Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with PUP


  • This topic is locked This topic is locked
13 replies to this topic

#1 Dimera

Dimera

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 29 October 2017 - 04:08 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by Admin (administrator) on PC (29-10-2017 13:22:25)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 15063.674 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(VL) C:\Program Files (x86)\ShopTracker\Scheduler\AmazonMeter.Scheduler.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Malwarebytes) F:\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Copyright 2017.) F:\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) F:\Malwarebytes Anti-Malware\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\McAfee\Real Protect\RealProtect.exe
(Piriform Ltd) F:\CC\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Copyright 2017.) F:\Zemana AntiMalware\ZAM.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Mozilla Corporation) F:\Mozilla Firefox\firefox.exe
(Mozilla Corporation) F:\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_27_0_0_183.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_27_0_0_183.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => F:\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [7109896 2017-10-27] (McAfee, Inc.)
HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\Run: [CCleaner Monitoring] => F:\CC\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-07-17] (Google Inc.)
HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-07] (Ruiware)
Startup: C:\Users\Owners\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-03-09]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0d8ce48a-75f5-47e6-98eb-050a46b686c2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e2165eab-e59e-41b6-9490-83c2f543c0a3}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e9f4f0a1-f81d-4612-976e-b8a5df110409}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130896097070380092&GUID=7A267B58-D50F-4A26-A599-FFAFF9D28876
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-473581126-2895704609-3995012257-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-473581126-2895704609-3995012257-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-10] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-10] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF DefaultProfile: mcaufb8o.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mcaufb8o.default [2017-10-29]
FF NetworkProxy: Mozilla\Firefox\Profiles\mcaufb8o.default -> type", 0
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mcaufb8o.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-20]
FF Extension: (YesScript) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mcaufb8o.default\Extensions\yesscript@userstyles.org.xpi [2017-10-22]
FF Extension: (uBlock) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mcaufb8o.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2017-10-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-10] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-473581126-2895704609-3995012257-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-473581126-2895704609-3995012257-1002: @talk.google.com/O1DPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-473581126-2895704609-3995012257-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-473581126-2895704609-3995012257-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AmazonMeterService; C:\Program Files (x86)\ShopTracker\Scheduler\AmazonMeter.Scheduler.exe [31688 2017-05-17] (VL)
R2 MBAMService; F:\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343544 2017-05-24] (McAfee, Inc.)
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-08-12] (Reason Software Company Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
R2 ZAMSvc; F:\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-27] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-29] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-29] (Malwarebytes)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [917008 2017-05-24] (McAfee, Inc.)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [124432 2017-05-24] (McAfee, Inc.)
R1 MpKsl589ec35f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAAAC1DD-BE1F-46B2-A9A2-8668510B9420}\MpKsl589ec35f.sys [49392 2017-10-29] (Microsoft Corporation)
R1 MpKsl9c2ff1e1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7276BC8A-4D09-44E4-9407-4D0E23DB760E}\MpKsl9c2ff1e1.sys [49392 2017-10-27] (Microsoft Corporation)
S1 MpKslcbc034aa; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAAAC1DD-BE1F-46B2-A9A2-8668510B9420}\MpKslcbc034aa.sys [49392 2017-10-29] () [File not signed]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-10-28] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-06-03] (Zemana Ltd.)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-29 13:22 - 2017-10-29 13:24 - 000011593 ____C C:\Users\Admin\Desktop\FRST.txt
2017-10-29 13:21 - 2017-10-29 13:21 - 002403328 ____C (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2017-10-28 23:01 - 2017-10-28 23:01 - 000000000 ___DC C:\WINDOWS\Panther
2017-10-28 10:54 - 2017-10-28 10:54 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-10-28 10:54 - 2017-10-28 10:54 - 000000689 ____C C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-10-28 10:54 - 2017-10-28 10:54 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-10-28 10:52 - 2017-10-28 10:52 - 006625600 ____C (Zemana Ltd. ) C:\Users\Admin\Desktop\Zemana.AntiMalware.Setup.exe
2017-10-27 23:49 - 2017-10-27 23:49 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-27 23:48 - 2017-10-29 13:16 - 000094144 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-27 23:48 - 2017-10-29 13:07 - 000252232 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-27 23:48 - 2017-10-29 13:07 - 000110016 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-27 23:48 - 2017-10-29 13:07 - 000045504 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-27 23:47 - 2017-10-27 23:47 - 000000900 ____C C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-27 23:47 - 2017-10-27 23:47 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-27 23:47 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-27 23:20 - 2017-10-27 23:20 - 001510832 ____C (Ruiware) C:\Users\Admin\Downloads\wpsetup.exe
2017-10-27 21:21 - 2017-10-27 21:21 - 000000899 ____C C:\Users\Public\Desktop\RogueKiller.lnk
2017-10-27 21:21 - 2017-10-27 21:21 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-10-27 21:20 - 2017-10-27 21:21 - 000000000 ___DC C:\Program Files\RogueKiller
2017-10-27 21:12 - 2017-10-27 21:17 - 000000000 ___DC C:\Program Files (x86)\stinger
2017-10-27 20:51 - 2017-10-27 20:51 - 000000000 ___DC C:\Program Files\HitmanPro
2017-10-27 20:40 - 2017-10-28 14:58 - 000000000 ___DC C:\Users\Admin\AppData\Roaming\ZHP
2017-10-27 20:40 - 2017-10-28 14:58 - 000000000 ___DC C:\Users\Admin\AppData\Local\ZHP
2017-10-27 20:40 - 2017-10-28 14:55 - 000000902 ____C C:\Users\Admin\Desktop\ZHPDiag.lnk
2017-10-21 17:27 - 2017-10-21 17:28 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-20 13:10 - 2017-09-29 19:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-20 13:10 - 2017-09-29 19:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-20 13:10 - 2017-09-29 00:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-20 13:10 - 2017-09-29 00:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-20 13:10 - 2017-09-29 00:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-20 13:10 - 2017-09-29 00:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-20 13:09 - 2017-09-29 19:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-20 13:09 - 2017-09-29 19:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-20 13:09 - 2017-09-29 19:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-20 13:09 - 2017-09-29 19:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-20 13:09 - 2017-09-29 19:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-20 13:09 - 2017-09-29 19:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-20 13:09 - 2017-09-29 19:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-20 13:09 - 2017-09-29 19:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-20 13:09 - 2017-09-29 19:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-20 13:09 - 2017-09-29 19:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-20 13:09 - 2017-09-29 19:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-20 13:09 - 2017-09-29 19:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-20 13:09 - 2017-09-29 19:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-20 13:09 - 2017-09-29 19:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-20 13:09 - 2017-09-29 19:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-20 13:09 - 2017-09-29 19:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-20 13:09 - 2017-09-29 19:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-20 13:09 - 2017-09-29 19:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-20 13:09 - 2017-09-29 19:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-20 13:09 - 2017-09-29 19:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-20 13:09 - 2017-09-29 19:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-20 13:09 - 2017-09-29 19:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-20 13:09 - 2017-09-29 19:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-20 13:09 - 2017-09-29 19:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-20 13:09 - 2017-09-29 00:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-20 13:09 - 2017-09-29 00:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-20 13:09 - 2017-09-29 00:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-20 13:09 - 2017-09-29 00:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-20 13:09 - 2017-09-29 00:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-20 13:09 - 2017-09-29 00:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-20 13:09 - 2017-09-29 00:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-20 13:09 - 2017-09-29 00:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-20 13:09 - 2017-09-29 00:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-20 13:09 - 2017-09-29 00:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-20 13:09 - 2017-09-29 00:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-20 13:09 - 2017-09-29 00:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-20 13:09 - 2017-09-29 00:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-20 13:09 - 2017-09-29 00:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-20 13:09 - 2017-09-29 00:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-20 13:09 - 2017-09-29 00:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-20 13:09 - 2017-09-29 00:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-20 13:09 - 2017-09-29 00:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-20 13:09 - 2017-09-29 00:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-20 13:09 - 2017-09-29 00:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-20 13:09 - 2017-09-29 00:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-20 13:09 - 2017-09-29 00:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-20 13:09 - 2017-09-29 00:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-20 13:09 - 2017-09-29 00:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-20 13:09 - 2017-09-29 00:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-20 13:09 - 2017-09-29 00:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-20 13:09 - 2017-09-29 00:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-20 13:09 - 2017-09-29 00:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-20 13:09 - 2017-09-29 00:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-20 13:09 - 2017-09-29 00:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-20 13:09 - 2017-09-29 00:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-20 13:09 - 2017-09-29 00:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-20 13:09 - 2017-09-29 00:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-20 13:09 - 2017-09-29 00:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-20 13:09 - 2017-09-29 00:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-20 13:09 - 2017-09-29 00:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-20 13:09 - 2017-09-29 00:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-20 13:09 - 2017-09-29 00:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-20 13:09 - 2017-09-29 00:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-20 13:09 - 2017-09-29 00:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-20 13:09 - 2017-09-29 00:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-20 13:09 - 2017-09-29 00:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-20 13:09 - 2017-09-29 00:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-20 13:09 - 2017-09-29 00:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-20 13:09 - 2017-09-28 22:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-20 13:09 - 2017-09-28 22:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-20 13:09 - 2017-09-20 08:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-20 13:09 - 2017-09-20 08:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-20 13:09 - 2017-09-20 08:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-20 13:09 - 2017-09-18 15:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-20 13:08 - 2017-09-29 19:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-20 13:08 - 2017-09-29 19:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-20 13:08 - 2017-09-29 19:02 - 001624096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-10-20 13:08 - 2017-09-29 19:02 - 001517464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-10-20 13:08 - 2017-09-29 00:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-20 13:08 - 2017-09-29 00:38 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-10-20 13:08 - 2017-09-18 15:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-20 13:02 - 2017-09-29 22:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-20 13:02 - 2017-09-29 22:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-20 13:02 - 2017-09-29 00:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-20 13:02 - 2017-09-29 00:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-20 13:01 - 2017-09-29 22:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-20 13:01 - 2017-09-29 22:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-20 13:01 - 2017-09-29 22:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-20 13:01 - 2017-09-29 22:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-20 13:01 - 2017-09-29 00:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-20 13:01 - 2017-09-29 00:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-20 13:01 - 2017-09-29 00:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-20 13:01 - 2017-09-29 00:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-20 13:01 - 2017-09-29 00:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-20 13:01 - 2017-09-29 00:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-20 13:01 - 2017-09-29 00:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-20 13:01 - 2017-09-29 00:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-20 13:01 - 2017-09-29 00:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-20 13:01 - 2017-09-29 00:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-20 13:01 - 2017-09-29 00:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-20 13:01 - 2017-09-29 00:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-20 13:01 - 2017-09-29 00:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-20 13:01 - 2017-09-29 00:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-20 13:01 - 2017-09-29 00:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-20 13:01 - 2017-09-29 00:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-20 13:01 - 2017-09-29 00:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-20 13:00 - 2017-09-29 22:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-20 