Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C: disk suddenly almost full - insufficient memory to execute tasks


  • Please log in to reply
12 replies to this topic

#1 Mark-D

Mark-D

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 25 September 2017 - 01:46 PM

Hello,

 

My problem is the following:

 

Since a short time my C: disk is suddenly almost full. When working in Photoshop on several pictures at once I get a message telling me there is insufficient memory because the work disk is full.

When I look at the files and programs that are installed on this disk I see nothing that takes up a lot of space and I have not installed anything on this drive.

 

I hope this is something that can be fixed...

 

Thank you very much in advance!

 

Best regards,

Bob



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:15 AM

Posted 25 September 2017 - 01:55 PM

FWIW:  The C: partition/Windows partition...requires approx 15% of partition space in order for Windows to work optimally.  How large is your C: and how much free space is there in C:?

 

How much RAM is installed in this system?

 

Louis



#3 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 25 September 2017 - 02:11 PM

Hello,

 

The C: partition is 118GB and the free space 3,33GB...

 

The problem never occured before...

 

 

Best regards,

Bob



#4 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 26 September 2017 - 12:37 PM

I think it must be caused by malware or a virus, as the free space on the disk disappeared without reason known reason.

 

I will await your expert opinion. I hope you can help to solve this problem.

 

Thanks again!



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:15 AM

Posted 26 September 2017 - 06:53 PM

For the record...I try a lot of things, none of which I consider myself to be "expert" at :).

 

I was just trying to clarify your situation...the folks in this forum will explore the possibility of malware.

 

Louis


Edited by hamluis, 26 September 2017 - 06:55 PM.


#6 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 27 September 2017 - 12:41 PM

Thank you very much Louis for moving the thread to the right section.



#7 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 30 September 2017 - 03:09 PM

I am very sorry if I am too impatient, but I was wondering if someone can advise me what to do to detect the cause of my problems. Are there standard scans that I can make?



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:15 AM

Posted 19 October 2017 - 10:12 AM

Try rebooting into Safe Mode with Networking and run these

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 15 March 2018 - 03:21 PM

Hello,

 

First off all I apologize for reacting months after your post. I have been very sick the last few months.

 

Thank you very much for your help.

 

I have done all the steps you suggested and I put the logs in this post. I hope you will be able to help me.

 

MiniToolBox

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by louco (administrator) on 14-03-2018 at 20:30:33
Running from "C:\Users\louco\Desktop"
Microsoft Windows 10 Famille  (X64)
Model: Aspire VN7-791G Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configuration IP de Windows

Cache de r�solution DNS vid�.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Qualcomm Atheros QCA61x4 Wireless Network Adapter = Wi-Fi (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Connexion réseau Bluetooth 2 (Media disconnected)


# ----------------------------------
# Configuration du protocole IPv4
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Connexion au r‚seau local* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connexion r‚seau Bluetooth" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connexion r‚seau Bluetooth 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connexion au r‚seau local* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# Fin de la configuration du protocole IPv4



Configuration IP de Windows

   Nom de l'h“te . . . . . . . . . . : LAPTOP-6IDS9GG4
   Suffixe DNS principal . . . . . . :
   Type de noeud. . . . . . . . . .  : Hybride
   Routage IP activ‚ . . . . . . . . : Non
   Proxy WINS activ‚ . . . . . . . . : Non
   Liste de recherche du suffixe DNS.: telenet.be

Carte Ethernet Ethernet :

   Statut du m‚dia. . . . . . . . . . . . : M‚dia d‚connect‚
   Suffixe DNS propre … la connexion. . . :
   Description. . . . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Adresse physique . . . . . . . . . . . : 30-65-EC-81-19-8E
   DHCP activ‚. . . . . . . . . . . . . . : Oui
   Configuration automatique activ‚e. . . : Oui

Carte r‚seau sans fil Connexion au r‚seau local* 11ÿ:

   Statut du m‚dia. . . . . . . . . . . . : M‚dia d‚connect‚
   Suffixe DNS propre … la connexion. . . :
   Description. . . . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Adresse physique . . . . . . . . . . . : 42-B8-9A-19-68-67
   DHCP activ‚. . . . . . . . . . . . . . : Oui
   Configuration automatique activ‚e. . . : Oui

Carte r‚seau sans fil Wi-Fiÿ:

   Suffixe DNS propre … la connexion. . . : home
   Description. . . . . . . . . . . . . . : Qualcomm Atheros QCA61x4 Wireless Network Adapter
   Adresse physique . . . . . . . . . . . : 40-B8-9A-19-68-67
   DHCP activ‚. . . . . . . . . . . . . . : Oui
   Configuration automatique activ‚e. . . : Oui
   Adresse IPv6. . . . . . . . . . .ÿ. . .: 2a02:1810:1d85:6b00:8d66:5288:60cb:6e70(pr‚f‚r‚)
   Adresse IPv6 temporaire . . . . . . . .: 2a02:1810:1d85:6b00:d4c3:11a2:10ba:975a(pr‚f‚r‚)
   Adresse IPv6 de liaison locale. . . . .: fe80::8d66:5288:60cb:6e70%18(pr‚f‚r‚)
   Adresse IPv4. . . . . . . . . . . . . .: 192.168.0.192(pr‚f‚r‚)
   Masque de sous-r‚seau. . . .ÿ. . . . . : 255.255.255.0
   Bail obtenu. . . . . . . . .ÿ. . . . . : mercredi 14 mars 2018 20:26:01
   Bail expirant. . . . . . . . .ÿ. . . . : mercredi 14 mars 2018 21:26:06
   Passerelle par d‚faut. . . .ÿ. . . . . : fe80::5667:51ff:fe43:94c9%18
                                   192.168.0.1
   Serveur DHCP . . . . . . . . . . . . . : 192.168.0.1
   IAID DHCPv6 . . . . . . . . . . . : 323008666
   DUID de client DHCPv6. . . . . . . . : 00-01-00-01-1D-74-35-4C-30-65-EC-81-19-8E
   Serveurs DNS. . .  . . . . . . . . . . : 2a02:1800:100::44:2
                                   2a02:1800:100::44:1
                                   195.130.130.4
                                   195.130.131.4
   NetBIOS sur Tcpip. . . . . . . . . . . : Activ‚
   Liste de recherche de suffixesÿDNS propres … la connexionÿ:
                                   telenet.be

Carte Ethernet Connexion r‚seau Bluetooth 2 :

   Statut du m‚dia. . . . . . . . . . . . : M‚dia d‚connect‚
   Suffixe DNS propre … la connexion. . . :
   Description. . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Adresse physique . . . . . . . . . . . : 40-B8-9A-19-68-68
   DHCP activ‚. . . . . . . . . . . . . . : Oui
   Configuration automatique activ‚e. . . : Oui

Carte Tunnel isatap.home :

   Statut du m‚dia. . . . . . . . . . . . : M‚dia d‚connect‚
   Suffixe DNS propre … la connexion. . . : home
   Description. . . . . . . . . . . . . . : Microsoft ISATAP Adapter
   Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP activ‚. . . . . . . . . . . . . . : Non
   Configuration automatique activ‚e. . . : Oui

Carte Tunnel Teredo Tunneling Pseudo-Interface :

   Suffixe DNS propre … la connexion. . . :
   Description. . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP activ‚. . . . . . . . . . . . . . : Non
   Configuration automatique activ‚e. . . : Oui
   Adresse IPv6. . . . . . . . . . .ÿ. . .: 2001:0:9d38:6abd:20e8:330b:a11d:6fad(pr‚f‚r‚)
   Adresse IPv6 de liaison locale. . . . .: fe80::20e8:330b:a11d:6fad%4(pr‚f‚r‚)
   Passerelle par d‚faut. . . .ÿ. . . . . :
   IAID DHCPv6 . . . . . . . . . . . : 520093696
   DUID de client DHCPv6. . . . . . . . : 00-01-00-01-1D-74-35-4C-30-65-EC-81-19-8E
   NetBIOS sur TCPIP. . . . . . . . . . . : D‚sactiv‚
Serveur :   hobo02.dnsresv6.prd.telenet-ops.be
Address:  2a02:1800:100::44:2

Nom :    google.com
Addresses:  2a00:1450:4001:81d::200e
      172.217.22.110


Envoi d'une requˆte 'ping' sur google.com [2a00:1450:4001:81d::200e] avec 32 octets de donn‚esÿ:
R‚ponse de 2a00:1450:4001:81d::200eÿ: temps=26 ms
R‚ponse de 2a00:1450:4001:81d::200eÿ: temps=28 ms

Statistiques Ping pour 2a00:1450:4001:81d::200e:
    Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
    Minimum = 26ms, Maximum = 28ms, Moyenne = 27ms
Serveur :   hobo02.dnsresv6.prd.telenet-ops.be
Address:  2a02:1800:100::44:2

Nom :    yahoo.com
Addresses:  2001:4998:58:2201::73
      2001:4998:c:e33::53
      206.190.39.42
      98.139.180.180


Envoi d'une requˆte 'ping' sur yahoo.com [2001:4998:58:2201::73] avec 32 octets de donn‚esÿ:
R‚ponse de 2001:4998:58:2201::73ÿ: temps=136 ms
R‚ponse de 2001:4998:58:2201::73ÿ: temps=131 ms

Statistiques Ping pour 2001:4998:58:2201::73:
    Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
    Minimum = 131ms, Maximum = 136ms, Moyenne = 133ms

Envoi d'une requˆte 'Ping'  127.0.0.1 avec 32 octets de donn‚esÿ:
R‚ponse de 127.0.0.1ÿ: octets=32 temps<1ms TTL=128
R‚ponse de 127.0.0.1ÿ: octets=32 temps<1ms TTL=128

Statistiques Ping pour 127.0.0.1:
    Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
    Minimum = 0ms, Maximum = 0ms, Moyenne = 0ms
===========================================================================
Liste d'Interfaces
 16...30 65 ec 81 19 8e ......Broadcom NetLink ™ Gigabit Ethernet
 10...42 b8 9a 19 68 67 ......Microsoft Wi-Fi Direct Virtual Adapter
 18...40 b8 9a 19 68 67 ......Qualcomm Atheros QCA61x4 Wireless Network Adapter
  3...40 b8 9a 19 68 68 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  4...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Table de routage
===========================================================================
Itin‚raires actifsÿ:
Destination r‚seau    Masque r‚seau  Adr. passerelle   Adr. interface M‚trique
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.192     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link     192.168.0.192    291
    192.168.0.192  255.255.255.255         On-link     192.168.0.192    291
    192.168.0.255  255.255.255.255         On-link     192.168.0.192    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.0.192    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.0.192    291
===========================================================================
Itin‚raires persistantsÿ:
  Aucun

IPv6 Table de routage
===========================================================================
Itin‚raires actifsÿ:
 If Metric Network Destination      Gateway
 18     51 ::/0                     fe80::5667:51ff:fe43:94c9
  1    331 ::1/128                  On-link
  4    331 2001::/32                On-link
  4    331 2001:0:9d38:6abd:20e8:330b:a11d:6fad/128
                                    On-link
 18     51 2a02:1810:1d85:6b00::/64 On-link
 18    291 2a02:1810:1d85:6b00::/64 fe80::5667:51ff:fe43:94c9
 18    291 2a02:1810:1d85:6b00:8d66:5288:60cb:6e70/128
                                    On-link
 18    291 2a02:1810:1d85:6b00:d4c3:11a2:10ba:975a/128
                                    On-link
 18    291 fe80::/64                On-link
  4    331 fe80::/64                On-link
  4    331 fe80::20e8:330b:a11d:6fad/128
                                    On-link
 18    291 fe80::8d66:5288:60cb:6e70/128
                                    On-link
  1    331 ff00::/8                 On-link
 18    291 ff00::/8                 On-link
  4    331 ff00::/8                 On-link
===========================================================================
Itin‚raires persistantsÿ:
  Aucun
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/14/2018 08:26:14 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 0.7.E.6.B.C.0.6.8.8.2.5.6.6.D.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR LAPTOP-6IDS9GG4-2.local.

Error: (03/14/2018 08:26:14 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.192:5353   23 0.7.E.6.B.C.0.6.8.8.2.5.6.6.D.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR LAPTOP-6IDS9GG4.local.

Error: (03/14/2018 08:26:14 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 192.0.168.192.in-addr.arpa. PTR LAPTOP-6IDS9GG4-2.local.

