-B7CA-48946B36CABC} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 
Task: {C834B3C8-72E4-446E-A38D-3C4264EDACEE} - System32\Tasks\588c13b2cf0f592950aea01f6c9a4be8 => sc start 588c13b2cf0f592950aea01f6c9a4be8
Task: {E6BCD8D0-81F7-452A-89E7-56B1957DC0F0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-04-22] ()
FirewallRules: [{AA38D664-4475-4CE6-B263-86E33B121EF9}] => (Allow) LPort=1688
FirewallRules: [{03340280-A068-4141-81A9-D82A75B56A6A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{36CF9E84-8DD0-4548-AD97-40D84E72F282}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\KMSELDI
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
emptytemp:
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
=================

Malwarebytes Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your Desktop
  • Right click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Press any key to start the scan
  • Once completed a JRT.txt document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 hahayeahhahah

hahayeahhahah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 20 August 2017 - 03:39 PM

It is looking fixed now. I can't get the liveadexchanger url to occur in Kodi or Internet Explorer or Firefox.

Have you got an idea where the virus was hiding?

The ironic thing with this problem is that I was looking for a legitimate open source front end gui for the Android adb tool. There was no p2p, banner ads or other dodgy looking front door... or so I thought.

 

Thanks very much for your help.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by pm (20-08-2017 21:39:29) Run:1
Running from C:\Users\pm\Downloads
Loaded Profiles: pm (Available Profiles: pm & Ditte & ad)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {0ad47607-0912-11e6-82eb-5404a6420d2f} - V:\SETUP.EXE
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {631c6fc3-0934-11e6-8128-e0b9a545f00a} - V:\setup.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {73beb98b-fa6c-11e6-b4ee-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {73beb9aa-fa6c-11e6-b4ee-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {a7b01f32-0ee2-11e7-a486-5404a6420d2f} - W:\vs_professional.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {ad0d1bad-08b9-11e6-9663-5404a6420d2f} - V:\SETUP.EXE
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fa7f42a9-1555-11e7-85ac-5404a6420d2f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL X:\setup.hta
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb3c5cb3-0f97-11e7-9704-5404a6420d2f} - W:\setup.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb44b405-367e-11e7-b658-5404a6420d2f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\...\MountPoints2: {fb44b5c9-367e-11e7-b658-5404a6420d2f} - W:\Autoplay.exe -auto
GroupPolicy: Restriction
CHR HKLM\SOFTWARE\Policies\Google: Restriction
Tcpip\..\Interfaces\{D76A125A-0254-4BF6-892B-6BFFB2654119}: [NameServer] 52.29.2.17
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\brief@mozdev.org.xpi
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\scrapbookx@addons.mozilla.org.xpi
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\pm\AppData\Local\htyh\application\htwebHelper.dll
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
CHR HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh]
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe
C:\Windows\System32\Tasks\AutoKMS
C:\Program Files\KMSpico
C:\Windows\System32\Tasks\AutoPico Daily Restart
C:\Windows\System32\Tasks\588c13b2cf0f592950aea01f6c9a4be8
2017-07-11 15:14 - 2017-07-11 15:14 - 000000004 _____ () C:\ProgramData\_lg.3sap
CustomCLSID: HKU\S-1-5-21-3544083035-440599331-3152633296-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll
Task: {4EB0A454-00BA-4CFA-9E13-4EA5DC4C5312} - \Feed Mornenanium Screen
Task: {9E566DB3-8F7F-436D-96C3-3F80F0363C6B} - \Sling
Task: {B5C7B785-5203-45D2-B9B7-67622BD08A36} - System32\Tasks\{C3DF5442-2CEC-47BF-B7CA-48946B36CABC} => C:\Windows\system32\pcalua.exe -a C:\Users\pm\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {C834B3C8-72E4-446E-A38D-3C4264EDACEE} - System32\Tasks\588c13b2cf0f592950aea01f6c9a4be8 => sc start 588c13b2cf0f592950aea01f6c9a4be8
Task: {E6BCD8D0-81F7-452A-89E7-56B1957DC0F0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-04-22] ()
FirewallRules: [{AA38D664-4475-4CE6-B263-86E33B121EF9}] => (Allow) LPort=1688
FirewallRules: [{03340280-A068-4141-81A9-D82A75B56A6A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{36CF9E84-8DD0-4548-AD97-40D84E72F282}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\KMSELDI
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ad47607-0912-11e6-82eb-5404a6420d2f} => key removed successfully
HKLM\Software\Classes\CLSID\{0ad47607-0912-11e6-82eb-5404a6420d2f} => key not found.
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{631c6fc3-0934-11e6-8128-e0b9a545f00a} => key removed successfully
HKLM\Software\Classes\CLSID\{631c6fc3-0934-11e6-8128-e0b9a545f00a} => key not found.
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73beb98b-fa6c-11e6-b4ee-5404a6420d2f} => key removed successfully
HKLM\Software\Classes\CLSID\{73beb98b-fa6c-11e6-b4ee-5404a6420d2f} => key not found.
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73beb9aa-fa6c-11e6-b4ee-5404a6420d2f} => key removed successfully
HKLM\Software\Classes\CLSID\{73beb9aa-fa6c-11e6-b4ee-5404a6420d2f} => key not found.
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7b01f32-0ee2-11e7-a486-5404a6420d2f} => key removed successfully
HKLM\Software\Classes\CLSID\{a7b01f32-0ee2-11e7-a486-5404a6420d2f} => key not found.
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad0d1bad-08b9-11e6-9663-5404a6420d2f} => key removed successfully
HKLM\Software\Classes\CLSID\{ad0d1bad-08b9-11e6-9663-5404a6420d2f} => key not found.
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa7f42a9-1555-11e7-85ac-5404a6420d2f} => key removed successfully
HKLM\Software\Classes\CLSID\{fa7f42a9-1555-11e7-85ac-5404a6420d2f} => key not found.
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb3c5cb3-0f97-11e7-9704-5404a6420d2f} => key removed successfully
HKLM\Software\Classes\CLSID\{fb3c5cb3-0f97-11e7-9704-5404a6420d2f} => key not found.
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb44b405-367e-11e7-b658-5404a6420d2f} => key removed successfully
HKLM\Software\Classes\CLSID\{fb44b405-367e-11e7-b658-5404a6420d2f} => key not found.
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb44b5c9-367e-11e7-b658-5404a6420d2f} => key removed successfully
HKLM\Software\Classes\CLSID\{fb44b5c9-367e-11e7-b658-5404a6420d2f} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D76A125A-0254-4BF6-892B-6BFFB2654119}\\NameServer => value removed successfully
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi => not found.
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\brief@mozdev.org.xpi => not found.
FF Extension: (No Name) - C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\3hscxf3n.default-1502395277761\extensions\scrapbookx@addons.mozilla.org.xpi => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@haitao.com/npHaitaoPlugin => key removed successfully
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\pm\AppData\Local\htyh\application\htwebHelper.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll => not found.
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Google\Chrome\Extensions\CHR HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] => key not found.
HKLM\System\CurrentControlSet\Services\gupdate => key removed successfully
gupdate => service removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => key removed successfully
gupdatem => service removed successfully
Service KMSELDI => service not found.
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"C:\Program Files\KMSpico" => not found.
"C:\Windows\System32\Tasks\AutoPico Daily Restart" => not found.
C:\Windows\System32\Tasks\588c13b2cf0f592950aea01f6c9a4be8 => moved successfully
C:\ProgramData\_lg.3sap => moved successfully
HKU\S-1-5-21-3544083035-440599331-3152633296-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{4EB0A454-00BA-4CFA-9E13-4EA5DC4C5312} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EB0A454-00BA-4CFA-9E13-4EA5DC4C5312} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9E566DB3-8F7F-436D-96C3-3F80F0363C6B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E566DB3-8F7F-436D-96C3-3F80F0363C6B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5C7B785-5203-45D2-B9B7-67622BD08A36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5C7B785-5203-45D2-B9B7-67622BD08A36} => key removed successfully
C:\Windows\System32\Tasks\{C3DF5442-2CEC-47BF-B7CA-48946B36CABC} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C3DF5442-2CEC-47BF-B7CA-48946B36CABC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C834B3C8-72E4-446E-A38D-3C4264EDACEE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C834B3C8-72E4-446E-A38D-3C4264EDACEE} => key removed successfully
C:\Windows\System32\Tasks\588c13b2cf0f592950aea01f6c9a4be8 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\588c13b2cf0f592950aea01f6c9a4be8 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E6BCD8D0-81F7-452A-89E7-56B1957DC0F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6BCD8D0-81F7-452A-89E7-56B1957DC0F0} => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA38D664-4475-4CE6-B263-86E33B121EF9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03340280-A068-4141-81A9-D82A75B56A6A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36CF9E84-8DD0-4548-AD97-40D84E72F282} => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\KMSELDI => key not found.