13:00 - 2017-09-29 22:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-20 13:00 - 2017-09-29 22:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-20 13:00 - 2017-09-29 22:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-20 13:00 - 2017-09-29 22:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-20 13:00 - 2017-09-29 22:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-20 13:00 - 2017-09-29 22:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-20 13:00 - 2017-09-29 22:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-20 13:00 - 2017-09-29 22:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-20 13:00 - 2017-09-29 22:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-20 13:00 - 2017-09-29 22:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-20 13:00 - 2017-09-29 22:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-20 13:00 - 2017-09-29 00:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-20 13:00 - 2017-09-29 00:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-20 13:00 - 2017-09-29 00:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-20 13:00 - 2017-09-29 00:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-20 13:00 - 2017-09-29 00:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-20 13:00 - 2017-09-29 00:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-20 13:00 - 2017-09-29 00:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-20 13:00 - 2017-09-29 00:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-20 13:00 - 2017-09-29 00:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-20 13:00 - 2017-09-29 00:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-20 13:00 - 2017-09-29 00:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-20 13:00 - 2017-09-29 00:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-20 13:00 - 2017-09-29 00:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-20 13:00 - 2017-09-29 00:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-20 13:00 - 2017-09-29 00:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-20 13:00 - 2017-09-29 00:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-20 13:00 - 2017-09-29 00:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-20 13:00 - 2017-09-29 00:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-20 13:00 - 2017-09-29 00:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-20 13:00 - 2017-09-29 00:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-20 13:00 - 2017-09-29 00:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-20 13:00 - 2017-09-29 00:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-20 13:00 - 2017-09-29 00:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-20 13:00 - 2017-09-29 00:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-20 13:00 - 2017-09-29 00:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-20 13:00 - 2017-09-29 00:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-20 13:00 - 2017-09-29 00:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-20 13:00 - 2017-09-29 00:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-20 13:00 - 2017-09-29 00:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-20 13:00 - 2017-09-29 00:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-20 13:00 - 2017-09-29 00:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-20 13:00 - 2017-09-29 00:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-20 13:00 - 2017-09-29 00:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-20 13:00 - 2017-09-29 00:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-20 13:00 - 2017-09-29 00:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-20 13:00 - 2017-09-29 00:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-20 13:00 - 2017-09-29 00:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-20 13:00 - 2017-09-29 00:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-20 13:00 - 2017-09-29 00:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-20 13:00 - 2017-09-29 00:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-20 13:00 - 2017-09-29 00:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-20 13:00 - 2017-09-29 00:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-20 13:00 - 2017-09-29 00:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-20 13:00 - 2017-09-29 00:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-20 13:00 - 2017-09-18 16:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-20 12:59 - 2017-09-29 22:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-20 12:59 - 2017-09-29 22:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-20 12:59 - 2017-09-29 22:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-20 12:59 - 2017-09-29 22:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-20 12:59 - 2017-09-29 22:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-20 12:59 - 2017-09-29 00:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-20 12:59 - 2017-09-29 00:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-20 12:59 - 2017-09-29 00:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-20 12:59 - 2017-09-29 00:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-20 12:59 - 2017-09-29 00:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-20 12:59 - 2017-09-29 00:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-20 12:59 - 2017-09-29 00:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-20 12:59 - 2017-09-29 00:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-20 12:59 - 2017-09-29 00:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-20 12:59 - 2017-09-29 00:18 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2017-10-20 12:59 - 2017-09-29 00:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-20 12:59 - 2017-09-29 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-20 12:58 - 2017-09-29 22:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-20 12:58 - 2017-09-29 22:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-20 12:58 - 2017-09-29 22:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-20 12:58 - 2017-09-29 22:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-20 12:58 - 2017-09-29 22:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-20 12:58 - 2017-09-29 22:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-20 12:58 - 2017-09-29 22:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-20 12:58 - 2017-09-29 22:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-20 12:58 - 2017-09-29 22:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-20 12:58 - 2017-09-29 22:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-20 12:58 - 2017-09-29 22:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-20 12:58 - 2017-09-29 22:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-20 12:58 - 2017-09-29 22:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-20 12:58 - 2017-09-29 22:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-20 12:58 - 2017-09-29 00:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-20 12:58 - 2017-09-29 00:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-20 12:58 - 2017-09-29 00:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-20 12:58 - 2017-09-29 00:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-20 12:58 - 2017-09-29 00:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-20 12:58 - 2017-09-29 00:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-20 12:58 - 2017-09-29 00:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-20 12:58 - 2017-09-29 00:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-20 12:58 - 2017-09-29 00:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-20 12:58 - 2017-09-29 00:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-20 12:58 - 2017-09-29 00:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-20 12:58 - 2017-09-29 00:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-20 12:58 - 2017-09-29 00:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-20 12:58 - 2017-09-29 00:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-20 12:58 - 2017-09-29 00:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-20 12:58 - 2017-09-29 00:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-20 12:58 - 2017-09-29 00:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-20 12:58 - 2017-09-29 00:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-20 12:58 - 2017-09-29 00:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-20 12:58 - 2017-09-29 00:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-20 12:58 - 2017-09-29 00:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-20 12:58 - 2017-09-29 00:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-20 12:58 - 2017-09-29 00:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-20 12:58 - 2017-09-29 00:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-20 12:58 - 2017-09-29 00:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-20 12:58 - 2017-09-29 00:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-20 12:58 - 2017-09-29 00:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-20 12:58 - 2017-09-29 00:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-20 12:58 - 2017-09-29 00:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-20 12:58 - 2017-09-29 00:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-20 12:58 - 2017-09-18 15:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-10-20 12:57 - 2017-09-29 22:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-20 12:57 - 2017-09-29 22:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-20 12:57 - 2017-09-29 22:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-20 12:57 - 2017-09-29 22:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-20 12:57 - 2017-09-29 22:40 - 000849816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-10-20 12:57 - 2017-09-29 22:40 - 000701336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-10-20 12:57 - 2017-09-29 22:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-20 12:57 - 2017-09-29 22:39 - 001694104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-10-20 12:57 - 2017-09-29 22:38 - 001854872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-10-20 12:57 - 2017-09-29 22:37 - 002377112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2017-10-20 12:57 - 2017-09-29 22:37 - 002229144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-10-20 12:57 - 2017-09-29 22:37 - 001464728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-10-20 12:57 - 2017-09-29 22:36 - 000855960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-10-20 12:57 - 2017-09-29 22:36 - 000675224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-10-20 12:57 - 2017-09-29 00:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-20 12:57 - 2017-09-29 00:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-20 12:57 - 2017-09-29 00:26 - 001197568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2017-10-20 12:57 - 2017-09-29 00:26 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2017-10-20 12:57 - 2017-09-29 00:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-20 12:57 - 2017-09-29 00:24 - 001201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2017-10-20 12:57 - 2017-09-29 00:23 - 002195968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-20 12:57 - 2017-09-29 00:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-20 12:57 - 2017-09-18 16:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-20 12:57 - 2017-09-18 16:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-20 12:57 - 2017-09-18 16:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-20 12:57 - 2017-09-18 16:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-20 12:57 - 2017-09-18 15:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-20 12:56 - 2017-09-29 22:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-20 12:56 - 2017-09-29 22:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-20 12:56 - 2017-09-29 22:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-20 12:56 - 2017-09-29 22:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-20 12:56 - 2017-09-29 22:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-20 12:56 - 2017-09-29 00:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-20 12:56 - 2017-09-29 00:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-20 12:56 - 2017-09-29 00:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-20 12:56 - 2017-09-29 00:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-20 12:56 - 2017-09-29 00:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-20 12:56 - 2017-09-18 16:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-20 12:56 - 2017-09-18 16:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-20 12:56 - 2017-09-18 16:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-20 12:56 - 2017-09-18 15:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-20 12:56 - 2017-09-18 15:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-03 12:05 - 2017-10-03 12:05 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\TileDataLayer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-29 13:24 - 2017-06-03 22:02 - 000107082 ____C C:\WINDOWS\ZAM.krnl.trace
2017-10-29 13:24 - 2017-06-03 22:02 - 000022240 ____C C:\WINDOWS\ZAM_Guard.krnl.trace
2017-10-29 13:22 - 2017-06-03 20:08 - 000000000 ___DC C:\FRST
2017-10-29 13:13 - 2017-08-03 14:47 - 000004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FDD11F41-16E8-4C41-BDFF-A55C76C3574A}
2017-10-29 13:07 - 2017-08-03 14:28 - 000000000 ___DC C:\Users\Admin
2017-10-29 13:06 - 2017-08-03 14:47 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-10-28 23:32 - 2017-08-03 14:23 - 000000000 ___DC C:\WINDOWS\system32\SleepStudy
2017-10-28 21:09 - 2016-10-17 16:09 - 000028272 ____C C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-10-28 14:53 - 2016-10-30 00:22 - 000000000 ___DC C:\Users\Admin\AppData\Local\CrashDumps
2017-10-28 11:50 - 2017-02-24 20:29 - 000000000 ___DC C:\AdwCleaner
2017-10-28 11:09 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-28 11:09 - 2017-03-18 14:03 - 000000000 ___DC C:\WINDOWS\AppReadiness
2017-10-28 10:53 - 2017-06-03 22:02 - 000000000 ___DC C:\Users\Admin\AppData\Local\Zemana
2017-10-27 23:47 - 2016-09-15 15:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-27 23:20 - 2016-08-26 14:25 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-10-27 23:20 - 2013-11-06 17:31 - 000000000 ___DC C:\ProgramData\InstallMate
2017-10-27 23:14 - 2017-03-18 04:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-10-27 21:25 - 2017-03-18 14:01 - 000000000 ___DC C:\WINDOWS\INF
2017-10-27 21:04 - 2017-05-25 10:16 - 000000000 ___DC C:\ProgramData\HitmanPro
2017-10-25 14:28 - 2017-03-18 14:03 - 000000000 ___DC C:\WINDOWS\SysWOW64\Macromed
2017-10-25 14:28 - 2017-03-18 14:03 - 000000000 ___DC C:\WINDOWS\system32\Macromed
2017-10-23 13:01 - 2017-03-18 13:51 - 000000000 ___DC C:\WINDOWS\CbsTemp
2017-10-22 16:13 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-22 14:53 - 2016-04-26 23:42 - 000000000 _RHDC C:\Users\Public\AccountPictures
2017-10-22 14:52 - 2017-08-03 14:27 - 001199766 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-22 14:48 - 2017-08-03 14:22 - 000391384 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-22 14:42 - 2017-03-18 14:03 - 000000000 ___DC C:\WINDOWS\ShellExperiences
2017-10-22 14:42 - 2017-03-18 14:03 - 000000000 ___DC C:\WINDOWS\Provisioning
2017-10-22 14:42 - 2017-03-18 14:03 - 000000000 ___DC C:\WINDOWS\PolicyDefinitions
2017-10-22 14:41 - 2017-03-18 14:03 - 000230400 ____C (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-22 14:41 - 2017-03-18 14:03 - 000207872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-22 13:25 - 2017-03-18 14:03 - 000000000 ___DC C:\WINDOWS\LiveKernelReports
2017-10-21 18:03 - 2013-07-19 17:42 - 000000000 ___DC C:\WINDOWS\system32\MRT
2017-10-21 17:27 - 2013-03-17 16:46 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-12 17:21 - 2017-03-18 14:06 - 000835576 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-12 17:21 - 2017-03-18 14:06 - 000177656 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-07 18:26 - 2016-08-26 14:25 - 000000000 ___DC C:\Users\Admin\AppData\Roaming\WinPatrol