Error: (03/14/2018 08:26:14 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.192:5353   23 192.0.168.192.in-addr.arpa. PTR LAPTOP-6IDS9GG4.local.

Error: (03/14/2018 08:26:04 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname LAPTOP-6IDS9GG4.local already in use; will try LAPTOP-6IDS9GG4-2.local instead

Error: (03/14/2018 08:26:04 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will rename    4 LAPTOP-6IDS9GG4.local. Addr 192.168.0.192

Error: (03/14/2018 08:26:04 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.192:5353   16 LAPTOP-6IDS9GG4.local. AAAA 2A02:1810:1D85:6B00:3C40:A41E:DA51:9414

Error: (03/14/2018 08:24:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-6IDS9GG4)
Description: Échec de l’activation de l’application Microsoft.Getstarted_5.12.2691.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca avec l’erreur : -2144927149 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (03/14/2018 08:24:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-6IDS9GG4)
Description: Échec de l’activation de l’application Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App avec l’erreur : -2144927149 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (03/14/2018 08:22:59 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 192.0.168.192.in-addr.arpa. PTR LAPTOP-6IDS9GG4-3.local.


System errors:
=============
Error: (03/14/2018 08:26:08 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}AUTORITE NTSERVICE LOCALS-1-5-19LocalHost (avec LRPC)Non disponibleNon disponible

Error: (03/14/2018 08:26:08 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}AUTORITE NTSERVICE LOCALS-1-5-19LocalHost (avec LRPC)Non disponibleNon disponible

Error: (03/14/2018 08:26:08 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}AUTORITE NTSERVICE LOCALS-1-5-19LocalHost (avec LRPC)Non disponibleNon disponible

Error: (03/14/2018 08:26:08 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}AUTORITE NTSERVICE LOCALS-1-5-19LocalHost (avec LRPC)Non disponibleNon disponible

Error: (03/14/2018 08:26:08 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}AUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible

Error: (03/14/2018 08:25:58 PM) (Source: Service Control Manager) (User: )
Description: Le service Kingsoft_WPS_UpdateService n’a pas pu démarrer en raison de l’erreur :
%%1053 = Le service n’a pas répondu assez vite à la demande de lancement ou de contrôle.


Error: (03/14/2018 08:25:58 PM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Kingsoft_WPS_UpdateService.

Error: (03/14/2018 08:25:44 PM) (Source: DCOM) (User: AUTORITE NT)
Description: 1084dpsNon disponible{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (03/14/2018 08:25:44 PM) (Source: DCOM) (User: AUTORITE NT)
Description: 1084dpsNon disponible{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (03/14/2018 08:25:44 PM) (Source: DCOM) (User: AUTORITE NT)
Description: 1084dpsNon disponible{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}


Microsoft Office Sessions:
=========================
Error: (03/14/2018 08:26:14 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 0.7.E.6.B.C.0.6.8.8.2.5.6.6.D.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR LAPTOP-6IDS9GG4-2.local.

Error: (03/14/2018 08:26:14 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.192:5353   23 0.7.E.6.B.C.0.6.8.8.2.5.6.6.D.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR LAPTOP-6IDS9GG4.local.

Error: (03/14/2018 08:26:14 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 192.0.168.192.in-addr.arpa. PTR LAPTOP-6IDS9GG4-2.local.

Error: (03/14/2018 08:26:14 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.192:5353   23 192.0.168.192.in-addr.arpa. PTR LAPTOP-6IDS9GG4.local.

Error: (03/14/2018 08:26:04 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname LAPTOP-6IDS9GG4.local already in use; will try LAPTOP-6IDS9GG4-2.local instead

Error: (03/14/2018 08:26:04 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will rename    4 LAPTOP-6IDS9GG4.local. Addr 192.168.0.192

Error: (03/14/2018 08:26:04 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.192:5353   16 LAPTOP-6IDS9GG4.local. AAAA 2A02:1810:1D85:6B00:3C40:A41E:DA51:9414

Error: (03/14/2018 08:24:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-6IDS9GG4)
Description: Microsoft.Getstarted_5.12.2691.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca-2144927149

Error: (03/14/2018 08:24:28 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-6IDS9GG4)
Description: Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App-2144927149

Error: (03/14/2018 08:22:59 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 192.0.168.192.in-addr.arpa. PTR LAPTOP-6IDS9GG4-3.local.


CodeIntegrity Errors:
===================================
  Date: 2018-03-13 19:21:51.861
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-03-13 19:21:51.859
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-03-13 00:10:24.004
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2018-03-13 00:10:23.919
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2018-03-11 21:26:54.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2018-03-11 21:26:54.050
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2018-03-10 23:19:35.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2018-03-10 23:19:34.991
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2018-03-09 17:55:16.092
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2018-03-09 17:55:16.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-428eae2c-9e05-492a-985a-f36ddac22115) (Version: 3.0.2.118 - WildTangent) Hidden
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2002 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3005 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Amazon Assistant (HKLM-x32\...\{42FA793A-4E94-4FA3-A638-9B4B6B1D6A25}) (Version: 10.18.0221 - Amazon)
Amazon Search (HKLM-x32\...\Amazon Assistant) (Version: 2.3.4 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
App Explorer (HKCU\...\Host App Service) (Version: 0.273.2.646 - SweetLabs)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assistant Mise à jour de Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.4 - AVAST Software)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\{90DFD61B-8224-00C6-3D69-A983B60A394E}) (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (HKLM-x32\...\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1) (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Belgium e-ID middleware 4.1.18 (build 1730) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A71730}) (Version: 4.1.1730 - Belgian Government)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom NetLink Controller (HKLM\...\{7FBA83D7-D58E-4B70-9B9B-12E95B183B22}) (Version: 16.6.1.3 - Broadcom Corporation)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.50.1 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.30.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.30.0 - Canon Inc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5427.02 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKCU\...\Dashlane) (Version: 5.8.0.17084 - Dashlane, Inc.)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 1.2.3.5 - Dashlane SAS)
Dino Storm (HKLM-x32\...\WildTangentGDF-acer-dinostorm) (Version: 13.0.0.6 - WildTangent) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
Galerie de photos (HKLM-x32\...\{439B34FF-F74E-4807-B5E2-4B758551DA6B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Home Makeover (HKLM-x32\...\WTA-f2bf7eb9-e377-484f-8cde-dbb7152c6ea8) (Version: 3.0.2.59 - WildTangent) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-b9eca6f0-f350-409b-80b6-7cfb979d1682) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-d55a4c69-9aca-46c0-bd47-30a8aafd5860) (Version: 3.0.2.118 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logiciel pour périphérique à chipset Intel® (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Magic Academy (HKLM-x32\...\WTA-4f8f4d42-f753-460a-acd0-d2dc96643b21) (Version: 2.2.0.97 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9029 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.)
Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{f9b04b37-35d5-4a19-a51b-fcf4a8734851}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mises à jour NVIDIA 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.5.11.45 - NVIDIA Corporation) Hidden
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{21764A96-6748-4B83-89E7-7A5063BF156C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Pilote graphique 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Package de pilotes Windows - Fedict SmartCard  (08/08/2015 4.1.5) (HKLM\...\9F46F7AB1E3B1B5F5482EA8D97F401B04FBF7958) (Version: 08/08/2015 4.1.5 - Fedict)
Panneau de configuration NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
PC Speed Maximizer v4.1 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 4.1 - Avanquest Software)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-34fb3df7-7fa1-468d-b159-6c215f62b392) (Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros 61x4 Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.041 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Rory's Restaurant (HKLM-x32\...\WTA-50fce378-1db4-4ede-903b-d8bba2a72c0d) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-a45a3a05-8eaf-448a-b0c5-1c16a11f485c) (Version: 3.0.2.126 - WildTangent) Hidden
Serif MoviePlus X5 (HKLM-x32\...\{93C40A12-0098-46B1-972E-E8083686A7A0}) (Version: 7.0.1.015 - Serif (Europe) Ltd)
Serif WebPlus X8 (HKLM\...\{471E0EA1-37E7-4C4C-B0E1-518883231403}) (Version: 16.0.4.032 - Serif (Europe) Ltd)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0401-1000-0000000FF1CE}_Office15.PROPLUS_{C5DEA626-E7D2-4200-9B49-43E37BF21A7C}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUS_{DABB9E2A-F054-4F97-9EB2-6992316C6EC7}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0413-1000-0000000FF1CE}_Office15.PROPLUS_{2F03603E-9953-44F3-9608-2B61DE92F2F2}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{4BF13B26-3A95-4E42-900A-DEB16FDA75A0}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-040C-1000-0000000FF1CE}_Office15.PROPLUS_{5B93071A-F8EF-4894-88C1-8B785A46D4C6}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-040C-1000-0000000FF1CE}_Office15.PROPLUS_{96DAF4C0-7FCF-4B53-91FA-B12C7162D90E}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1931508C-C004-4983-81E3-70BE6252904B}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-040C-1000-0000000FF1CE}_Office15.PROPLUS_{DC0FD398-D15A-4351-B0D9-9F40612C5057}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-040C-1000-0000000FF1CE}_Office15.PROPLUS_{0003B8F5-660C-4E15-A05D-7A53D2314419}) (Version:  - Microsoft) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.11.45 - NVIDIA Corporation) Hidden
TomTom HOME (HKLM-x32\...\{B581E191-A2C1-4CE3-907E-9FE3C728750C}) (Version: 2.9.91 - Nom de votre société)
TomTom MyDrive Connect 4.1.1.2797 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.1.2797 - TomTom)
Update for Skype for Business 2015 (KB4011678) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E63F16F-BC60-413E-8ABA-DAD375D2C356}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011678) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E63F16F-BC60-413E-8ABA-DAD375D2C356}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011678) 64-Bit Edition (HKLM\...\{90150000-012B-040C-1000-0000000FF1CE}_Office15.PROPLUS_{8E63F16F-BC60-413E-8ABA-DAD375D2C356}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{BF492E7F-BD3F-4F33-932A-1DD0891968B0}) (Version: 2.13.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM\...\{E1D7CB46-BAE9-4D58-99C4-582332B1755A}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.16 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Wondershare Video Converter Ultimate(Build 8.5.7.1) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.5.7.1 - Wondershare Software)
WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.)
Youtube Downloader HD v. 2.9.9.27 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 16307.27 MB
Available physical RAM: 12071.85 MB
Total Virtual: 18739.27 MB
Available Virtual: 14557.96 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:118.64 GB) (Free:3.23 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:1863.02 GB) (Free:444.4 GB) NTFS

========================= Users: ========================================

comptes d'utilisateurs de \\LAPTOP-6IDS9GG4

Administrateur           DefaultAccount           Invit‚                   
louco                    
La commande s'est termin‚e correctement.