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3544083035-440599331-3152633296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3589894 B
Java, Flash, Steam htmlcache => 10890 B
Windows/system/drivers => 42050 B
Edge => 0 B
Chrome => 0 B
Firefox => 536943518 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33186 B
LocalService => 0 B
NetworkService => 684630 B
pm => 86671569 B
UpdatusUser => 0 B
Ditte => 7737287 B
ad => 82837 B

RecycleBin => 172138988 B
EmptyTemp: => 778.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:58:45 ====

 

# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 20 20:14:56 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [3653 B] - [2017/7/11 14:0:39]
C:/AdwCleaner/AdwCleaner[S0].txt - [3659 B] - [2017/7/11 13:59:51]
C:/AdwCleaner/AdwCleaner[S1].txt - [1087 B] - [2017/8/20 20:14:38]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by pm (Administrator) on 20/08/2017 at 22:20:30.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Windows\wininit.ini (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/08/2017 at 22:24:47.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 20 August 2017 - 05:48 PM

:thumbsup2:

It is really hard to tell where the browser hijack was located. Hopefully you don't see any more evidence of it.

Let's give it a day and touch base tomorrow, or sooner if it appears again.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 22 August 2017 - 08:47 AM

Shall I assume no news is good news?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 hahayeahhahah

hahayeahhahah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 22 August 2017 - 09:25 AM

I haven't seen any sign of liveadexchanger so I think everything is ok.

Windows really is wide open for attack compared with something like Android, although that is not exactly safe.

 

Excellent work. Thank you very much. :)



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 22 August 2017 - 12:56 PM

My pleasure.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 AM

Posted 23 August 2017 - 09:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users