==================== Files in the root of some directories =======

2017-05-17 15:31 - 2017-05-17 15:31 - 000003326 ____C () C:\Users\Admin\AppData\Local\recently-used.xbel
2013-08-21 20:09 - 2013-08-21 20:09 - 000000057 ____C () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2014-07-14 01:20 - 2014-07-14 01:21 - 021074920 _____ () C:\Users\Owners\AppData\Local\Temp\7DFF_HiDefMedia-1.1.12-win32C.exe
2014-01-09 16:55 - 2014-01-09 16:56 - 021074920 _____ () C:\Users\Owners\AppData\Local\Temp\8C6_HiDefMedia-1.1.12-win32.exe
2014-01-09 16:55 - 2014-01-09 16:55 - 021074920 _____ () C:\Users\Owners\AppData\Local\Temp\air4E4F.exe
2014-07-14 01:21 - 2014-07-14 01:20 - 021074920 _____ () C:\Users\Owners\AppData\Local\Temp\airC2AD.exe
2013-04-24 01:14 - 2013-04-24 01:14 - 000006144 _____ (Microsoft) C:\Users\Owners\AppData\Local\Temp\PreferencesJson.exe
2013-09-19 20:15 - 2013-09-19 20:15 - 000000006 _____ () C:\Users\Owners\AppData\Local\Temp\propsys.dll
2013-11-27 16:40 - 2013-11-27 16:40 - 000008704 _____ (Microsoft Corporation) C:\Users\Owners\AppData\Local\Temp\SpOrder.dll
2011-11-01 05:32 - 2011-11-01 05:32 - 000465408 _____ () C:\Users\Owners\AppData\Local\Temp\sqlite3.exe
2014-02-18 01:03 - 2014-02-18 01:03 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owners\AppData\Local\Temp\System.Data.SQLite.dll
2014-02-19 18:59 - 2014-02-19 18:59 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owners\AppData\Local\Temp\System.Data.SQLite51014.dll
2014-02-24 01:03 - 2014-02-24 01:03 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owners\AppData\Local\Temp\System.Data.SQLite58102.dll
2014-02-23 01:03 - 2014-02-23 01:03 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owners\AppData\Local\Temp\System.Data.SQLite65752.dll
2014-02-26 21:25 - 2014-02-26 21:25 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owners\AppData\Local\Temp\System.Data.SQLite78710.dll
2014-02-21 01:03 - 2014-02-21 01:03 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owners\AppData\Local\Temp\System.Data.SQLite84533.dll
2014-02-26 17:35 - 2014-02-26 17:35 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owners\AppData\Local\Temp\System.Data.SQLite87875.dll
2014-02-22 01:03 - 2014-02-22 01:03 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owners\AppData\Local\Temp\System.Data.SQLite89133.dll
2014-02-25 15:22 - 2014-02-25 15:22 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owners\AppData\Local\Temp\System.Data.SQLite93774.dll
2014-02-20 17:50 - 2014-02-20 17:50 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owners\AppData\Local\Temp\System.Data.SQLite95812.dll
2013-10-24 13:44 - 2013-10-23 19:34 - 000104174 _____ () C:\Users\Owners\AppData\Local\Temp\Uninstall.exe
2014-01-09 16:56 - 2014-01-09 16:57 - 004961800 _____ (Microsoft Corporation) C:\Users\Owners\AppData\Local\Temp\vcredist_x64.exe
2015-08-02 16:58 - 2015-08-02 16:58 - 000118784 _____ () C:\Users\Owners\AppData\Local\Temp\xmlUpdater.exe
2015-10-30 20:02 - 2015-10-30 20:02 - 000833864 _____ (Yahoo! Inc.) C:\Users\Owners\AppData\Local\Temp\ytb.exe
2013-10-09 18:46 - 1999-12-31 17:00 - 000455600 _____ (Macrovision Corporation) C:\Users\Owners\AppData\Local\Temp\_is6602.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-27 12:23

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by Admin (29-10-2017 13:27:01)
Running from C:\Users\Admin\Desktop
Windows 10 Pro Version 1703 15063.674 (X64) (2017-08-03 21:58:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-473581126-2895704609-3995012257-1002 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-473581126-2895704609-3995012257-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-473581126-2895704609-3995012257-503 - Limited - Disabled)
Guest (S-1-5-21-473581126-2895704609-3995012257-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Belkin Wireless Micro USB Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.00.0155 - Belkin International, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.1.0.0 - Reason Software Company Inc.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RogueKiller version 12.11.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.21.0 - Adlice Software)
ShopTracker 1.1.24 (HKLM-x32\...\AmazonMeter) (Version: 1.1.24 - Nielsen)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B06 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-473581126-2895704609-3995012257-1002_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-473581126-2895704609-3995012257-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => F:\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-28] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => F:\Malwarebytes Anti-Malware\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => F:\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-28] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => F:\Malwarebytes Anti-Malware\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04DC094E-7627-4E70-B466-2603B833F592} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0711AE3A-AEB7-41FF-B850-C22E96CC2089} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {07125905-5268-48E5-971A-289EE0160249} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {19F02864-1037-4FB6-AA13-D8B2F4CD32BD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1E267608-AE5C-4D06-9692-BB7BB3C93CD8} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {25628EFD-0279-449D-9DE3-778A67F5FC7B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-473581126-2895704609-3995012257-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {29B538DE-ECA4-48A4-97E9-4AD903E5ADD3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2C12E84D-60DC-4250-8670-8A0BA3636850} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F674873-FC1C-4AD6-9DB3-B04A99A39534} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe
Task: {3DD7FF79-95A6-46B7-953C-F1EA8E8289CB} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {4BCF904D-FD3A-40A4-8089-49C46EE5D0A0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4E358B6B-FF61-4BEA-8578-8702AA93779E} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-08-12] (Reason Software Company Inc.)
Task: {526CCA3B-3BBB-445A-8CE4-0DF701C808B3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5BEF0256-0A74-4BEA-88B7-8FA658EF2EB2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65DEFF6E-CAF8-4E5F-B3E5-419F7D44EDB9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {68201ED3-9C26-4F73-A4ED-3DD5A9EA47E3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {68B67517-AD2C-4859-AFE8-8F4089074050} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71DC3F2F-2597-484D-946A-F675232C9C16} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {737F2717-E574-486C-9BA8-1D850456C821} - System32\Tasks\GlaryOneClickOptimizer => C:\Program Files (x86)\Glary Utilities\oneclickoptimizer.exe
Task: {7776785A-D981-426F-A127-20BD7756B03F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {8A8E14C4-7C54-4853-BAC3-CF1AADD0E27C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {8FE89DCE-BEFD-416D-8301-A5C1DE9DC3C9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {957760D5-50E2-4235-8DB9-FD8ABDAE4BC7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A4908103-331B-4761-B789-F9B8BCA14F56} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-473581126-2895704609-3995012257-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A553A59F-F7AC-4FE6-85E8-13AA616B4EBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-473581126-2895704609-3995012257-1002Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-07-17] (Google Inc.)
Task: {B6E5A2EA-7D81-46EE-8C6F-FCFCBD36C5FB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B99FBF30-49BB-40C2-A8A5-6D194B32AB96} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C4184362-C735-446C-AA8E-B10AF3290968} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {CA62A1FE-10C2-45EC-B2F6-C11AD1DC0403} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CCCF0843-5CD1-4CDC-856D-D3D25E3672B9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DB06231B-0F44-4BA3-8C80-30768BAA1192} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-473581126-2895704609-3995012257-1002UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2017-07-17] (Google Inc.)
Task: {E0E19367-B86F-4EFF-B391-CB5DE517BFD0} - System32\Tasks\CCleanerSkipUAC => F:\CC\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {F978FC1C-D748-437B-9BD8-B58FA154A38C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GlaryOneClickOptimizer.job => C:\Program Files (x86)\Glary Utilities\oneclickoptimizer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-10-27 23:47 - 2017-10-04 13:15 - 002289096 _____ () F:\MALWAREBYTES ANTI-MALWARE\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-27 23:47 - 2017-10-04 13:15 - 002358728 _____ () F:\MALWAREBYTES ANTI-MALWARE\ANTI-MALWARE\MwacLib.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-06 09:41 - 2016-01-06 09:41 - 000062168 _____ () F:\CC\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-10-22 14:46 - 000004507 ____C C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-473581126-2895704609-3995012257-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-473581126-2895704609-3995012257-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4AAE7558-E8AD-45D6-92C8-84269EF8A9CD}F:\mozilla firefox\firefox.exe] => (Block) F:\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3884F588-8098-4FCD-AED5-82C08EF89998}F:\mozilla firefox\firefox.exe] => (Block) F:\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2A56A360-63F9-4AB6-B4E9-3773F8A78EFE}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [TCP Query User{4220342B-783C-474E-9F89-74CC1D2DD04C}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [TCP Query User{7D7BEC9E-84AB-450A-885E-8B20C3B96D20}C:9\cricut-craft room\ccrbridge.exe] => (Allow) C:9\cricut-craft room\ccrbridge.exe
FirewallRules: [UDP Query User{1FB4883E-E90F-4BAF-B8C0-A369B84A76BD}C:9\cricut-craft room\ccrbridge.exe] => (Allow) C:9\cricut-craft room\ccrbridge.exe
FirewallRules: [TCP Query User{3C9D24AD-9840-4D3C-B087-891095E3A3D5}F:\mozilla firefox\firefox.exe] => (Block) F:\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{01DAD3F5-F9EC-4DF1-8E93-DFC44E0E0EF6}F:\mozilla firefox\firefox.exe] => (Block) F:\mozilla firefox\firefox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2017 01:10:43 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-473581126-2895704609-3995012257-1002}/">.