**** End of log ****

 

 

TDSKILLER

20:33:27.0221 0x3128  TDSS rootkit removing tool 3.1.0.16 Jan 24 2018 17:27:43
20:33:27.0221 0x3128  UEFI system
20:33:34.0316 0x3128  ============================================================
20:33:34.0316 0x3128  Current date / time: 2018/03/14 20:33:34.0316
20:33:34.0316 0x3128  SystemInfo:
20:33:34.0316 0x3128  
20:33:34.0316 0x3128  OS Version: 10.0.14393 ServicePack: 0.0
20:33:34.0316 0x3128  Product type: Workstation
20:33:34.0316 0x3128  ComputerName: LAPTOP-6IDS9GG4
20:33:34.0316 0x3128  UserName: louco
20:33:34.0316 0x3128  Windows directory: C:\WINDOWS
20:33:34.0316 0x3128  System windows directory: C:\WINDOWS
20:33:34.0316 0x3128  Running under WOW64
20:33:34.0316 0x3128  Processor architecture: Intel x64
20:33:34.0316 0x3128  Number of processors: 8
20:33:34.0317 0x3128  Page size: 0x1000
20:33:34.0317 0x3128  Boot type: Normal boot
20:33:34.0317 0x3128  CodeIntegrityOptions = 0x00000001
20:33:34.0317 0x3128  ============================================================
20:33:34.0368 0x3128  KLMD registered as C:\WINDOWS\system32\drivers\66874534.sys
20:33:34.0368 0x3128  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.2068, osProperties = 0x19
20:33:34.0500 0x3128  System UUID: {12F5EA43-7518-9F2F-D654-EE01A117118D}
20:33:34.0785 0x3128  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:33:34.0785 0x3128  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:33:34.0785 0x3128  ============================================================
20:33:34.0785 0x3128  \Device\Harddisk0\DR0:
20:33:34.0785 0x3128  GPT partitions:
20:33:34.0785 0x3128  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {AA87CE35-6D63-44B0-AEB4-C19B9C270BE5}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
20:33:34.0785 0x3128  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EFEE74BF-5AEE-434B-9C3B-956AA6D91FC2}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x8000
20:33:34.0785 0x3128  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {74C3CDEA-65B0-46E0-9E0C-6FEAAB88A14B}, Name: Basic data partition, StartLBA 0x3A800, BlocksNum 0xED47800
20:33:34.0785 0x3128  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C2E51DEF-BFAE-49D6-A2D1-E42773FA3FB1}, Name: Basic data partition, StartLBA 0xED82000, BlocksNum 0xFA000
20:33:34.0785 0x3128  MBR partitions:
20:33:34.0785 0x3128  \Device\Harddisk1\DR1:
20:33:34.0785 0x3128  GPT partitions:
20:33:34.0785 0x3128  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {037EBB31-519F-4345-9E72-83AE4FEAD55B}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE8E08000
20:33:34.0785 0x3128  MBR partitions:
20:33:34.0785 0x3128  ============================================================
20:33:34.0785 0x3128  C: <-> \Device\Harddisk0\DR0\Partition3
20:33:35.0610 0x3128  D: <-> \Device\Harddisk1\DR1\Partition1
20:33:35.0610 0x3128  ============================================================
20:33:35.0610 0x3128  Initialize success
20:33:35.0610 0x3128  ============================================================
20:33:41.0826 0x30c8  ============================================================
20:33:41.0826 0x30c8  Scan started
20:33:41.0826 0x30c8  Mode: Manual;
20:33:41.0826 0x30c8  ============================================================
20:33:41.0826 0x30c8  KSN ping started
20:33:42.0010 0x30c8  KSN ping finished: true
20:33:43.0078 0x30c8  ================ Scan system memory ========================
20:33:43.0078 0x30c8  System memory - ok
20:33:43.0078 0x30c8  ================ Scan services =============================
20:33:43.0094 0x30c8  0157321519849223mcinstcleanup - ok
20:33:43.0128 0x30c8  1394ohci - ok
20:33:43.0130 0x30c8  3ware - ok
20:33:43.0132 0x30c8  ACPI - ok
20:33:43.0132 0x30c8  AcpiDev - ok
20:33:43.0132 0x30c8  acpiex - ok
20:33:43.0132 0x30c8  acpipagr - ok
20:33:43.0132 0x30c8  AcpiPmi - ok
20:33:43.0132 0x30c8  acpitime - ok
20:33:43.0163 0x30c8  [ E635AA51257BCEB8D8D4D7DA6AF59B75, 146B98CC7B02765D50F1E2DB76A578F7ED9F195FC0FA07E677C46A98BDE18A42 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:33:43.0163 0x30c8  AdobeFlashPlayerUpdateSvc - ok
20:33:43.0179 0x30c8  ADP80XX - ok
20:33:43.0179 0x30c8  AFD - ok
20:33:43.0179 0x30c8  ahcache - ok
20:33:43.0179 0x30c8  AJRouter - ok
20:33:43.0195 0x30c8  ALG - ok
20:33:43.0195 0x30c8  [ 7B75A43186E595AC12D3D36AA64A2E9A, 1A21BE1840553AD0075D77F3F970846D0086602DD9F2CD18A789A192585CFD78 ] Amazon Assistant Service C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
20:33:43.0195 0x30c8  Amazon Assistant Service - ok
20:33:43.0195 0x30c8  AmdK8 - ok
20:33:43.0195 0x30c8  AmdPPM - ok
20:33:43.0210 0x30c8  amdsata - ok
20:33:43.0210 0x30c8  amdsbs - ok
20:33:43.0210 0x30c8  amdxata - ok
20:33:43.0210 0x30c8  AppID - ok
20:33:43.0210 0x30c8  AppIDSvc - ok
20:33:43.0210 0x30c8  Appinfo - ok
20:33:43.0210 0x30c8  applockerfltr - ok
20:33:43.0229 0x30c8  AppReadiness - ok
20:33:43.0232 0x30c8  AppXSvc - ok
20:33:43.0232 0x30c8  arcsas - ok
20:33:43.0232 0x30c8  AsyncMac - ok
20:33:43.0232 0x30c8  atapi - ok
20:33:43.0248 0x30c8  [ C345E697B68BE9A45BB6CBD03F1E66F2, F50E0CC874A67A9EED3C792599ADA92C888348E7256663F7C784FBBF51D19EAC ] AtherosSvc      C:\WINDOWS\system32\AdminService.exe
20:33:43.0248 0x30c8  AtherosSvc - ok
20:33:43.0248 0x30c8  AudioEndpointBuilder - ok
20:33:43.0248 0x30c8  Audiosrv - ok
20:33:43.0264 0x30c8  AxInstSV - ok
20:33:43.0264 0x30c8  b06bdrv - ok
20:33:43.0264 0x30c8  BasicDisplay - ok
20:33:43.0264 0x30c8  BasicRender - ok
20:33:43.0264 0x30c8  bcmfn - ok
20:33:43.0279 0x30c8  bcmfn2 - ok
20:33:43.0279 0x30c8  BDESVC - ok
20:33:43.0279 0x30c8  Beep - ok
20:33:43.0279 0x30c8  BFE - ok
20:33:43.0279 0x30c8  BITS - ok
20:33:43.0295 0x30c8  [ 5AB58C337AC65837FE404462AD6265AB, F7E145F5D8DB1017D5B7B9D5380100F170FE5CC2050B5F7346A521B7B72D2166 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:33:43.0295 0x30c8  Bonjour Service - ok
20:33:43.0295 0x30c8  bowser - ok
20:33:43.0295 0x30c8  BrokerInfrastructure - ok
20:33:43.0295 0x30c8  Browser - ok
20:33:43.0310 0x30c8  [ 7170961E98A4F47175972D7F096AA7C5, 8D060277A7C1371DBA1CAFBFB23632664FFFFD3FA2B512F811A25C1871E5CE7D ] BtFilter        C:\WINDOWS\system32\DRIVERS\btfilter.sys
20:33:43.0332 0x30c8  BtFilter - ok
20:33:43.0332 0x30c8  BthA2DP - ok
20:33:43.0332 0x30c8  BthAvrcpTg - ok
20:33:43.0332 0x30c8  BthEnum - ok
20:33:43.0332 0x30c8  BthHFAud - ok
20:33:43.0332 0x30c8  BthHFEnum - ok
20:33:43.0332 0x30c8  bthhfhid - ok
20:33:43.0348 0x30c8  BthHFSrv - ok
20:33:43.0348 0x30c8  BthLEEnum - ok
20:33:43.0348 0x30c8  BTHMODEM - ok
20:33:43.0348 0x30c8  BthPan - ok
20:33:43.0348 0x30c8  BTHPORT - ok
20:33:43.0348 0x30c8  bthserv - ok
20:33:43.0363 0x30c8  BTHUSB - ok
20:33:43.0363 0x30c8  buttonconverter - ok
20:33:43.0363 0x30c8  CapImg - ok
20:33:43.0395 0x30c8  [ 8BF2DAB8C726ED91BBE3F3FFA774CB2C, 317379A43D85DE46A8CAB10716EDD22228D624B79A39377A4411D93880517F9B ] CCDMonitorService C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
20:33:43.0432 0x30c8  CCDMonitorService - ok
20:33:43.0432 0x30c8  cdfs - ok
20:33:43.0432 0x30c8  CDPSvc - ok
20:33:43.0448 0x30c8  CDPUserSvc - ok
20:33:43.0448 0x30c8  cdrom - ok
20:33:43.0448 0x30c8  CertPropSvc - ok
20:33:43.0448 0x30c8  [ 8030844CFB108E9E26385FC0CC3A8340, 74DE72D76510D3C5290B03FB90AED134A42A35176A1F080405FCBDAB0CD493B7 ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
20:33:43.0463 0x30c8  cfwids - ok
20:33:43.0463 0x30c8  cht4iscsi - ok
20:33:43.0463 0x30c8  cht4vbd - ok
20:33:43.0463 0x30c8  circlass - ok
20:33:43.0463 0x30c8  CLFS - ok
20:33:43.0463 0x30c8  ClipSVC - ok
20:33:43.0463 0x30c8  clreg - ok
20:33:43.0479 0x30c8  CmBatt - ok
20:33:43.0479 0x30c8  CNG - ok
20:33:43.0479 0x30c8  cnghwassist - ok
20:33:43.0495 0x30c8  CompositeBus - ok
20:33:43.0495 0x30c8  COMSysApp - ok
20:33:43.0495 0x30c8  condrv - ok
20:33:43.0510 0x30c8  CoreMessagingRegistrar - ok
20:33:43.0532 0x30c8  [ 15419926E1BB686C6953394D3B73AEDE, 8DE4BF51B29AA040D008F9E1F313064E6D14CC2BDC6C8D9ABA4E6B9FAB293EE3 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:33:43.0595 0x30c8  cphs - ok
20:33:43.0595 0x30c8  CryptSvc - ok
20:33:43.0595 0x30c8  dam - ok
20:33:43.0595 0x30c8  [ 4313AF5F5CFF2AD1B77DAAF681000CE6, 712EF398E1383A0846314B04D02C208FA1F542806F509926EBB70E9936D87A3E ] Dashlane Upgrade Service C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe
20:33:43.0595 0x30c8  Dashlane Upgrade Service - ok
20:33:43.0610 0x30c8  DcomLaunch - ok