Error: (10/29/2017 01:09:08 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/28/2017 11:00:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/28/2017 09:07:05 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-473581126-2895704609-3995012257-1002}/">.

Error: (10/28/2017 07:09:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/28/2017 07:08:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/28/2017 02:53:46 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-473581126-2895704609-3995012257-1002}/">.

Error: (10/28/2017 02:53:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 56.0.0.6478, time stamp: 0x59cab4cc
Faulting module name: mozglue.dll, version: 56.0.0.6478, time stamp: 0x59cab4ba
Exception code: 0x80000003
Fault offset: 0x000109d9
Faulting process id: 0xb84
Faulting application start time: 0x01d3502e0752d3da
Faulting application path: F:\Mozilla Firefox\firefox.exe
Faulting module path: F:\Mozilla Firefox\mozglue.dll
Report Id: 8a7d5f25-7a1d-4423-a768-0941497c081c
Faulting package full name:
Faulting package-relative application ID:

Error: (10/28/2017 01:47:43 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-473581126-2895704609-3995012257-1002}/">.

Error: (10/28/2017 12:53:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (10/29/2017 01:08:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/29/2017 01:08:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/29/2017 01:07:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/29/2017 01:07:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.

Error: (10/29/2017 01:07:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DiagTrack service terminated with the following error:
General access denied error

Error: (10/29/2017 01:06:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/29/2017 01:06:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (10/29/2017 01:06:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:05:55 AM on ‎10/‎29/‎2017 was unexpected.

Error: (10/29/2017 10:58:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected User Experiences and Telemetry service terminated with the following error:
General access denied error

Error: (10/29/2017 10:58:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected User Experiences and Telemetry service terminated with the following error:
General access denied error


CodeIntegrity:
===================================
  Date: 2017-10-28 23:03:37.055
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-22 16:19:45.559
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-10-22 16:19:45.479
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-10-22 16:19:45.415
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-10-22 16:19:45.324
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-10-22 16:19:45.298
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-10-22 16:19:45.257
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-10-22 16:19:41.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-10-22 16:19:41.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-10-22 15:57:57.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 83%
Total physical RAM: 2037.61 MB
Available physical RAM: 333.96 MB
Total Virtual: 3189.61 MB
Available Virtual: 1209.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:73.96 GB) (Free:26.6 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:873.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 92EF78FE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 733E660D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by Chris Cosgrove, 29 October 2017 - 06:11 PM.
Duplicate topic deleted.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 PM

Posted 30 October 2017 - 09:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-473581126-2895704609-3995012257-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
U3 idsvc; no ImagePath
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
===

Please post the logs and let me know what problem persists.

#3 Dimera

Dimera
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 30 October 2017 - 02:51 PM

I am unable to Enable System Restore.  When I click on Turn on System Restore, it does not allow me to click on it.  It remains shaded.

 

I am also unable to open up Internet Explorer.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by Admin (30-10-2017 12:29:47) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-473581126-2895704609-3995012257-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
U3 idsvc; no ImagePath
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-473581126-2895704609-3995012257-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => key removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38791867 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 177154 B
Edge => 1747 B
Chrome => 0 B
Firefox => 73647980 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 18191 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 3864 B
Admin => 9060640 B
DefaultAppPool => 0 B

RecycleBin => 1430 B
EmptyTemp: => 123.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:30:32 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 PM

Posted 31 October 2017 - 08:15 AM



Hi,

Repair these services.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    07 - Repair Internet Explorer
    10 - Remove Policies Set By Infections
    16 - Repair Windows Updates
    20 - Repair MSI (Windows Installer)
    25 - Restore Important Windows Services
    26 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

How is the computer running now?

#5 Dimera

Dimera
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 31 October 2017 - 04:31 PM

Tweaking.com - Windows Repair 2018 (v4.0.9)
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Pro
OS Architecture: 64-bit
OS Version: 10.0.15063.674
OS Service Pack:
Computer Name: PC
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Admin
Current Profile SID: S-1-5-21-473581126-2895704609-3995012257-1002
Current Profile Classes: S-1-5-21-473581126-2895704609-3995012257-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Admin\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:23:52

Process Count: 42
Commit Total: 1.28 GB
Commit Limit: 3.11 GB
Commit Peak: 1.53 GB
Handle Count: 17889
Kernel Total: 329.57 MB
Kernel Paged: 276.44 MB
Kernel Non Paged: 53.13 MB
System Cache: 695.25 MB
Thread Count: 593
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.99 GB
Memory Used: 1.41 GB(71.0403%)
Memory Avail.: 590.09 MB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.99 GB
Memory Used: 1,022.50 MB(50.1812%)
Memory Avail.: 1,015.11 MB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (10/31/2017 1:17:51 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 155
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (10/31/2017 1:17:56 PM)


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done,  0.78 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
Done,  33.2 seconds.

   Running Repair Under System Account
   Done (10/31/2017 1:19:56 PM)

03 - Reset Service Permissions
   Start (10/31/2017 1:19:56 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/31/2017 1:20:21 PM)

04 - Register System Files
   Start (10/31/2017 1:20:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/31/2017 1:22:01 PM)

05 - Repair WMI
   Start (10/31/2017 1:22:01 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Windows Defender Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (10/31/2017 1:31:27 PM)

07 - Repair Internet Explorer
   Start (10/31/2017 1:31:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/31/2017 1:32:02 PM)

16 - Repair Windows Updates
   Start (10/31/2017 1:32:02 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.25 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (10/31/2017 1:33:19 PM)

20 - Repair MSI (Windows Installer)
   Start (10/31/2017 1:33:19 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/31/2017 1:33:33 PM)

25 - Restore Important Windows Services
   Start (10/31/2017 1:33:33 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/31/2017 1:33:48 PM)

26 - Set Windows Services To Default Startup
   Start (10/31/2017 1:33:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/31/2017 1:34:03 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (10/31/2017 1:34:03 PM)
   Total Repair Time: 00:16:14


...YOU MUST RESTART YOUR SYSTEM...

 

 

When I tried to back up System Restore I got this message.  "System Protection is available only in online operation system".
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 PM

Posted 01 November 2017 - 09:06 AM



Hi,

Refer to this page.

https://www.howtogeek.com/237230/how-to-enable-system-restore-and-repair-system-problems-on-windows-10/

Read it and check your Windows 10 settings.

Let me know how it goes.

#7 Dimera

Dimera
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 01 November 2017 - 04:24 PM

Tried manually and SFC did not work.

 

Computer still freezes, but does respond after 20 seconds.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 PM

Posted 02 November 2017 - 07:07 AM



Hi,

How to perform a clean boot in Windows Vista and above.
http://support.microsoft.com/kb/929135

or refer to this link.
https://helpdeskgeek.com/windows-7/perform-a-clean-boot-in-windows-7/

Read the instructions on the pages before proceeding.

Did you find any conflicting issues?

p.s.

Different from Safe Mode, a Clean Boot lets you disable all non-Microsoft background applications and services to troubleshoot a PC running Windows 7. Once disabled, you can begin turning third-party services back on to diagnose your computer.

Just be sure to hide all Microsoft services before you use the Disable All button. Otherwise, you may encounter boot up errors when you reboot your PC.
===

#9 Dimera

Dimera
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 02 November 2017 - 10:14 PM

I'm not sure how reliable this site is(NicolasCoolman.eu), but these were my results.

 

~ ZHPDiag v2017.10.9.179 By Nicolas Coolman (2017/10/09)
~ Run by Admin (Administrator)  (2017/11/02 19:57:12)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Certificate ZHPDiag: Illegal
~ State version:  Version OK
~ Mode: Scan
~ Report: C:\Users\Admin\Desktop\ZHPDiag.txt
~ Report: C:\Users\Admin\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 15063)  =>.Microsoft Corporation

---\\ Internet Browsers (2) - 1s
~ MSIE: Microsoft Edge v40
~ MSIE: Internet Explorer v11.674.15063.0

---\\ Windows Product Information (3) - 0s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK

---\\ System protection software (3) - 5s
Malwarebytes version 3.2.2.2029 v3.2.2.2029 (Protection)
Microsoft Security Client v4.9.0218.0 (Protection)
Windows Defender  (Activate) (Protection)

---\\ System protection software (Superfluous) (1) - 6s
~ Zemana AntiMalware v2.74.0.150 (Superfluous)

---\\ System optimization software (2) - 6s
~ Tweaking.com - Windows Repair v4.0.9 (Optimize)
~ CCleaner v5.25 (Optimize)

---\\ Surveillance software (1) - 6s
~ Adobe Flash Player 27 NPAPI (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 15 Stepping 2, GenuineIntel
~ Operating System:  64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 2086.512 MB (42% free) : OK  =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 26 GB (34%) free of 75 GB : OK  =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: PC
~ User Name: Admin
~ Logged in as Administrator

---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 26 GB free of 75 GB  (System)
~ Drive F: has 890 GB free of 953 GB

---\\ State of the Windows Security Center (6) - 0s
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM64\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (24) - 3s
[MD5.01078D46C77CE0D7DC584A29062A799D] - 29/09/2017 - (.Microsoft Corporation - Windows Explorer.) -- C:\WINDOWS\Explorer.exe [4848952] {33000001733031072665B8B9B3000000000173}  =>.Microsoft Corporation
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - 18/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [68608]  =>.Microsoft Corporation
[MD5.0242626678C83AE788C655C1990A3CC3] - 27/07/2017 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\WINDOWS\System32\Wininit.exe [318232]  =>.Microsoft Windows Publisher®
[MD5.57DA6FA5B8E23F33EA6D19F37CD73DD8] - 29/09/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\WINDOWS\System32\wininet.dll [3307008]  =>.Microsoft Corporation
[MD5.9CDA170849A4F66F4D68B3DBB3AC8394] - 04/09/2017 - (.Microsoft Corporation - Windows Logon Application.) -- C:\WINDOWS\System32\Winlogon.exe [706560]  =>.Microsoft Corporation
[MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 18/03/2017 - (.Microsoft Corporation - Software Licensing Library.) -- C:\WINDOWS\System32\sppcomapi.dll [414208]  =>.Microsoft Corporation
[MD5.6AFA66A457759C1FEC29A52612A67043] - 29/09/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\System32\dnsapi.dll [661224] {33000001733031072665B8B9B3000000000173}  =>.Microsoft Corporation
[MD5.1F4909406532C2FFCBD3683A65F7198F] - 29/09/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\Syswow64\dnsapi.dll [508344] {33000001733031072665B8B9B3000000000173}  =>.Microsoft Corporation
[MD5.5A6D591D56791BA63CE73FCAD60D89A1] - 04/09/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys [610720]  =>.Microsoft Windows®
[MD5.01733BEEE02E51F712330D5909BD701C] - 18/03/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [29088]  =>.Microsoft Windows®
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 18/03/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [93184]  =>.Microsoft Corporation
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 18/03/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [160256]  =>.Microsoft Corporation
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - 18/03/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [150528]  =>.Microsoft Corporation
[MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - 19/06/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys [86528]  =>.Microsoft Corporation
[MD5.C6C8315E3262FAE460529C6DA2951682] - 18/03/2017 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [115200]  =>.Microsoft Corporation
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - 18/03/2017 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [214528]  =>.Microsoft Corporation
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 18/03/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [467352]  =>.Microsoft Windows®
[MD5.BAD3C424788BC071C3EC82CFCDA954D2] - 04/09/2017 - (.Microsoft Corporation - MBT Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [305152]  =>.Microsoft Corporation
[MD5.CDB804F3EA333459FE3C21D61767CBB1] - 29/09/2017 - (.Microsoft Corporation - NT File System Driver.) -- C:\WINDOWS\System32\drivers\ntfs.sys [2327448] {33000001733031072665B8B9B3000000000173}  =>.Microsoft Corporation
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - 18/03/2017 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\WINDOWS\System32\drivers\Parport.sys [97792]  =>.Microsoft Corporation
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 18/03/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008]  =>.Microsoft Corporation
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 18/03/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [183296]  =>.Microsoft Corporation
[MD5.D74756DD1518D28A09CDA99696273FA4] - 31/07/2017 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [119712]  =>.Microsoft Windows®
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 18/03/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [397216]  =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (1) - 2s
O23 - Service: ZAM Controller Service (ZAMSvc) . (.Copyright 2017. - ZAM.) - F:\Zemana AntiMalware\ZAM.exe  =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®

---\\ Services not Microsoft (SR=Run, SS=Stop) (6) - 60s
SS - Disabl [25/10/2017] [  272384]  Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  =>.Adobe Systems Incorporated®
SS - Disabl [17/05/2017] [   31688]  Amazon Meter (AmazonMeterService) . (.VL.) - C:\Program Files (x86)\ShopTracker\Scheduler\AmazonMeter.Scheduler.exe {21F6466DFDF98A66442D43453A0BDE4A}
SS - Disabl [07/08/2017] [ 6058960]  Malwarebytes Service (MBAMService) . (.Malwarebytes.) - F:\Malwarebytes Anti-Malware\Anti-Malware\mbamservice.exe  =>.Malwarebytes Corporation®
SS - Disabl [24/05/2017] [  343544]  McAfee Validation Trust Protection Service (mfevtp) . (.McAfee, Inc..) - C:\WINDOWS\system32\mfevtps.exe  =>.McAfee, Inc.®
SS - Disabl [12/08/2015] [   80144]  Reason Core Security Engine Service (rsEngineSvc) . (.Reason Software Company Inc..) - C:\Program Files\Reason\Security\rsEngineSvc.exe  =>.Reason Software Company Inc.®
SR - Auto   [09/08/2017] [15775888]  ZAM Controller Service (ZAMSvc) . (.Copyright 2017..) - F:\Zemana AntiMalware\ZAM.exe  =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®