20:33:43.0610 0x30c8  DcpSvc - ok
20:33:43.0610 0x30c8  defragsvc - ok
20:33:43.0610 0x30c8  DeviceAssociationService - ok
20:33:43.0610 0x30c8  DeviceInstall - ok
20:33:43.0626 0x30c8  DevQueryBroker - ok
20:33:43.0629 0x30c8  Dfsc - ok
20:33:43.0632 0x30c8  Dhcp - ok
20:33:43.0632 0x30c8  diagnosticshub.standardcollector.service - ok
20:33:43.0632 0x30c8  DiagTrack - ok
20:33:43.0632 0x30c8  disk - ok
20:33:43.0632 0x30c8  DmEnrollmentSvc - ok
20:33:43.0632 0x30c8  dmvsc - ok
20:33:43.0647 0x30c8  dmwappushservice - ok
20:33:43.0647 0x30c8  Dnscache - ok
20:33:43.0647 0x30c8  dot3svc - ok
20:33:43.0647 0x30c8  DPS - ok
20:33:43.0647 0x30c8  drmkaud - ok
20:33:43.0647 0x30c8  DsmSvc - ok
20:33:43.0663 0x30c8  DsSvc - ok
20:33:43.0663 0x30c8  DXGKrnl - ok
20:33:43.0663 0x30c8  EapHost - ok
20:33:43.0663 0x30c8  ebdrv - ok
20:33:43.0663 0x30c8  EFS - ok
20:33:43.0663 0x30c8  EhStorClass - ok
20:33:43.0679 0x30c8  EhStorTcgDrv - ok
20:33:43.0679 0x30c8  embeddedmode - ok
20:33:43.0679 0x30c8  EntAppSvc - ok
20:33:43.0679 0x30c8  ePowerSvc - ok
20:33:43.0679 0x30c8  ErrDev - ok
20:33:43.0694 0x30c8  EventSystem - ok
20:33:43.0694 0x30c8  exfat - ok
20:33:43.0694 0x30c8  fastfat - ok
20:33:43.0694 0x30c8  Fax - ok
20:33:43.0694 0x30c8  fdc - ok
20:33:43.0710 0x30c8  fdPHost - ok
20:33:43.0710 0x30c8  FDResPub - ok
20:33:43.0710 0x30c8  fhsvc - ok
20:33:43.0710 0x30c8  FileCrypt - ok
20:33:43.0710 0x30c8  FileInfo - ok
20:33:43.0726 0x30c8  Filetrace - ok
20:33:43.0729 0x30c8  flpydisk - ok
20:33:43.0732 0x30c8  FltMgr - ok
20:33:43.0733 0x30c8  FontCache - ok
20:33:43.0733 0x30c8  FontCache3.0.0.0 - ok
20:33:43.0733 0x30c8  FrameServer - ok
20:33:43.0733 0x30c8  FsDepends - ok
20:33:43.0733 0x30c8  Fs_Rec - ok
20:33:43.0748 0x30c8  fvevol - ok
20:33:43.0748 0x30c8  GamesAppIntegrationService - ok
20:33:43.0748 0x30c8  GamesAppService - ok
20:33:43.0748 0x30c8  gencounter - ok
20:33:43.0748 0x30c8  genericusbfn - ok
20:33:43.0748 0x30c8  GfExperienceService - ok
20:33:43.0764 0x30c8  GPIOClx0101 - ok
20:33:43.0764 0x30c8  gpsvc - ok
20:33:43.0764 0x30c8  GpuEnergyDrv - ok
20:33:43.0764 0x30c8  HDAudBus - ok
20:33:43.0764 0x30c8  HidBatt - ok
20:33:43.0764 0x30c8  HidBth - ok
20:33:43.0779 0x30c8  hidi2c - ok
20:33:43.0779 0x30c8  hidinterrupt - ok
20:33:43.0779 0x30c8  HidIr - ok
20:33:43.0779 0x30c8  hidserv - ok
20:33:43.0779 0x30c8  HidUsb - ok
20:33:43.0795 0x30c8  [ 7829E439EBDDDB0FEFD6DEBCEE6B09AD, FF6BB82CE0C21513E407FF465C768805CF202A7B4040140A944A0413875BEC37 ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
20:33:43.0795 0x30c8  HipShieldK - ok
20:33:43.0795 0x30c8  HomeGroupListener - ok
20:33:43.0811 0x30c8  HomeGroupProvider - ok
20:33:43.0826 0x30c8  [ 5D6AFA07EEFB03E6838F2AA373D54A70, 7E51BB988C59868170DC061B743DF4A115DC859237B1FB28A8F2DE669E349543 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
20:33:43.0833 0x30c8  HomeNetSvc - ok
20:33:43.0833 0x30c8  HpSAMD - ok
20:33:43.0833 0x30c8  HTTP - ok
20:33:43.0833 0x30c8  HvHost - ok
20:33:43.0833 0x30c8  hvservice - ok
20:33:43.0848 0x30c8  hwpolicy - ok
20:33:43.0848 0x30c8  hyperkbd - ok
20:33:43.0848 0x30c8  i8042prt - ok
20:33:43.0848 0x30c8  iagpio - ok
20:33:43.0848 0x30c8  iai2c - ok
20:33:43.0864 0x30c8  iaLPSS2i_GPIO2 - ok
20:33:43.0864 0x30c8  iaLPSS2i_I2C - ok
20:33:43.0864 0x30c8  iaLPSSi_GPIO - ok
20:33:43.0864 0x30c8  iaLPSSi_I2C - ok
20:33:43.0864 0x30c8  iaStorAV - ok
20:33:43.0864 0x30c8  iaStorV - ok
20:33:43.0880 0x30c8  ibbus - ok
20:33:43.0880 0x30c8  icssvc - ok
20:33:43.0996 0x30c8  [ E82A13D1EE63A24C8ACE78BF19683884, 4D98E915BF86B4BD526355B51142FE318CA1BCFDB74C74CB6F2FC339DC847669 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:33:44.0096 0x30c8  igfx - ok
20:33:44.0112 0x30c8  [ 4F09222B004191568EE1928021C5C6D4, E86098F8B75CD2B1A5F5467EA4387CE3DFF49B1240DF9F1D9B0A06A91A295772 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
20:33:44.0180 0x30c8  igfxCUIService2.0.0.0 - ok
20:33:44.0180 0x30c8  IKEEXT - ok
20:33:44.0180 0x30c8  IndirectKmd - ok
20:33:44.0250 0x30c8  [ D172E06EFE08DF148155A59DB716C1B6, F059B0B37C5E944D70626E9F029BC6311029E0A9D778C9C75DDDDC59A5AF1605 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:33:44.0334 0x30c8  IntcAzAudAddService - ok
20:33:44.0334 0x30c8  [ E300D1E37B737ED14F7A08CD5604E5D9, 5C1135081E29D7F4A97D5CAA2C8FBE1DD04EC7A3D8E648E69F2AA9EBDD88EBBB ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
20:33:44.0349 0x30c8  IntcDAud - ok
20:33:44.0349 0x30c8  Intel® Capability Licensing Service TCP IP Interface - ok
20:33:44.0349 0x30c8  Intel® Security Assist - ok
20:33:44.0349 0x30c8  intelide - ok
20:33:44.0365 0x30c8  intelpep - ok
20:33:44.0365 0x30c8  intelppm - ok
20:33:44.0365 0x30c8  iorate - ok
20:33:44.0365 0x30c8  IpFilterDriver - ok
20:33:44.0365 0x30c8  iphlpsvc - ok
20:33:44.0365 0x30c8  IPMIDRV - ok
20:33:44.0381 0x30c8  IPNAT - ok
20:33:44.0381 0x30c8  irda - ok
20:33:44.0381 0x30c8  IRENUM - ok
20:33:44.0381 0x30c8  irmon - ok
20:33:44.0381 0x30c8  isaHelperSvc - ok
20:33:44.0381 0x30c8  isapnp - ok
20:33:44.0396 0x30c8  iScsiPrt - ok
20:33:44.0396 0x30c8  jhi_service - ok
20:33:44.0396 0x30c8  k57nd60a - ok
20:33:44.0396 0x30c8  kbdclass - ok
20:33:44.0396 0x30c8  kbdhid - ok
20:33:44.0412 0x30c8  kdnic - ok
20:33:44.0412 0x30c8  KeyIso - ok
20:33:44.0412 0x30c8  Kingsoft_WPS_UpdateService - ok
20:33:44.0412 0x30c8  KSecDD - ok
20:33:44.0412 0x30c8  KSecPkg - ok
20:33:44.0412 0x30c8  ksthunk - ok
20:33:44.0412 0x30c8  KtmRm - ok
20:33:44.0430 0x30c8  LanmanServer - ok
20:33:44.0432 0x30c8  LanmanWorkstation - ok
20:33:44.0434 0x30c8  lfsvc - ok
20:33:44.0434 0x30c8  LicenseManager - ok
20:33:44.0434 0x30c8  lltdio - ok
20:33:44.0434 0x30c8  lltdsvc - ok
20:33:44.0434 0x30c8  [ 595FBB84D5E62AE8629ED0F6179818A7, 6BF747A759425BDC1080888B6D9C4611B55020A64B67AC1486DB8C4E70B16A9D ] LMDriver        C:\WINDOWS\System32\drivers\LMDriver.sys
20:33:44.0434 0x30c8  LMDriver - ok
20:33:44.0450 0x30c8  lmhosts - ok
20:33:44.0450 0x30c8  LMS - ok
20:33:44.0450 0x30c8  LSI_SAS - ok
20:33:44.0450 0x30c8  LSI_SAS2i - ok
20:33:44.0450 0x30c8  LSI_SAS3i - ok
20:33:44.0465 0x30c8  LSI_SSS - ok
20:33:44.0465 0x30c8  LSM - ok
20:33:44.0465 0x30c8  luafv - ok
20:33:44.0465 0x30c8  MapsBroker - ok
20:33:44.0481 0x30c8  [ 484B8B0EE02587A6E52570C09A2057DF, D9D7370EF17E4D65792D6649D4A688D69F6C94C64C9406B8D26846AD20D9542B ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
20:33:44.0497 0x30c8  McAfee SiteAdvisor Service - ok
20:33:44.0512 0x30c8  [ AF6B3D73557FC5AC91BE334D6EF5C541, 2A7D4CC40A86CD48D785D16B01EF87777E5C99FAF083047378412A73B26EDC92 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
20:33:44.0530 0x30c8  McAPExe - ok
20:33:44.0533 0x30c8  McAWFwk - ok
20:33:44.0534 0x30c8  [ 5D6AFA07EEFB03E6838F2AA373D54A70, 7E51BB988C59868170DC061B743DF4A115DC859237B1FB28A8F2DE669E349543 ] mcbootdelaystartsvc C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
20:33:44.0550 0x30c8  mcbootdelaystartsvc - ok
20:33:44.0581 0x30c8  [ 0D419BED403A4D7CEE4C27E2F52ED5DF, 8DF218BD1FC0F8FAA38BCC49EE1137B08A96A66510CFB32D966930E6AC2663AB ] mccspsvc        C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe
20:33:44.0597 0x30c8  mccspsvc - ok
20:33:44.0612 0x30c8  [ 5D6AFA07EEFB03E6838F2AA373D54A70, 7E51BB988C59868170DC061B743DF4A115DC859237B1FB28A8F2DE669E349543 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
20:33:44.0612 0x30c8  McMPFSvc - ok
20:33:44.0634 0x30c8  [ 5D6AFA07EEFB03E6838F2AA373D54A70, 7E51BB988C59868170DC061B743DF4A115DC859237B1FB28A8F2DE669E349543 ] McNaiAnn        C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
20:33:44.0634 0x30c8  McNaiAnn - ok
20:33:44.0650 0x30c8  [ B965A97568ABE07B43CFB84E089461E3, 7671F0907BBCBD538CB6F1D3D155425A50D11C5CBA909823400A0CAE243ECD5E ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
20:33:44.0666 0x30c8  McODS - ok
20:33:44.0681 0x30c8  [ 5D6AFA07EEFB03E6838F2AA373D54A70, 7E51BB988C59868170DC061B743DF4A115DC859237B1FB28A8F2DE669E349543 ] McOobeSv2       C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
20:33:44.0681 0x30c8  McOobeSv2 - ok
20:33:44.0697 0x30c8  [ 5D6AFA07EEFB03E6838F2AA373D54A70, 7E51BB988C59868170DC061B743DF4A115DC859237B1FB28A8F2DE669E349543 ] mcpltsvc        C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
20:33:44.0697 0x30c8  mcpltsvc - ok
20:33:44.0712 0x30c8  [ 5D6AFA07EEFB03E6838F2AA373D54A70, 7E51BB988C59868170DC061B743DF4A115DC859237B1FB28A8F2DE669E349543 ] McProxy         C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