---\\ Task Planned Automatically (Register) (107) - 22s
O38 - TASK: {04DC094E-7627-4E70-B466-2603B833F592} [64Bits][\Microsoft\Windows\Media Center\PvrScheduleTask] - (...) -- C:\WINDOWS\ehome\mcupdate.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {05C35C43-30B0-478C-A045-7452BCE45E4E} [64Bits][\Microsoft\Windows\Defrag\ScheduledDefrag] - (.Microsoft Corp. - Disk Defragmenter Module.) -- C:\WINDOWS\system32\defrag.exe  [185856]   =>.Microsoft Corp.
O38 - TASK: {0711AE3A-AEB7-41FF-B850-C22E96CC2089} [64Bits][\Microsoft\Windows\Media Center\PBDADiscoveryW1] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {07125905-5268-48E5-971A-289EE0160249} [64Bits][\Microsoft\Windows\Media Center\RecordingRestart] - (...) -- C:\WINDOWS\ehome\ehrec (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {0C14DCB6-06A7-4CB5-8504-05EC2E6BA9B6} [64Bits][\OneDrive Standalone Update Task-S-1-5-21-473581126-2895704609-3995012257-1002] - (.Microsoft Corporation - Standalone Updater.) -- C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  [2296008]   =>.Microsoft Corporation®
O38 - TASK: {0C518199-F01B-42CF-9CB7-16710B002812} [64Bits][\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask] - (.Microsoft Corporation - MDMAgent.) -- C:\WINDOWS\system32\MDMAgent.exe  [68096]   =>.Microsoft Corporation
O38 - TASK: {0CC2C164-C391-4AE1-AC44-61014D23FC1F} [64Bits][\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization] - (.Microsoft Corp. - Disk Defragmenter Module.) -- C:\WINDOWS\system32\defrag.exe  [185856]   =>.Microsoft Corp.
O38 - TASK: {1100F192-CB07-4AFB-AE30-676FB2F24997} [64Bits][\Microsoft\Windows\UpdateOrchestrator\Maintenance Install] - (.Microsoft Corporation - UsoClient.) -- C:\WINDOWS\System32\usoclient.exe  [34304]   =>.Microsoft Corporation
O38 - TASK: {186E3FCA-A925-48F1-88BF-0AD9D9289626} [64Bits][\Microsoft\Windows\Autochk\Proxy] - (.Microsoft Corporation - Autochk Proxy DLL.) -- C:\Windows\System32\acproxy.dll  [13312]   =>.Microsoft Corporation
O38 - TASK: {19F02864-1037-4FB6-AA13-D8B2F4CD32BD} [64Bits][\Microsoft\Windows\Media Center\OCURActivate] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {1CF8AA04-664E-405E-8968-F0757DE1F480} [64Bits][\Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install] - (.Microsoft Corporation - UsoClient.) -- C:\WINDOWS\System32\usoclient.exe  [34304]   =>.Microsoft Corporation
O38 - TASK: {1E267608-AE5C-4D06-9692-BB7BB3C93CD8} [64Bits][\Microsoft\Windows\Media Center\PvrRecoveryTask] - (...) -- C:\WINDOWS\ehome\mcupdate.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {240478A4-B7D2-43B1-AF21-626C77E72C1F} [64Bits][\Microsoft\Windows\DiskFootprint\Diagnostics] - (.Microsoft Corporation - DiskSnapshot.exe.) -- C:\WINDOWS\system32\disksnapshot.exe  [82944]   =>.Microsoft Corporation
O38 - TASK: {25135D22-1B4D-4AEA-9EDB-A8D599858DD1} [64Bits][\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot] - (.Microsoft Corporation - MusNotificationBroker.) -- C:\windows\system32\MusNotification.exe  [306176]   =>.Microsoft Corporation
O38 - TASK: {2532DB2F-A598-4946-BA1F-6EBE9D19C34C} [64Bits][\Microsoft\Windows\Location\WindowsActionDialog] - (.Microsoft Corporation - Windows Action Dialog Broker.) -- C:\WINDOWS\System32\WindowsActionDialog.exe  [59392]   =>.Microsoft Corporation
O38 - TASK: {25628EFD-0279-449D-9DE3-778A67F5FC7B} [64Bits][\RealPlayerRealUpgradeLogonTaskS-1-5-21-473581126-2895704609-3995012257-1000] - (.Alcatel Lucent - .) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {283035DC-F14F-46AF-8AF8-8FF2FDB33176} [64Bits][\Microsoft\Windows\Windows Defender\Windows Defender Verification] - (.Microsoft Corporation - Microsoft Malware Protection Command Line U.) -- C:\Program Files\Windows Defender\MpCmdRun.exe  [438032]   =>.Microsoft Corporation®
O38 - TASK: {29B538DE-ECA4-48A4-97E9-4AD903E5ADD3} [64Bits][\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask] - (...) -- C:\WINDOWS\ehome\mcupdate.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {2C12E84D-60DC-4250-8670-8A0BA3636850} [64Bits][\Microsoft\Windows\Media Center\PBDADiscovery] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {2F674873-FC1C-4AD6-9DB3-B04A99A39534} [64Bits][\Norton Product InstallerIdle] - (...) -- C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {33C04DDB-DE68-4033-8570-ADDDBFF99E1B} [64Bits][\Microsoft\Windows\NlaSvc\WiFiTask] - (.Microsoft Corporation - Wireless Background Task.) -- C:\WINDOWS\System32\WiFiTask.exe  [459168]   =>.Microsoft Windows®
O38 - TASK: {3619A588-C82A-437E-AAB3-F0AE62D9596A} [64Bits][\Microsoft\Windows\UPnP\UPnPHostConfig] - (.Microsoft Corporation - Service Control Manager Configuration Tool.) -- C:\Windows\System32\sc.exe  [68608]   =>.Microsoft Corporation
O38 - TASK: {3AEEF4D4-C4A8-42A1-8A1E-80CA054C2E9C} [64Bits][\Microsoft\Windows\SystemRestore\SR] - (.Microsoft Corporation - Microsoft® Windows System Protection backgr.) -- C:\WINDOWS\system32\srtasks.exe  [57856]   =>.Microsoft Corporation
O38 - TASK: {3DD7FF79-95A6-46B7-953C-F1EA8E8289CB} [64Bits][\Microsoft\Windows\Media Center\PeriodicScanRetry] - (...) -- C:\WINDOWS\ehome\MCUpdate.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {3E757B5E-55B1-4F43-820F-3CA89C3FB296} [64Bits][\Microsoft\Windows\WindowsUpdate\Scheduled Start] - (.Microsoft Corporation. - This task is used to start the Windows Upda.) -- wuauserv  [0]   =>.Microsoft Corporation.
O38 - TASK: {3EA82649-A360-4898-A6FB-C273024D1364} [64Bits][\Microsoft\Windows\Shell\FamilySafetyMonitor] - (.Microsoft Corporation - Family Safety Monitor.) -- C:\WINDOWS\System32\wpcmon.exe  [1763376]   =>.Microsoft Windows®
O38 - TASK: {4051EB0B-2917-432F-B9F9-431C7E3C9181} [64Bits][\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask] - (.Microsoft Corporation - Windows Remote Assistance COM Server.) -- C:\Windows\System32\raserver.exe  [128512]   =>.Microsoft Corporation
O38 - TASK: {4882E769-EA24-4A51-82C9-7F3F04D51EEB} [64Bits][\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display] - (.Microsoft Corporation - MusNotificationBroker.) -- C:\windows\system32\MusNotification.exe  [306176]   =>.Microsoft Corporation
O38 - TASK: {48F665EC-8A17-468F-BB4C-EADB5DB380B3} [64Bits][\Microsoft\Windows\Subscription\LicenseAcquisition] - (.Microsoft Corporation - Acquire License From Store.) -- C:\WINDOWS\System32\ClipRenew.exe  [137112]   =>.Microsoft Windows®
O38 - TASK: {4A5D4628-E32A-4422-9B01-D37DD4C1CE75} [64Bits][\Microsoft\Windows\WwanSvc\NotificationTask] - (.Microsoft Corporation - Wireless Background Task.) -- C:\WINDOWS\System32\WiFiTask.exe  [459168]   =>.Microsoft Windows®
O38 - TASK: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} [64Bits][\Microsoft\Windows\WindowsUpdate\sih] - (.Microsoft Corporation - SIH Client.) -- C:\WINDOWS\System32\sihclient.exe  [229888]   =>.Microsoft Corporation
O38 - TASK: {4BCF904D-FD3A-40A4-8089-49C46EE5D0A0} [64Bits][\Microsoft\Windows\Media Center\PBDADiscoveryW2] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {4E358B6B-FF61-4BEA-8578-8702AA93779E} [64Bits][\ReasonSecurityScheduledScan] - (.Reason Software Company Inc. - Reason Core Security UI.) -- C:\Program Files\Reason\Security\rsUI.exe  [2052880]   =>.Reason Software Company Inc.®
O38 - TASK: {5010C4B7-1314-4A40-8FDA-19E7BB61FBA8} [64Bits][\Microsoft\Windows\Sysmain\WsSwapAssessmentTask] - (.Microsoft Corporation - Superfetch Service Host.) -- C:\Windows\System32\sysmain.dll  [972800]   =>.Microsoft Corporation
O38 - TASK: {526CCA3B-3BBB-445A-8CE4-0DF701C808B3} [64Bits][\Microsoft\Windows\Media Center\UpdateRecordPath] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {52C4776E-11B1-402C-A230-0A0306A146C4} [64Bits][\Microsoft\Windows\Customer Experience Improvement Program\Consolidator] - (.Microsoft Corporation - Windows SQM Consolidator.) -- C:\WINDOWS\System32\wsqmcons.exe  [77824]   =>.Microsoft Corporation
O38 - TASK: {56C827CF-6086-4A8D-8EC7-A71A2F8CC929} [64Bits][\Microsoft\XblGameSave\XblGameSaveTaskLogon] - (.Microsoft Corporation - XblGameSave Standby Task.) -- C:\WINDOWS\System32\XblGameSaveTask.exe  [31744]   =>.Microsoft Corporation
O38 - TASK: {58F51AE9-A8C8-4C47-AD27-FF847DAFF8F1} [64Bits][\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance] - (.Microsoft Corporation - Microsoft Malware Protection Command Line U.) -- C:\Program Files\Windows Defender\MpCmdRun.exe  [438032]   =>.Microsoft Corporation®
O38 - TASK: {5BC5A21F-4785-41A6-B4B1-62FB9B08FABD} [64Bits][\Microsoft\Windows\Workplace Join\Automatic-Device-Join] - (.Microsoft Corporation - DSREG commandline tool.) -- C:\WINDOWS\System32\dsregcmd.exe  [659968]   =>.Microsoft Corporation
O38 - TASK: {5BEF0256-0A74-4BEA-88B7-8FA658EF2EB2} [64Bits][\Microsoft\Windows\Media Center\ReindexSearchRoot] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {5C326114-085E-444C-9B7A-D3E2E59C549E} [64Bits][\Microsoft\Windows\Device Information\Device] - (.Microsoft Corporation - Device Census.) -- C:\WINDOWS\system32\devicecensus.exe  [34720]   =>.Microsoft Windows®
O38 - TASK: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} [64Bits][\Microsoft\Windows\UpdateOrchestrator\Reboot] - (.Microsoft Corporation - MusNotificationBroker.) -- C:\WINDOWS\System32\MusNotification.exe  [306176]   =>.Microsoft Corporation
O38 - TASK: {61BD468E-F5F2-4D36-8B7A-8521069DF8E9} [64Bits][\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup] - (.Microsoft Corporation - AppX Deployment Client DLL.) -- C:\Windows\System32\AppxDeploymentClient.dll  [654976]  {33000001733031072665B8B9B3000000000173}  =>.Microsoft Corporation
O38 - TASK: {65DEFF6E-CAF8-4E5F-B3E5-419F7D44EDB9} [64Bits][\Microsoft\Windows\Media Center\ActivateWindowsSearch] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {6772AC65-7600-4DF2-9BD5-F17292FAAE4B} [64Bits][\Microsoft\Windows\Speech\SpeechModelDownloadTask] - (.Microsoft Corporation - Speech Model Download Executable.) -- C:\Windows\System32\speech_onecore\Common\SpeechModelDownload.exe  [162816]   =>.Microsoft Corporation
O38 - TASK: {68201ED3-9C26-4F73-A4ED-3DD5A9EA47E3} [64Bits][\Microsoft\Windows\Media Center\ehDRMInit] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {68B67517-AD2C-4859-AFE8-8F4089074050} [64Bits][\Microsoft\Windows\Media Center\OCURDiscovery] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {68C912BF-3702-4FCD-924E-A54B492F95D0} [64Bits][\Microsoft\Windows\UNP\RunCampaignManager] - (.Microsoft Corporation - UNP CampaignManager.) -- C:\WINDOWS\System32\UNP\UNPCampaignManager.exe  [1039712]   =>.Microsoft Windows®
O38 - TASK: {70307487-4937-46E3-8AF9-26838CD2A206} [64Bits][\Microsoft\Windows\Subscription\EnableLicenseAcquisition] - (.Microsoft Corporation - Acquire License From Store.) -- C:\WINDOWS\System32\ClipRenew.exe  [137112]   =>.Microsoft Windows®
O38 - TASK: {70E0A093-79B7-461E-A9C7-B67CD7B1511E} [64Bits][\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload] - (.Microsoft Corporation - Microsoft Feedback SIUF Deployment Manager.) -- C:\WINDOWS\system32\dmclient.exe  [89600]   =>.Microsoft Corporation
O38 - TASK: {71DC3F2F-2597-484D-946A-F675232C9C16} [64Bits][\Adobe Flash Player Updater] - (.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 27.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  [272384]   =>.Adobe Systems Incorporated®
O38 - TASK: {737F2717-E574-486C-9BA8-1D850456C821} [64Bits][\GlaryOneClickOptimizer] - (...) -- C:\Program Files (x86)\Glary Utilities\oneclickoptimizer.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {7508389C-FF71-4BE4-AD8A-5F56FB645036} [64Bits][\Microsoft\Windows\ApplicationData\CleanupTemporaryState] - (.Microsoft Corporation - Windows Application Data API Server.) -- C:\Windows\System32\Windows.Storage.ApplicationData.dll  [328616]   =>.Microsoft Windows®
O38 - TASK: {7522EC0A-B880-46E1-929A-E556346EAA00} [64Bits][\Microsoft\Windows\Windows Defender\Windows Defender Cleanup] - (.Microsoft Corporation - Microsoft Malware Protection Command Line U.) -- C:\Program Files\Windows Defender\MpCmdRun.exe  [438032]   =>.Microsoft Corporation®
O38 - TASK: {7776785A-D981-426F-A127-20BD7756B03F} [64Bits][\Microsoft\Windows\Media Center\mcupdate_scheduled] - (. - Check for Media Center updates..) -- C:\WINDOWS\ehome\mcupdate (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {78F76D6D-0B70-46A9-8DEB-4FCB650A6627} [64Bits][\Microsoft\Windows\SharedPC\Account Cleanup] - (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\WINDOWS\System32\Windows.SharedPC.AccountManager.dll  [192512]   =>.Microsoft Corporation
O38 - TASK: {799AC654-A37D-49AA-B0F3-433D7D5EBBD9} [64Bits][\Microsoft\Windows\WCM\WiFiTask] - (.Microsoft Corporation - Wireless Background Task.) -- C:\WINDOWS\System32\WiFiTask.exe  [459168]   =>.Microsoft Windows®
O38 - TASK: {829C695F-E874-432A-9A9F-7862D04236B9} [64Bits][\Microsoft\Windows\ApplicationData\DsSvcCleanup] - (.Microsoft Corporation - Data Sharing Service Maintenance Driver.) -- C:\WINDOWS\system32\dstokenclean.exe  [12800]   =>.Microsoft Corporation
O38 - TASK: {87488988-70F6-44C5-A1BD-E328BE17C205} [64Bits][\Microsoft\Windows\AppID\PolicyConverter] - (.Microsoft Corporation - AppID Policy Converter Task.) -- C:\WINDOWS\system32\appidpolicyconverter.exe  [159744]   =>.Microsoft Corporation
O38 - TASK: {88209412-5377-4AA1-B01E-F5D5A6F39E21} [64Bits][\Microsoft\Windows\SpacePort\SpaceAgentTask] - (.Microsoft Corporation - Storage Spaces Settings.) -- C:\WINDOWS\system32\SpaceAgent.exe  [129536]   =>.Microsoft Corporation
O38 - TASK: {88E18EB0-E633-47C9-8FE5-84CEAB8F5EF7} [64Bits][\microsoft\windows\applicationdata\appuriverifierdaily] - (.Microsoft Corporation - App Uri Handlers Registration Verifier.) -- C:\WINDOWS\system32\AppHostRegistrationVerifier.exe  [105472]   =>.Microsoft Corporation
O38 - TASK: {896ED842-4861-49E9-A2C1-0AE31689F876} [64Bits][\Microsoft\Windows\Clip\License Validation] - (.Microsoft Corporation - Client License Platform migration tool.) -- C:\WINDOWS\System32\ClipUp.exe  [1347640]   =>.Microsoft Windows Publisher®
O38 - TASK: {8A8E14C4-7C54-4853-BAC3-CF1AADD0E27C} [64Bits][\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan] - (. - Periodic scan task..) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {8C399F7A-DF35-4347-8438-6DCA22A1E9F9} [64Bits][\Microsoft\Windows\UpdateOrchestrator\Resume On Boot] - (.Microsoft Corporation - UsoClient.) -- C:\WINDOWS\System32\usoclient.exe  [34304]   =>.Microsoft Corporation
O38 - TASK: {8EE52AD7-9F81-40D3-AE0C-9F5DB09BC56F} [64Bits][\Microsoft\Windows\DiskCleanup\SilentCleanup] - (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) -- C:\WINDOWS\system32\cleanmgr.exe  [217088]   =>.Microsoft Corporation
O38 - TASK: {8FE89DCE-BEFD-416D-8301-A5C1DE9DC3C9} [64Bits][\Microsoft\Windows\Media Center\mcupdate] - (...) -- C:\WINDOWS\ehome\mcupdate (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {936FF605-A684-4476-8E62-E051A903B3D3} [64Bits][\Microsoft\Windows\Time Zone\SynchronizeTimeZone] - (.Microsoft Corporation - TimeZone Sync Task.) -- C:\WINDOWS\system32\tzsync.exe  [60928]   =>.Microsoft Corporation
O38 - TASK: {938954E2-DAFB-4BCD-8740-6AC11EBFE13C} [64Bits][\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck] - (.Microsoft Corporation - AppID Certificate Store Verification Task.) -- C:\WINDOWS\system32\appidcertstorecheck.exe  [19456]   =>.Microsoft Corporation
O38 - TASK: {957760D5-50E2-4235-8DB9-FD8ABDAE4BC7} [64Bits][\Microsoft\Windows\Media Center\RegisterSearch] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {95F7441D-F4DE-4103-8791-34DEA0DB80C0} [64Bits][\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange] - (.Microsoft Corporation - Base Filtering Engine.) -- C:\Windows\System32\bfe.dll  [815616]   =>.Microsoft Corporation
O38 - TASK: {9CF304F4-4D08-4DBB-A568-102240A2160B} [64Bits][\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser] - (.Microsoft Corporation - Mobile Broadband Account Experience Parser.) -- C:\WINDOWS\System32\MbaeParserTask.exe  [112640]   =>.Microsoft Corporation
O38 - TASK: {A255C122-9AE3-4695-BF9C-1B87683CAF0F} [64Bits][\User_Feed_Synchronization-{FDD11F41-16E8-4C41-BDFF-A55C76C3574A}] - (.Microsoft Corporation - Microsoft Feeds Synchronization.) -- C:\Windows\System32\msfeedssync.exe  [15360]   =>.Microsoft Corporation
O38 - TASK: {A4908103-331B-4761-B789-F9B8BCA14F56} [64Bits][\RealPlayerRealUpgradeScheduledTaskS-1-5-21-473581126-2895704609-3995012257-1000] - (.Alcatel Lucent - .) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {A553A59F-F7AC-4FE6-85E8-13AA616B4EBF} [64Bits][\GoogleUpdateTaskUserS-1-5-21-473581126-2895704609-3995012257-1002Core] - (.Google Inc. - Google Installer.) -- C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe  [153168]   =>.Google Inc®
O38 - TASK: {A8525828-2938-45F7-93A5-094F1135C6D2} [64Bits][\Microsoft\Windows\UpdateOrchestrator\Policy Install] - (.Microsoft Corporation - UsoClient.) -- C:\WINDOWS\System32\usoclient.exe  [34304]   =>.Microsoft Corporation
O38 - TASK: {B0B01AAA-FF6C-4441-B75E-44A24B0B37CD} [64Bits][\Microsoft\Windows\DUSM\dusmtask] - (.Microsoft Corporation - DUSM Task.) -- C:\WINDOWS\System32\dusmtask.exe  [35840]   =>.Microsoft Corporation
O38 - TASK: {B2C7FF3D-1D7C-44E2-8ED5-4736AFB73DD7} [64Bits][\Microsoft\Windows\Windows Media Sharing\UpdateLibrary] - (.Microsoft Corporation - Windows Media Player Network Sharing Servic.) -- C:\Program Files\Windows Media Player\wmpnscfg.exe  [70144]   =>.Microsoft Corporation
O38 - TASK: {B332EEE9-2E90-4ED8-93AE-22A5A7A86483} [64Bits][\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan] - (.Microsoft Corporation - Microsoft Malware Protection Command Line U.) -- C:\Program Files\Windows Defender\MpCmdRun.exe  [438032]   =>.Microsoft Corporation®
O38 - TASK: {B5EA650A-8EE9-4BA5-BAA0-2A8ACE00500D} [64Bits][\Microsoft\Windows\SpacePort\SpaceManagerTask] - (.Microsoft Corporation - Storage Spaces Manager.) -- C:\WINDOWS\system32\spaceman.exe  [34816]   =>.Microsoft Corporation
O38 - TASK: {B6E5A2EA-7D81-46EE-8C6F-FCFCBD36C5FB} [64Bits][\Microsoft\Windows\Media Center\DispatchRecoveryTasks] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {B99FBF30-49BB-40C2-A8A5-6D194B32AB96} [64Bits][\Microsoft\Windows\Media Center\SqlLiteRecoveryTask] - (...) -- C:\WINDOWS\ehome\mcupdate.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {BCC432F2-7A57-4195-881F-9013CF46F613} [64Bits][\Microsoft\Windows\MUI\LPRemove] - (.Microsoft Corporation - MUI Language pack cleanup.) -- C:\WINDOWS\system32\lpremove.exe  [66560]   =>.Microsoft Corporation
O38 - TASK: {BD69C6ED-AD55-467C-B787-533200C3B376} [64Bits][\Microsoft\XblGameSave\XblGameSaveTask] - (.Microsoft Corporation - XblGameSave Standby Task.) -- C:\WINDOWS\System32\XblGameSaveTask.exe  [31744]   =>.Microsoft Corporation
O38 - TASK: {BEAF8A6C-47E0-4E84-840B-3A61426B5AAD} [64Bits][\Microsoft\Windows\Application Experience\StartupAppTask] - (.Microsoft Corporation - Startup scan task DLL.) -- C:\Windows\System32\Startupscan.dll  [19968]   =>.Microsoft Corporation
O38 - TASK: {C05E2FFD-7D0D-4F6B-952B-A3318F829D19} [64Bits][\Microsoft\Windows\Management\Provisioning\Cellular] - (.Microsoft Corporation - Provisioning package runtime processing too.) -- C:\WINDOWS\system32\ProvTool.exe  [68608]   =>.Microsoft Corporation
O38 - TASK: {C162FF56-952F-4ABA-AE13-AA8CB0F4C087} [64Bits][\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers] - (.Microsoft Corporation - Driver Installation Module.) -- C:\WINDOWS\System32\drvinst.exe  [158720]   =>.Microsoft Corporation
O38 - TASK: {C4184362-C735-446C-AA8E-B10AF3290968} [64Bits][\Microsoft\Windows\Media Center\StartRecording] - (...) -- C:\WINDOWS\ehome\ehrec (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {C42799B6-75B2-42CF-8197-3BE332E05553} [64Bits][\Microsoft\Windows\UpdateOrchestrator\Schedule Scan] - (.Microsoft Corporation - UsoClient.) -- C:\WINDOWS\System32\usoclient.exe  [34304]   =>.Microsoft Corporation
O38 - TASK: {C97B639A-C1BF-4E0C-ACFD-CF5B27B65B3C} [64Bits][\Microsoft\Windows\Windows Error Reporting\QueueReporting] - (.Microsoft Corporation - Windows Problem Reporting.) -- C:\WINDOWS\system32\wermgr.exe  [182688]   =>.Microsoft Windows®
O38 - TASK: {CA62A1FE-10C2-45EC-B2F6-C11AD1DC0403} [64Bits][\Microsoft\Windows\Media Center\InstallPlayReady] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {CBD48141-91AD-4F24-B406-70C0D7F41BD4} [64Bits][\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver] - (.Microsoft Corporation - Windows Disk Diagnostic User Resolver.) -- C:\WINDOWS\system32\DFDWiz.exe  [51200]   =>.Microsoft Corporation
O38 - TASK: {CCCF0843-5CD1-4CDC-856D-D3D25E3672B9} [64Bits][\Microsoft\Windows\Media Center\ConfigureInternetTimeService] - (...) -- C:\WINDOWS\ehome\ehPrivJob.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan
O38 - TASK: {CD7488E1-CA12-4DCA-A20D-205B81AC211C} [64Bits][\WPD\SqmUpload_S-1-5-21-473581126-2895704609-3995012257-1000] - (.Microsoft Corporation - Windows Portable Device API Components.) -- C:\Windows\System32\portabledeviceapi.dll  [622592]   =>.Microsoft Corporation
O38 - TASK: {CDC553D2-B5AD-4AF3-BB6D-5AA47466C1F9} [64Bits][\Microsoft\Windows\Management\Provisioning\Logon] - (.Microsoft Corporation - Provisioning package runtime processing too.) -- C:\WINDOWS\system32\ProvTool.exe  [68608]   =>.Microsoft Corporation
O38 - TASK: {CFE9501D-B60F-45DB-B48F-19C572F7F30E} [64Bits][\microsoft\windows\applicationdata\appuriverifierinstall] - (.Microsoft Corporation - App Uri Handlers Registration Verifier.) -- C:\WINDOWS\system32\AppHostRegistrationVerifier.exe  [105472]   =>.Microsoft Corporation
O38 - TASK: {D2C50CE0-7E9B-4F0D-A2A4-95AC59829444} [64Bits][\Microsoft\Windows\Bluetooth\UninstallDeviceTask] - (.Microsoft Corporation - Bluetooth Uninstall Device Task.) -- C:\Windows\System32\BthUdTask.exe  [40448]   =>.Microsoft Corporation
O38 - TASK: {D5EBF28C-A33D-4CBA-8355-0F457EE12498} [64Bits][\Microsoft\Windows\Application Experience\ProgramDataUpdater] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) -- C:\WINDOWS\system32\compattelrunner.exe  [96672]   =>.Microsoft Windows®
O38 - TASK: {DB06231B-0F44-4BA3-8C80-30768BAA1192} [64Bits][\GoogleUpdateTaskUserS-1-5-21-473581126-2895704609-3995012257-1002UA] - (.Google Inc. - Google Installer.) -- C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe  [153168]   =>.Google Inc®
O38 - TASK: {DE280E27-41E3-43DD-8D0C-7D14FBD3A6ED} [64Bits][\Microsoft\Windows\UpdateOrchestrator\Refresh Settings] - (.Microsoft Corporation - UsoClient.) -- C:\WINDOWS\System32\usoclient.exe  [34304]   =>.Microsoft Corporation
O38 - TASK: {E0E19367-B86F-4EFF-B391-CB5DE517BFD0} [64Bits][\CCleanerSkipUAC] - (.Piriform Ltd - CCleaner.) -- F:\CC\CCleaner.exe  [7175384]   =>.Piriform Ltd®
O38 - TASK: {E11183CC-FCAC-479E-B422-6A72654C14EA} [64Bits][\Microsoft\Windows\Location\Notifications] - (.Microsoft Corporation - Location Notification.) -- C:\WINDOWS\System32\LocationNotificationWindows.exe  [66560]   =>.Microsoft Corporation
O38 - TASK: {EC11A6F7-343D-49E9-A974-A3716157F2C1} [64Bits][\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) -- C:\WINDOWS\system32\compattelrunner.exe  [96672]   =>.Microsoft Windows®
O38 - TASK: {EDC4AA50-FD7B-4457-9D8D-BC38BF622D2E} [64Bits][\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector] - (.Microsoft Corporation - Windows Disk Failure Diagnostic Module.) -- C:\Windows\System32\dfdts.dll  [45568]   =>.Microsoft Corporation
O38 - TASK: {F30DD5E3-89EA-4DBC-93F0-2269C8DD6E0C} [64Bits][\WPD\SqmUpload_S-1-5-21-473581126-2895704609-3995012257-1001] - (.Microsoft Corporation - Windows Portable Device API Components.) -- C:\Windows\System32\portabledeviceapi.dll  [622592]   =>.Microsoft Corporation
O38 - TASK: {F88E01C2-99E3-4AF6-BFAA-7ACC8EF521D4} [64Bits][\Microsoft\Windows\Feedback\Siuf\DmClient] - (.Microsoft Corporation - Microsoft Feedback SIUF Deployment Manager.) -- C:\WINDOWS\system32\dmclient.exe  [89600]   =>.Microsoft Corporation
O38 - TASK: {F9015704-44A7-4962-B811-A4C0206CF851} [64Bits][\Microsoft\Windows\WindowsUpdate\sihboot] - (.Microsoft Corporation - SIH Client.) -- C:\WINDOWS\System32\sihclient.exe  [229888]   =>.Microsoft Corporation
O38 - TASK: {F978FC1C-D748-437B-9BD8-B58FA154A38C} [64Bits][\Microsoft\Windows\Media Center\MediaCenterRecoveryTask] - (...) -- C:\WINDOWS\ehome\mcupdate.exe (.not file.)  [0]  (.Orphan.)  =>.SUP.Orphan