20:33:44.0731 0x30c8  McProxy - ok
20:33:44.0734 0x30c8  megasas - ok
20:33:44.0734 0x30c8  megasas2i - ok
20:33:44.0734 0x30c8  megasr - ok
20:33:44.0734 0x30c8  [ 0CAEA11CEC2EEC7511385A467FD464D1, C84DD82374D551C90CCB274AB7F8CE4A503042CC8D1337A1F6498B2538E1793A ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
20:33:44.0750 0x30c8  MEIx64 - ok
20:33:44.0750 0x30c8  MessagingService - ok
20:33:44.0750 0x30c8  [ B235528D48B67CCA29454C28071048DF, CBAD7449C4F471CB5F9AF5C35C70233A0937A722174D5252D6104C39F83D4F93 ] mfeaack         C:\WINDOWS\system32\drivers\mfeaack.sys
20:33:44.0766 0x30c8  mfeaack - ok
20:33:44.0766 0x30c8  [ 8F736C2F4E5C42BB57F5F7A5506FF5F3, 8CC813AD04FFAFBF729EC88147C29BC6EA5F10C0E813DB6F249AB1879E9F30EB ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
20:33:44.0781 0x30c8  mfeavfk - ok
20:33:44.0781 0x30c8  [ 91F6C485F22E653C6C43ED4194B68B6F, 98A0ECD9D0E6D1E1ECB0E34C15695B00C33059FC858541DB445A9264AF1F1F6C ] mfeelamk        C:\WINDOWS\system32\drivers\mfeelamk.sys
20:33:44.0781 0x30c8  mfeelamk - ok
20:33:44.0797 0x30c8  [ FF8A2CC149A42A2CE6A600DE6EF9CB1E, BD4EE5AAE0637D0AFBD35FF35BB46C2E519652E50CC787EA7812C3D0436FFEB2 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:33:44.0797 0x30c8  mfefire - ok
20:33:44.0813 0x30c8  [ 324167EB03FA753C04F8DB69A2413DD9, AC40C5654B2AED44E9EDE135715F9D831279DDC5435AFBED2789D971E1C402FC ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
20:33:44.0813 0x30c8  mfefirek - ok
20:33:44.0835 0x30c8  [ 7A1C9D04DD7A0EFEB6ED26FBA10F86ED, C1335A8E60EFB110214297E9977AF436D44B705561FEED30954D57EBDF3D2A9C ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
20:33:44.0850 0x30c8  mfehidk - ok
20:33:44.0850 0x30c8  [ ADDC6C846D95A2D2E60C5213B6FD6A2E, 8FFFD7E5F24D74D105F3D1C5120B66D4AFDDAE07EA59DD70B616F035AB77F252 ] mfemms          C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
20:33:44.0850 0x30c8  mfemms - ok
20:33:44.0866 0x30c8  [ 0B03533634318BA4905C7F8964B9AEA6, 0338722CA84FDBB44A218C331911B2476A0D5F1E19EFCA3A887FE843379A3026 ] mfencbdc        C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
20:33:44.0882 0x30c8  mfencbdc - ok
20:33:44.0882 0x30c8  [ 8175800CA2B36BDA004E78ECE568011A, 6D137D83706D049BD9EB7BF26B87948A9F5C36ED7E6E07AB65C2C0AC83AEB916 ] mfencrk         C:\WINDOWS\system32\DRIVERS\mfencrk.sys
20:33:44.0882 0x30c8  mfencrk - ok
20:33:44.0897 0x30c8  [ B3096F77D6D876B712D27F574DABEA27, B2A974C0944628E8C8539BE43995949D5A2912E74FC4180F9A1D50967E170D7B ] mfesapsn        C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
20:33:44.0897 0x30c8  mfesapsn - ok
20:33:44.0897 0x30c8  [ 8A6784EE831673A404B5A9ADB927D3BB, B60F62087FEE4F44BD933F4A634B65FEEEF3D946A124BCE295A04248B758306F ] mfevtp          C:\Windows\system32\mfevtps.exe
20:33:44.0934 0x30c8  mfevtp - ok
20:33:44.0934 0x30c8  [ 957611C32C6A0D8225E41D0BD07BF35B, F4D8C1727382F4B0744D92D77D02CE381E03DA4ECFCF601D5E70F3C40B6513E9 ] mfewfpk         C:\WINDOWS\system32\drivers\mfewfpk.sys
20:33:44.0950 0x30c8  mfewfpk - ok
20:33:44.0950 0x30c8  mlx4_bus - ok
20:33:44.0950 0x30c8  MMCSS - ok
20:33:44.0950 0x30c8  Modem - ok
20:33:44.0981 0x30c8  [ 2A46C025C19A29E5CD954BA4EF888F65, 5E51C5668AF825BF51FB58CCBA97D9EB5FC96E4CD2477F24DBDF7C576047C500 ] ModuleCoreService C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
20:33:44.0997 0x30c8  ModuleCoreService - ok
20:33:44.0997 0x30c8  monitor - ok
20:33:44.0997 0x30c8  mouclass - ok
20:33:44.0997 0x30c8  mouhid - ok
20:33:45.0012 0x30c8  mountmgr - ok
20:33:45.0012 0x30c8  [ 5FD8FEB002DCA919BA18F51C267BFFEB, E6F6F1A1C5C0299B9386AC8A97D4360936CBFC664B99452EE78AACA163673123 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:33:45.0012 0x30c8  MozillaMaintenance - ok
20:33:45.0012 0x30c8  mpsdrv - ok
20:33:45.0029 0x30c8  MpsSvc - ok
20:33:45.0031 0x30c8  MRxDAV - ok
20:33:45.0034 0x30c8  mrxsmb - ok
20:33:45.0034 0x30c8  mrxsmb10 - ok
20:33:45.0034 0x30c8  mrxsmb20 - ok
20:33:45.0034 0x30c8  MsBridge - ok
20:33:45.0034 0x30c8  MSDTC - ok
20:33:45.0034 0x30c8  Msfs - ok
20:33:45.0050 0x30c8  msgpiowin32 - ok
20:33:45.0050 0x30c8  mshidkmdf - ok
20:33:45.0050 0x30c8  mshidumdf - ok
20:33:45.0050 0x30c8  msisadrv - ok
20:33:45.0050 0x30c8  MSiSCSI - ok
20:33:45.0066 0x30c8  msiserver - ok
20:33:45.0066 0x30c8  [ 5D6AFA07EEFB03E6838F2AA373D54A70, 7E51BB988C59868170DC061B743DF4A115DC859237B1FB28A8F2DE669E349543 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
20:33:45.0082 0x30c8  MSK80Service - ok
20:33:45.0082 0x30c8  MSKSSRV - ok
20:33:45.0082 0x30c8  MsLldp - ok
20:33:45.0082 0x30c8  MSPCLOCK - ok
20:33:45.0082 0x30c8  MSPQM - ok
20:33:45.0097 0x30c8  MsRPC - ok
20:33:45.0097 0x30c8  mssmbios - ok
20:33:45.0097 0x30c8  MSTEE - ok
20:33:45.0097 0x30c8  MTConfig - ok
20:33:45.0097 0x30c8  Mup - ok
20:33:45.0113 0x30c8  mvumis - ok
20:33:45.0113 0x30c8  NativeWifiP - ok
20:33:45.0113 0x30c8  NcaSvc - ok
20:33:45.0113 0x30c8  NcbService - ok
20:33:45.0113 0x30c8  NcdAutoSetup - ok
20:33:45.0135 0x30c8  ndfltr - ok
20:33:45.0135 0x30c8  NDIS - ok
20:33:45.0135 0x30c8  NdisCap - ok
20:33:45.0135 0x30c8  NdisImPlatform - ok
20:33:45.0135 0x30c8  NdisTapi - ok
20:33:45.0135 0x30c8  Ndisuio - ok
20:33:45.0151 0x30c8  NdisVirtualBus - ok
20:33:45.0151 0x30c8  NdisWan - ok
20:33:45.0151 0x30c8  ndiswanlegacy - ok
20:33:45.0151 0x30c8  ndproxy - ok
20:33:45.0151 0x30c8  Ndu - ok
20:33:45.0151 0x30c8  NetAdapterCx - ok
20:33:45.0166 0x30c8  NetBIOS - ok
20:33:45.0166 0x30c8  NetBT - ok
20:33:45.0166 0x30c8  Netlogon - ok
20:33:45.0166 0x30c8  Netman - ok
20:33:45.0166 0x30c8  netprofm - ok
20:33:45.0182 0x30c8  NetSetupSvc - ok
20:33:45.0182 0x30c8  NetTcpPortSharing - ok
20:33:45.0182 0x30c8  NgcCtnrSvc - ok
20:33:45.0198 0x30c8  NgcSvc - ok
20:33:45.0198 0x30c8  NlaSvc - ok
20:33:45.0198 0x30c8  Npfs - ok
20:33:45.0198 0x30c8  npsvctrig - ok
20:33:45.0198 0x30c8  nsi - ok
20:33:45.0213 0x30c8  nsiproxy - ok
20:33:45.0213 0x30c8  NTFS - ok
20:33:45.0213 0x30c8  Null - ok
20:33:45.0449 0x30c8  [ 4D56E475D32437ECF663CE944D7E0D3F, 22F4E20D066A750ECC1C2566A0D93FE059CA16CF8A0D26002A1B721E26D443D7 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvlddmkm.sys
20:33:45.0627 0x30c8  nvlddmkm - ok
20:33:45.0662 0x30c8  NvNetworkService - ok
20:33:45.0665 0x30c8  nvraid - ok
20:33:45.0665 0x30c8  nvstor - ok
20:33:45.0665 0x30c8  NvStreamKms - ok
20:33:45.0665 0x30c8  NvStreamSvc - ok
20:33:45.0665 0x30c8  [ 4F00008B513F4019623ED61159363888, A1047FF1FCF3ED405C3426C8959AD10426F30E3F58E95BFD6ADF1DBC947AB379 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
20:33:45.0665 0x30c8  nvvad_WaveExtensible - ok
20:33:45.0680 0x30c8  OneSyncSvc - ok
20:33:45.0680 0x30c8  [ 29873E4EA380254020DD790E02F1E9E5, E59F514F5D15406D9A214B90B33B00BB3AEBCA8B378D7C0085E6FF8DED065237 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:33:45.0680 0x30c8  ose64 - ok
20:33:45.0696 0x30c8  [ F08BAF1F3333151DAB74AD105F67E7D9, 46B2B8CF332466E48D3E78A2DBD3351B469923920FA3142EA069ED69F8679787 ] osrss           C:\WINDOWS\system32\osrss.dll
20:33:45.0712 0x30c8  osrss - ok
20:33:45.0727 0x30c8  p2pimsvc - ok
20:33:45.0727 0x30c8  p2psvc - ok
20:33:45.0727 0x30c8  Parport - ok
20:33:45.0727 0x30c8  partmgr - ok
20:33:45.0727 0x30c8  PcaSvc - ok
20:33:45.0743 0x30c8  pci - ok
20:33:45.0743 0x30c8  pciide - ok
20:33:45.0743 0x30c8  pcmcia - ok
20:33:45.0743 0x30c8  pcw - ok
20:33:45.0761 0x30c8  pdc - ok
20:33:45.0764 0x30c8  PEAUTH - ok
20:33:45.0781 0x30c8  [ 2B9E298DE8A8186967A400F445039A51, 7B10E5BF5DCC1926D858C565615F1613D3AA2A3183C801818CD2004AF9D3FBC4 ] PEFService      C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
20:33:45.0781 0x30c8  PEFService - ok
20:33:45.0796 0x30c8  percsas2i - ok
20:33:45.0796 0x30c8  percsas3i - ok
20:33:45.0812 0x30c8  PerfHost - ok
20:33:45.0828 0x30c8  PhoneSvc - ok
20:33:45.0828 0x30c8  PimIndexMaintenanceSvc - ok
20:33:45.0828 0x30c8  pla - ok
20:33:45.0828 0x30c8  PlugPlay - ok
20:33:45.0828 0x30c8  PNRPAutoReg - ok
20:33:45.0843 0x30c8  PNRPsvc - ok
20:33:45.0843 0x30c8  PolicyAgent - ok
20:33:45.0843 0x30c8  Power - ok
20:33:45.0843 0x30c8  PptpMiniport - ok
20:33:45.0912 0x30c8  [ 30AA256A85C1A7B17A590B1C5244D28E, 2C1FB30DEF53C37CA0D0CA54B65CB8572C53DDFB430DE57F964253F1082ACEA0 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:33:45.0959 0x30c8  PrintNotify - ok
20:33:45.0965 0x30c8  Processor - ok
20:33:45.0965 0x30c8  ProfSvc - ok
20:33:45.0965 0x30c8  Psched - ok
20:33:45.0965 0x30c8  QALSvc - ok
20:33:45.0965 0x30c8  QASvc - ok
20:33:45.0981 0x30c8  Qcamain - ok
20:33:45.0981 0x30c8  Qcamain10x64 - ok
20:33:45.0981 0x30c8  QWAVE - ok
20:33:45.0981 0x30c8  QWAVEdrv - ok
20:33:45.0981 0x30c8  [ 29EF474475CA406FF5B14D6B434F1ECE, A09ABDCE77FF45E0FEB826E96C9F54A5BC6699BF644C8816BAF4CA5630C9D44E ] RadioShim       C:\WINDOWS\System32\drivers\RadioShim.sys
20:33:45.0997 0x30c8  RadioShim - ok
20:33:45.0997 0x30c8  RasAcd - ok
20:33:45.0997 0x30c8  RasAgileVpn - ok
20:33:45.0997 0x30c8  RasAuto - ok
20:33:45.0997 0x30c8  Rasl2tp - ok
20:33:46.0012 0x30c8  RasMan - ok
20:33:46.0012 0x30c8  RasPppoe - ok
20:33:46.0012 0x30c8  RasSstp - ok
20:33:46.0012 0x30c8  rdbss - ok
20:33:46.0028 0x30c8  rdpbus - ok
20:33:46.0028 0x30c8  RDPDR - ok
20:33:46.0028 0x30c8  RdpVideoMiniport - ok
20:33:46.0028 0x30c8  rdyboost - ok
20:33:46.0043 0x30c8  ReFSv1 - ok
20:33:46.0043 0x30c8  RemoteAccess - ok
20:33:46.0043 0x30c8  RemoteRegistry - ok
20:33:46.0043 0x30c8  RetailDemo - ok
20:33:46.0043 0x30c8  RFCOMM - ok
20:33:46.0061 0x30c8  RmSvc - ok
20:33:46.0065 0x30c8  RpcEptMapper - ok
20:33:46.0066 0x30c8  RpcLocator - ok
20:33:46.0066 0x30c8  RpcSs - ok
20:33:46.0066 0x30c8  rspndr - ok
20:33:46.0081 0x30c8  [ 02CB159500B40705BE8644F3B42C3992, B4F6238BF2D9E53DE3C43FC4A247700C94B9F0BEFA8D3F0AE043B1F3405A1D70 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
20:33:46.0081 0x30c8  RTSUER - ok
20:33:46.0081 0x30c8  s3cap - ok
20:33:46.0097 0x30c8  SamSs - ok
20:33:46.0097 0x30c8  sbp2port - ok
20:33:46.0097 0x30c8  SCardSvr - ok
20:33:46.0097 0x30c8  ScDeviceEnum - ok
20:33:46.0097 0x30c8  scfilter - ok
20:33:46.0112 0x30c8  Schedule - ok
20:33:46.0112 0x30c8  scmbus - ok
20:33:46.0112 0x30c8  scmdisk0101 - ok
20:33:46.0112 0x30c8  SCPolicySvc - ok
20:33:46.0128 0x30c8  sdbus - ok
20:33:46.0128 0x30c8  SDRSVC - ok
20:33:46.0128 0x30c8  sdstor - ok
20:33:46.0128 0x30c8  seclogon - ok
20:33:46.0144 0x30c8  [ EA160DB2589350DFF52C7ACCD7763187, 1EA4C33AE67EE0EC0748D892D402AD49832FE752F6864AF99AFCA52873D6F4A4 ] SecureLine      C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
20:33:46.0160 0x30c8  SecureLine - ok
20:33:46.0164 0x30c8  SENS - ok
20:33:46.0166 0x30c8  SensorDataService - ok
20:33:46.0166 0x30c8  SensorService - ok
20:33:46.0166 0x30c8  SensrSvc - ok
20:33:46.0166 0x30c8  SerCx - ok
20:33:46.0166 0x30c8  SerCx2 - ok
20:33:46.0181 0x30c8  Serenum - ok
20:33:46.0181 0x30c8  Serial - ok
20:33:46.0181 0x30c8  sermouse - ok
20:33:46.0197 0x30c8  SessionEnv - ok
20:33:46.0197 0x30c8  sfloppy - ok
20:33:46.0197 0x30c8  SharedAccess - ok
20:33:46.0197 0x30c8  ShellHWDetection - ok
20:33:46.0213 0x30c8  shpamsvc - ok
20:33:46.0213 0x30c8  SiSRaid2 - ok
20:33:46.0213 0x30c8  SiSRaid4 - ok
20:33:46.0213 0x30c8  smphost - ok
20:33:46.0228 0x30c8  SmsRouter - ok
20:33:46.0228 0x30c8  SNMPTRAP - ok
20:33:46.0228 0x30c8  spaceport - ok
20:33:46.0228 0x30c8  SpbCx - ok
20:33:46.0244 0x30c8  Spooler - ok
20:33:46.0244 0x30c8  sppsvc - ok
20:33:46.0244 0x30c8  srv - ok
20:33:46.0244 0x30c8  srv2 - ok
20:33:46.0244 0x30c8  srvnet - ok
20:33:46.0263 0x30c8  SSDPSRV - ok
20:33:46.0266 0x30c8  SstpSvc - ok
20:33:46.0266 0x30c8  StateRepository - ok
20:33:46.0266 0x30c8  stexstor - ok
20:33:46.0266 0x30c8  stisvc - ok
20:33:46.0266 0x30c8  storahci - ok
20:33:46.0281 0x30c8  storflt - ok
20:33:46.0281 0x30c8  stornvme - ok
20:33:46.0281 0x30c8  storqosflt - ok
20:33:46.0281 0x30c8  StorSvc - ok
20:33:46.0281 0x30c8  storufs - ok
20:33:46.0297 0x30c8  storvsc - ok
20:33:46.0297 0x30c8  svsvc - ok
20:33:46.0297 0x30c8  swenum - ok
20:33:46.0297 0x30c8  swprv - ok
20:33:46.0313 0x30c8  [ 80CB108EB46BCAE1A30B7E2F29D3032B, 3C5793F882AF05F928F71AB7B6282F0AF55A755AAFA2506F7062B85AD6869145 ] SynRMIHID       C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys
20:33:46.0313 0x30c8  SynRMIHID - ok
20:33:46.0313 0x30c8  Synth3dVsc - ok
20:33:46.0313 0x30c8  SysMain - ok
20:33:46.0313 0x30c8  SystemEventsBroker - ok
20:33:46.0328 0x30c8  TabletInputService - ok
20:33:46.0413 0x30c8  [ 7C7E4D7EAC200630DE8581C8B67D36AB, 725735EF7E1213F3E1D6227557068719CACB9077FFA1A24155934326C7C28E1E ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
20:33:46.0516 0x30c8  TabletServicePen - ok
20:33:46.0525 0x30c8  TapiSrv - ok
20:33:46.0528 0x30c8  Tcpip - ok
20:33:46.0531 0x30c8  Tcpip6 - ok
20:33:46.0536 0x30c8  tcpipreg - ok
20:33:46.0542 0x30c8  tdx - ok
20:33:46.0545 0x30c8  terminpt - ok
20:33:46.0549 0x30c8  TermService - ok
20:33:46.0552 0x30c8  Themes - ok
20:33:46.0556 0x30c8  TieringEngineService - ok
20:33:46.0556 0x30c8  tiledatamodelsvc - ok
20:33:46.0556 0x30c8  TimeBrokerSvc - ok
20:33:46.0556 0x30c8  [ A4DDEE4BB810FBAC4798D1BF4FCCF2DD, 45F3EA7C50D183C8CA226D0E92CD48C34EC529894BB619DB9FE07E3C152E31A9 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
20:33:46.0572 0x30c8  TomTomHOMEService - ok
20:33:46.0572 0x30c8  [ C4F3C11A5C4F413D16B09A33DCF7554C, 79B280E53B943B7EF06EEA07CE68ED54B463D7BBE69BA9FD5B5C446F3686B416 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
20:33:46.0587 0x30c8  TouchServicePen - ok
20:33:46.0603 0x30c8  TPM - ok
20:33:46.0603 0x30c8  TrkWks - ok
20:33:46.0603 0x30c8  TrustedInstaller - ok
20:33:46.0603 0x30c8  tsusbflt - ok
20:33:46.0619 0x30c8  TsUsbGD - ok
20:33:46.0619 0x30c8  tunnel - ok
20:33:46.0619 0x30c8  tzautoupdate - ok
20:33:46.0619 0x30c8  UASPStor - ok
20:33:46.0634 0x30c8  UcmCx0101 - ok
20:33:46.0634 0x30c8  UcmTcpciCx0101 - ok
20:33:46.0634 0x30c8  UcmUcsi - ok
20:33:46.0634 0x30c8  Ucx01000 - ok
20:33:46.0634 0x30c8  UdeCx - ok
20:33:46.0653 0x30c8  udfs - ok
20:33:46.0656 0x30c8  UEFI - ok
20:33:46.0656 0x30c8  UEIPSvc - ok
20:33:46.0656 0x30c8  Ufx01000 - ok
20:33:46.0656 0x30c8  UfxChipidea - ok
20:33:46.0656 0x30c8  ufxsynopsys - ok
20:33:46.0672 0x30c8  UI0Detect - ok
20:33:46.0672 0x30c8  umbus - ok
20:33:46.0672 0x30c8  UmPass - ok
20:33:46.0687 0x30c8  UmRdpService - ok
20:33:46.0687 0x30c8  UnistoreSvc - ok
20:33:46.0687 0x30c8  upnphost - ok
20:33:46.0687 0x30c8  UrsChipidea - ok
20:33:46.0703 0x30c8  UrsCx01000 - ok
20:33:46.0703 0x30c8  UrsSynopsys - ok
20:33:46.0703 0x30c8  usbaudio - ok
20:33:46.0703 0x30c8  usbccgp - ok
20:33:46.0718 0x30c8  usbcir - ok
20:33:46.0718 0x30c8  usbehci - ok
20:33:46.0718 0x30c8  usbhub - ok
20:33:46.0718 0x30c8  USBHUB3 - ok
20:33:46.0718 0x30c8  usbohci - ok
20:33:46.0734 0x30c8  usbprint - ok
20:33:46.0734 0x30c8  usbser - ok
20:33:46.0734 0x30c8  USBSTOR - ok
20:33:46.0734 0x30c8  usbuhci - ok
20:33:46.0750 0x30c8  usbvideo - ok
20:33:46.0754 0x30c8  USBXHCI - ok
20:33:46.0756 0x30c8  usb_rndisx - ok
20:33:46.0756 0x30c8  UserDataSvc - ok
20:33:46.0756 0x30c8  UserManager - ok
20:33:46.0756 0x30c8  UsoSvc - ok
20:33:46.0772 0x30c8  VaultSvc - ok
20:33:46.0772 0x30c8  vdrvroot - ok
20:33:46.0772 0x30c8  vds - ok
20:33:46.0772 0x30c8  VerifierExt - ok
20:33:46.0787 0x30c8  vhdmp - ok
20:33:46.0787 0x30c8  vhf - ok
20:33:46.0787 0x30c8  vmbus - ok
20:33:46.0787 0x30c8  VMBusHID - ok
20:33:46.0803 0x30c8  vmgid - ok
20:33:46.0803 0x30c8  vmicguestinterface - ok
20:33:46.0803 0x30c8  vmicheartbeat - ok
20:33:46.0803 0x30c8  vmickvpexchange - ok
20:33:46.0819 0x30c8  vmicrdv - ok
20:33:46.0819 0x30c8  vmicshutdown - ok
20:33:46.0819 0x30c8  vmictimesync - ok
20:33:46.0819 0x30c8  vmicvmsession - ok
20:33:46.0819 0x30c8  vmicvss - ok
20:33:46.0834 0x30c8  volmgr - ok
20:33:46.0834 0x30c8  volmgrx - ok
20:33:46.0834 0x30c8  volsnap - ok
20:33:46.0834 0x30c8  volume - ok
20:33:46.0852 0x30c8  vpci - ok
20:33:46.0857 0x30c8  vsmraid - ok
20:33:46.0857 0x30c8  VSS - ok
20:33:46.0857 0x30c8  VSTXRAID - ok
20:33:46.0857 0x30c8  vwifibus - ok
20:33:46.0872 0x30c8  vwififlt - ok
20:33:46.0872 0x30c8  vwifimp - ok
20:33:46.0872 0x30c8  W32Time - ok
20:33:46.0872 0x30c8  WacomPen - ok
20:33:46.0888 0x30c8  WalletService - ok
20:33:46.0888 0x30c8  wanarp - ok
20:33:46.0888 0x30c8  wanarpv6 - ok
20:33:46.0888 0x30c8  wbengine - ok
20:33:46.0903 0x30c8  WbioSrvc - ok
20:33:46.0903 0x30c8  wcifs - ok
20:33:46.0903 0x30c8  Wcmsvc - ok
20:33:46.0903 0x30c8  wcncsvc - ok
20:33:46.0919 0x30c8  wcnfs - ok
20:33:46.0919 0x30c8  [ DD2214F899E204ADE6820D387CCA7851, 7A9A20455080742060313BD19C8491C57F905D1CDB3A1853AEEE4F4AD498FD71 ] WdBoot          C:\WINDOWS\system32\drivers\wd\WdBoot.sys
20:33:46.0919 0x30c8  WdBoot - ok
20:33:46.0935 0x30c8  [ CD1C4678B0F07D23612D5839398552C8, 8C7128CC40EEB931C3BD2C97A37890525E315657A871901EC637D67C00D19C36 ] WDC_SAM         C:\WINDOWS\System32\drivers\wdcsam64.sys
20:33:46.0935 0x30c8  WDC_SAM - ok
20:33:46.0935 0x30c8  Wdf01000 - ok
20:33:46.0957 0x30c8  [ 52A152D8C2AE3824BCFD5F87BE45AA40, A31BFD18C6087E8694CA5EF9C0C36D6BB27A01E14A07255EF1D7B6BA838AF0AA ] WdFilter        C:\WINDOWS\system32\drivers\wd\WdFilter.sys
20:33:46.0972 0x30c8  WdFilter - ok
20:33:46.0988 0x30c8  WdiServiceHost - ok
20:33:46.0988 0x30c8  WdiSystemHost - ok
20:33:46.0988 0x30c8  wdiwifi - ok
20:33:47.0004 0x30c8  [ 06C4A87BD6F5FFB3B879435685508BBA, 783A81447309D24AF7BBE31CBF99F533DC8D6EB1F386539FC787929B12AA301B ] WdNisDrv        C:\WINDOWS\system32\drivers\wd\WdNisDrv.sys
20:33:47.0004 0x30c8  WdNisDrv - ok
20:33:47.0004 0x30c8  [ 708A11E95855ADF67134A2C5354D9CC3, 7441B012D69115CA8084128F709EC2052C9A24E7B7F6ED54E1FA1869B44E3E03 ] WdNisSvc        C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe
20:33:47.0019 0x30c8  WdNisSvc - ok
20:33:47.0019 0x30c8  WebClient - ok
20:33:47.0019 0x30c8  Wecsvc - ok
20:33:47.0019 0x30c8  WEPHOSTSVC - ok
20:33:47.0035 0x30c8  wercplsupport - ok
20:33:47.0035 0x30c8  WerSvc - ok
20:33:47.0035 0x30c8  WFPLWFS - ok
20:33:47.0035 0x30c8  WiaRpc - ok
20:33:47.0055 0x30c8  WIMMount - ok
20:33:47.0057 0x30c8  [ 46681DEDF89749053A1FD2694508DB76, E00C7BF4529B4EB434AA7086CBCABE6AD08ACE765E0C6EC8225282378989E2F3 ] WinDefend       C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe
20:33:47.0057 0x30c8  WinDefend - ok
20:33:47.0057 0x30c8  WindowsTrustedRT - ok
20:33:47.0057 0x30c8  WindowsTrustedRTProxy - ok
20:33:47.0072 0x30c8  WinHttpAutoProxySvc - ok
20:33:47.0072 0x30c8  WinMad - ok
20:33:47.0072 0x30c8  Winmgmt - ok
20:33:47.0072 0x30c8  WinRM - ok
20:33:47.0088 0x30c8  WINUSB - ok
20:33:47.0088 0x30c8  WinVerbs - ok
20:33:47.0088 0x30c8  wisvc - ok
20:33:47.0104 0x30c8  WlanSvc - ok
20:33:47.0104 0x30c8  wlidsvc - ok
20:33:47.0104 0x30c8  WmiAcpi - ok
20:33:47.0104 0x30c8  wmiApSrv - ok
20:33:47.0104 0x30c8  WMPNetworkSvc - ok
20:33:47.0119 0x30c8  Wof - ok
20:33:47.0119 0x30c8  workfolderssvc - ok
20:33:47.0119 0x30c8  WPDBusEnum - ok
20:33:47.0119 0x30c8  WpdUpFltr - ok
20:33:47.0135 0x30c8  WpnService - ok
20:33:47.0135 0x30c8  WpnUserService - ok
20:33:47.0135 0x30c8  ws2ifsl - ok
20:33:47.0135 0x30c8  wscsvc - ok
20:33:47.0152 0x30c8  WSearch - ok
20:33:47.0156 0x30c8  wuauserv - ok
20:33:47.0156 0x30c8  WudfPf - ok
20:33:47.0156 0x30c8  WUDFRd - ok
20:33:47.0156 0x30c8  wudfsvc - ok
20:33:47.0156 0x30c8  WUDFWpdFs - ok
20:33:47.0172 0x30c8  WUDFWpdMtp - ok
20:33:47.0172 0x30c8  WwanSvc - ok
20:33:47.0172 0x30c8  XblAuthManager - ok
20:33:47.0172 0x30c8  XblGameSave - ok
20:33:47.0172 0x30c8  xboxgip - ok
20:33:47.0188 0x30c8  XboxNetApiSvc - ok
20:33:47.0188 0x30c8  xinputhid - ok
20:33:47.0188 0x30c8  ================ Scan global ===============================
20:33:47.0204 0x30c8  [ Global ] - ok
20:33:47.0204 0x30c8  ================ Scan MBR ==================================
20:33:47.0204 0x30c8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:33:47.0204 0x30c8  \Device\Harddisk0\DR0 - ok
20:33:47.0204 0x30c8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
20:33:47.0219 0x30c8  \Device\Harddisk1\DR1 - ok
20:33:47.0219 0x30c8  ================ Scan VBR ==================================
20:33:47.0219 0x30c8  [ 779417A5FD7F4C9292772787DC6A1FA7 ] \Device\Harddisk0\DR0\Partition1
20:33:47.0219 0x30c8  \Device\Harddisk0\DR0\Partition1 - ok
20:33:47.0219 0x30c8  [ 29E7C40C43DC9D4D0AB2972A4D7C833D ] \Device\Harddisk0\DR0\Partition2
20:33:47.0219 0x30c8  \Device\Harddisk0\DR0\Partition2 - ok
20:33:47.0219 0x30c8  [ 7E1B77424510238B3060FAEDC4B08CD6 ] \Device\Harddisk0\DR0\Partition3
20:33:47.0219 0x30c8  \Device\Harddisk0\DR0\Partition3 - ok
20:33:47.0219 0x30c8  [ 89611500C049DE3F74C0A5470B1D6928 ] \Device\Harddisk0\DR0\Partition4
20:33:47.0219 0x30c8  \Device\Harddisk0\DR0\Partition4 - ok
20:33:47.0219 0x30c8  [ A88A0D1A39CD75CC2AD00236C8EA7044 ] \Device\Harddisk1\DR1\Partition1
20:33:47.0219 0x30c8  \Device\Harddisk1\DR1\Partition1 - ok
20:33:47.0219 0x30c8  ================ Scan generic autorun ======================
20:33:47.0435 0x30c8  [ BF225BCD0EC2D85719C382019B5B4250, 7FE5A85209BD930FC1622600AB74E59854488986AA052A0D03D5FC7B361F247D ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:33:47.0704 0x30c8  RtHDVCpl - ok
20:33:47.0753 0x30c8  [ DC64C1C5948E69DD5815BD5421DDED9B, F8BC8B0E92D9250EFE840CF87DB2C02821EF7EF456C726BE651E1755F37B306D ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
20:33:47.0773 0x30c8  RtHDVBg_Dolby - ok
20:33:47.0789 0x30c8  NvBackend - ok
20:33:47.0789 0x30c8  ShadowPlay - ok
20:33:47.0820 0x30c8  [ A33833D1CB24AA28372CE0D43D4F5112, D1FDE1418094B29D680CAC4E1D9C67DF6880378552EDC9E52948F67D5CCFF805 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
20:33:47.0836 0x30c8  AdobeAAMUpdater-1.0 - ok
20:33:47.0836 0x30c8  WindowsDefender - ok
20:33:47.0857 0x30c8  [ C91635CC2BF215F9D7A5A7FC2E385D1D, A77AC38D3ACF7C199C0C8A3DB5EF9610FF0E8ED68D6F5E08C75771D5A3659EEB ] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
20:33:47.0873 0x30c8  abDocsDllLoader - ok
20:33:47.0920 0x30c8  [ 12DDA5DE47461555B28954C6711399B4, 35AD5AD8C6E0479EC2FCEBEFA38E69227E5178B9B9D70E7891F9CEBE7491B80A ] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
20:33:47.0974 0x30c8  Wondershare Helper Compact.exe - ok
20:33:48.0020 0x30c8  [ 64F4BC028B6C1C3D3FCA046BFF2B21E6, B2719C8F81351B20F32E8CC474C0D43BB044A73EA4B347EB467345C411ADE681 ] C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
20:33:48.0069 0x30c8  DelaypluginInstall - ok
20:33:48.0091 0x30c8  [ C6352C29C56077749CEEDD08680D347D, DF520DA9E9F8D34004E497969FC4AB0D9F057EEE5D8A0BBB91C5EBC983011ABD ] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
20:33:48.0107 0x30c8  BambooCore - ok
20:33:48.0129 0x30c8  [ 6EACC43D0542EF88226FB34B0B12EDB0, 6345E4B49D7F804F6DE042F981AB172822B6AB74C42209BEFB0582B019430884 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:33:48.0142 0x30c8  SunJavaUpdateSched - ok
20:33:48.0154 0x30c8  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:33:48.0156 0x30c8  APSDaemon - ok
20:33:48.0232 0x30c8  OneDriveSetup - ok
20:33:48.0233 0x30c8  OneDriveSetup - ok
20:33:48.0425 0x30c8  [ FBA45A873F7FF120280F4C53E6EA410D, 2107CED6D6F46E87315107E59210EAD0307F0B9B78B199AA60CC55E780D8FAC6 ] C:\Users\louco\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:33:48.0462 0x30c8  OneDrive - ok
20:33:48.0464 0x30c8  RESTART_STICKY_NOTES - ok
20:33:48.0566 0x30c8  [ E9F20B384C858FA30571DC04E89070F7, 227328D44C67ACC4E0BA3F3CF37B93D54D490EEF4793F4F3DC43F6B6B0ADD5FE ] C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
20:33:48.0611 0x30c8  AcerPortal - ok
20:33:48.0621 0x30c8  [ ABD18F12F8905B86856250C0ADFCCDD7, A670EF7CD8BB98A15F176CE98F28E8EC4AC8289F9F2230300F9AAA6CEBCB0628 ] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
20:33:48.0629 0x30c8  TomTomHOME.exe - ok
20:33:48.0692 0x30c8  [ 8E32F4AE96D25AA0C69A4DA2C8681D7B, 86B19F83661C757A4FEE2C1907E513A89804AEA5E2CF9ECA0009B88D90E84427 ] C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
20:33:48.0734 0x30c8  MyDriveConnect.exe - ok
20:33:48.0745 0x30c8  [ 041BC222A7B282928AF1F6115D1CBE3B, 6C692E4C6B696BC64CF69B6AECA79315E931A38072B6B5A40D57D396091652CC ] C:\Users\louco\AppData\Roaming\Dashlane\Dashlane.exe
20:33:48.0752 0x30c8  Dashlane - ok
20:33:48.0761 0x30c8  [ EE1F9DEF8AFD6DB79F8CC0B402F82A0C, A493F2E93300E2C727F81BF39287FC4DE561C1730210CB17C5A5763152FA0F9D ] C:\Users\louco\AppData\Roaming\Dashlane\DashlanePlugin.exe
20:33:48.0771 0x30c8  DashlanePlugin - ok
20:33:48.0772 0x30c8  Waiting for KSN requests completion. In queue: 42
20:33:49.0783 0x30c8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.1198 ), 0x61100 ( enabled : updated )
20:33:49.0784 0x30c8  AV detected via SS2: Protection antivirus et antispyware McAfee , C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 14.0.0.0 ), 0x350000 ( disabled : updated )
20:33:49.0784 0x30c8  FW detected via SS2: Pare-feu McAfee , C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 14.0.0.0 ), 0x50010 ( disabled )
20:33:49.0787 0x30c8  Win FW state via NFP2: enabled ( trusted )
20:33:49.0913 0x30c8  ============================================================
20:33:49.0913 0x30c8  Scan finished
20:33:49.0913 0x30c8  ============================================================
20:33:49.0919 0x316c  Detected object count: 0
20:33:49.0919 0x316c  Actual detected object count: 0

 

Adwarecleaner

 

# AdwCleaner 7.0.8.0 - Logfile created on Wed Mar 14 19:37:40 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-14.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Assistant, Amazon Assistant Service


***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Public\Pokki
Adware.pokki, C:\Users\Default\AppData\Local\Host App Service
Adware.pokki, C:\Users\Default User\AppData\Local\Host App Service
Adware.pokki, C:\Users\louco\AppData\Local\Host App Service
PUP.Optional.PCSpeedMaximizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer
PUP.Optional.PCSpeedMaximizer, C:\Users\louco\AppData\Roaming\PC Speed Maximizer
PUP.Optional.PCSpeedMaximizer, C:\Users\louco\Documents\PC Speed Maximizer
PUP.Optional.Booking, C:\Program Files\Booking.com
PUP.Optional.AmazonBrowserSettings, C:\Program Files (x86)\Amazon Browser Settings
PUP.Optional.AmazonBrowserSettings, C:\Users\louco\AppData\Local\Amazon Browser Settings


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\Default\Desktop\App Explorer.lnk
PUP.Optional.Legacy, C:\Users\Default User\Desktop\App Explorer.lnk
PUP.Optional.AmazonTB, C:\Users\louco\AppData\Roaming\Mozilla\Firefox\Profiles\fi6y7kad.default-1483619358860\jetpack\abb@amazon.com
PUP.Optional.Assistant, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazonAssistant.lnk
PUP.Optional.Assistant, C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonAssistant.lnk
PUP.Optional.Assistant, C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonAssistant.lnk
PUP.Optional.Assistant, C:\Users\louco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonAssistant.lnk


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, App Explorer
PUP.Optional.Legacy, DistromaticSearchProtect-logon
PUP.Optional.Legacy, DistromaticUpdater-periodic
PUP.Optional.Legacy, DistromaticSearchProtect-hourly
PUP.Optional.Legacy, DistromaticUpdater-logon
PUP.Optional.PCSpeedMaximizer, PC Speed Maximizer Schedule


***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\titan.service.amazonbrowserapp.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3858165804-31356248-2666505570-1001\Software\distromatic
PUP.Optional.Legacy, [Key] - HKCU\Software\distromatic
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Classes\Software\AppDataLow\Software\Amazon\Amazon1ButtonApp
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\Amazon1ButtonBrowserHelper.dll
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838}
PUP.Optional.Amazon1Button, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5415905096AA504A9FB967C7A138943
PUP.Optional.Amazon1Button, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | Amazon1ButtonTaskbarApp.exe
PUP.Optional.Amazon1Button, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | c:\Program Files (x86)\Amazon\Amazon1ButtonApp\
PUP.Optional.Conduit, [Key] - HKLM\SOFTWARE\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-3858165804-31356248-2666505570-1001\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit
Adware.pokki, [Key] - HKU\S-1-5-21-3858165804-31356248-2666505570-1001\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-3858165804-31356248-2666505570-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKCU\Software\Host App Service
Adware.pokki, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
PUP.Optional.PCSpeedMaximizer, [Key] - HKU\S-1-5-21-3858165804-31356248-2666505570-1001\Software\PC Speed Maximizer
PUP.Optional.PCSpeedMaximizer, [Key] - HKCU\Software\PC Speed Maximizer
PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-3858165804-31356248-2666505570-1001\Software\PRODUCTSETUP
PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP
PUP.Optional.Assistant, [Key] - HKLM\SOFTWARE\Classes\CLSID\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
PUP.Optional.Assistant, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Assistant, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application


***** [ Firefox (and derivatives) ] *****

PUP.Optional.AmazonTB, Plugin found: __MSG_appName__ -


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

 

 

 

Junkware removal tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by louco (Administrator) on 14-03-18 at 20:41:13,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\Users\louco\AppData\Local\amazon browser settings (Folder)
Successfully deleted: C:\Users\louco\AppData\Roaming\pc speed maximizer (Folder)
Successfully deleted: C:\Program Files (x86)\amazon browser settings (Folder)
Successfully deleted: C:\Program Files (x86)\pc speed maximizer (Folder)
Successfully deleted: C:\Program Files\booking.com (Folder)

Deleted the following from C:\Users\louco\AppData\Roaming\Mozilla\Firefox\Profiles\fi6y7kad.default-1483619358860\prefs.js
user_pref(browser.startup.homepage, hxxps://start-pagesearch.com/?s=acer&m=start&brw=ff&o=nhps-20170731-525);



Registry: 3

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0157321519849223mcinstcleanup (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14-03-18 at 20:45:00,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ESET Online Scanner

 

C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe    a variant of Win32/KingSoft.D potentially unwanted application    
C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe    a variant of Win32/KingSoft.D potentially unwanted application    
C:\Users\louco\AppData\Roaming\Kingsoft\office6\update\down\wpsupdate.exe    a variant of Win32/KingSoft.D potentially unwanted application    
C:\Users\louco\Desktop\Old Firefox Data\zmj87rut.default\extensions\_dbMembers_@free.getformsonline.com\bootstrap.js    JS/Mindspark.D potentially unwanted application    
C:\Users\louco\Desktop\Old Firefox Data\zmj87rut.default\extensions\_dbMembers_@free.getformsonline.com\chrome\ffxtbr.jar    JS/Mindspark.B potentially unwanted application,JS/Mindspark.D potentially unwanted application    
C:\Users\louco\Downloads\youtube_hd_setup.exe    a variant of Win32/OpenCandy.A potentially unsafe application    
Autostart locations    a variant of Win32/KingSoft.D potentially unwanted application    archive damaged
 



#10 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 18 March 2018 - 06:42 AM

Is it okay to continue in this post or should I open another topic?

 

Best regards



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:15 AM

Posted 19 March 2018 - 10:47 AM

Hi, sorry... Rerun ADWcleaner and Remove all it found.

Then do this...

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Mark-D

Mark-D
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 19 March 2018 - 03:45 PM

Hello,

 

I executed all steps and post the log:

 

Tweaking.com - Windows Repair 2018 (v4.0.15)
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.14393.2125
OS Service Pack:
Computer Name: LAPTOP-6IDS9GG4
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\louco
Current Profile SID: S-1-5-21-3858165804-31356248-2666505570-1001
Current Profile Classes: S-1-5-21-3858165804-31356248-2666505570-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\louco\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:44:33

Process Count: 141
Commit Total: 3,79 GB
Commit Limit: 18,30 GB
Commit Peak: 5,46 GB
Handle Count: 52082
Kernel Total: 1,32 GB
Kernel Paged: 1,01 GB
Kernel Non Paged: 315,87 MB
System Cache: 9,95 GB
Thread Count: 1938
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15,93 GB
Memory Used: 3,86 GB(24,2414%)
Memory Avail.: 12,06 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15,93 GB
Memory Used: 3,24 GB(20,3752%)
Memory Avail.: 12,68 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (19-03-18 20:43:57)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 250
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (19-03-18 20:43:58)


Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\hku.7z
Done,  0,23 seconds.


Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\hklm.7z
Done,  3,09 seconds.

   Running Repair Under System Account
   Done (19-03-18 20:45:02)

02 - Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (19-03-18 20:45:02)


Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\default.7z
Done,  0,13 seconds.


Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\profile.7z
Done,  0,16 seconds.


Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\program_files.7z
Done,  0,27 seconds.


Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\program_files_x86.7z
Done,  0,14 seconds.


Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\programdata.7z
Done,  0,16 seconds.


Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\windows.7z
Done,  1,4 seconds.

   Running Repair Under System Account
   Done (19-03-18 20:51:22)

03 - Reset Service Permissions
   Start (19-03-18 20:51:22)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:51:40)

04 - Register System Files
   Start (19-03-18 20:51:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:52:28)

05 - Repair WMI
   Start (19-03-18 20:52:28)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Windows Defender Exported.
   Protection antivirus et antispyware McAfee  Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   Protection antivirus et antispyware McAfee  Exported.

   Exporting 3rd Party Firewall Info...
   Pare-feu McAfee  Exported.

   Running Repair Under Current User Account
   Done (19-03-18 20:54:00)

06 - Repair Windows Firewall
   Start (19-03-18 20:54:00)

Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\services.7z
Done,  0,15 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:54:22)

07 - Repair Internet Explorer
   Start (19-03-18 20:54:22)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:54:57)

08 - Repair MDAC/MS Jet
   Start (19-03-18 20:54:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:55:05)

09 - Repair Hosts File
   Start (19-03-18 20:55:05)
   Running Repair Under System Account
   Done (19-03-18 20:55:06)

10 - Remove Policies Set By Infections
   Start (19-03-18 20:55:06)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:55:09)

11 - Repair Start Menu Icons Removed By Infections
   Start (19-03-18 20:55:09)
   Running Repair Under System Account
   Done (19-03-18 20:55:10)

12 - Repair Icons
   Start (19-03-18 20:55:10)
   Running Repair Under Current User Account
   Done (19-03-18 20:55:34)

13 - Repair Network
   Start (19-03-18 20:55:34)

Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\services.7z
Done,  0,2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:55:53)

14 - Remove Temp Files
   Start (19-03-18 20:55:53)
   Running Repair Under System Account
   Done (19-03-18 20:55:55)

15 - Repair Proxy Settings
   Start (19-03-18 20:55:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:55:57)

16 - Repair Windows Updates
   Start (19-03-18 20:55:57)

Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\services.7z
Done,  0,15 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (19-03-18 20:56:37)

17 - Repair CD/DVD Missing/Not Working
   Start (19-03-18 20:56:37)
   iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
   Done (19-03-18 20:56:37)

18 - Repair Volume Shadow Copy Service
   Start (19-03-18 20:56:37)

Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\services.7z
Done,  0,16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:57:26)

19 - Repair Windows Sidebar/Gadgets
   Start (19-03-18 20:57:26)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:57:28)

20 - Repair MSI (Windows Installer)
   Start (19-03-18 20:57:28)

Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\services.7z
Done,  0,16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:57:44)

21 - Repair Windows Snipping Tool
   Start (19-03-18 20:57:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:57:46)

22.01 - Repair bat Association
   Start (19-03-18 20:57:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:57:48)

22.02 - Repair cmd Association
   Start (19-03-18 20:57:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:57:50)

22.03 - Repair com Association
   Start (19-03-18 20:57:50)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:57:52)

22.04 - Repair Directory Association
   Start (19-03-18 20:57:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:57:55)

22.05 - Repair Drive Association
   Start (19-03-18 20:57:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:57:57)

22.06 - Repair exe Association
   Start (19-03-18 20:57:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:57:59)

22.07 - Repair Folder Association
   Start (19-03-18 20:57:59)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:58:01)

22.08 - Repair inf Association
   Start (19-03-18 20:58:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:58:03)

22.09 - Repair lnk (Shortcuts) Association
   Start (19-03-18 20:58:03)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:58:05)

22.10 - Repair msc Association
   Start (19-03-18 20:58:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:58:08)

22.11 - Repair reg Association
   Start (19-03-18 20:58:08)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:58:10)

22.12 - Repair scr Association
   Start (19-03-18 20:58:10)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:58:12)

23 - Repair Windows Safe Mode
   Start (19-03-18 20:58:12)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:58:14)

24 - Repair Print Spooler
   Start (19-03-18 20:58:14)

Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\services.7z
Done,  0,15 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:58:34)

25 - Restore Important Windows Services
   Start (19-03-18 20:58:34)

Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\services.7z
Done,  0,15 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:58:47)

26 - Set Windows Services To Default Startup
   Start (19-03-18 20:58:47)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 20:58:55)

27.01 - Repair Windows 8/10 App Store
   Start (19-03-18 20:58:55)

Decompressing & Updating Windows Permission File C:\Users\louco\Desktop\windows repair\files\permissions\10\hku.7z
Done,  0,23 seconds.

   Running Repair Under Current User Account
   Done (19-03-18 21:00:58)

28 - Repair Windows 8/10 Component Store
   Start (19-03-18 21:00:58)
   Running Repair Under Current User Account
   Done (19-03-18 21:34:08)

29 - Restore Windows 8/10 COM+ Unmarshalers
   Start (19-03-18 21:34:08)
   Running Repair Under System Account
[X] -----Job Complete-----         Items Done: 1      
   Done (19-03-18 21:34:10)

30 - Repair Windows 'New' Submenu
   Start (19-03-18 21:34:10)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 21:34:12)

31 - Restore UAC (User Account Control) Settings
   Start (19-03-18 21:34:12)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19-03-18 21:34:14)

32 - Repair Performance Counters
   Start (19-03-18 21:34:14)
   Running Repair Under Current User Account
   Done (19-03-18 21:34:17)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (19-03-18 21:34:17)
   Total Repair Time: 00:50:21


...YOU MUST RESTART YOUR SYSTEM...



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:15 AM

Posted 20 March 2018 - 09:42 AM

How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users