---\\ Auto loading programs from Registry and folders (13) - 2s
O4 - HKLM\..\Run: [SecurityHealth] . (.Microsoft Corporation - Windows Defender notification icon.) -- C:\Program Files\Windows Defender\MSASCuiL.exe  =>.Microsoft Windows®
O4 - HKLM\..\Run: [ZAM] . (.Copyright 2017. - ZAM.) -- F:\Zemana AntiMalware\ZAM.exe  =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
O4 - HKLM\..\RunOnce: [RealProtect] . (.McAfee, Inc. - McAfee Real Protect.) -- C:\Program Files\McAfee\Real Protect\RealProtect.exe  =>.McAfee, Inc.®
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- F:\CC\CCleaner64.exe  =>.Piriform Ltd®
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Update Core.) -- C:\Users\Admin\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe  =>.Google Inc®
O4 - HKCU\..\Run: [WinPatrol] . (.Ruiware - WinPatrol Monitor.) -- C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe  =>.Ruiware, LLC®
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe  =>.Microsoft Corporation®
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe  =>.Oracle America, Inc.®
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe  =>.Microsoft Windows®
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe  =>.Microsoft Windows®
O4 - HKUS\S-1-5-21-473581126-2895704609-3995012257-1002\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- F:\CC\CCleaner64.exe  =>.Piriform Ltd®
O4 - HKUS\S-1-5-21-473581126-2895704609-3995012257-1002\..\Run: [Google Update] . (.Google Inc. - Google Update Core.) -- C:\Users\Admin\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe  =>.Google Inc®
O4 - HKUS\S-1-5-21-473581126-2895704609-3995012257-1002\..\Run: [WinPatrol] . (.Ruiware - WinPatrol Monitor.) -- C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe  =>.Ruiware, LLC®

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (2) - 4s
P2 - EXT FILE: (.Safe Browsing Version 4 (temporary add - This temporary add-on enables the new .) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5dipdi0h.default-1509392315219\extensions\sbv4-gradual-rollout@mozilla.com.xpi
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll  =>.Adobe Systems Incorporated

---\\ Internet Explorer Extensions, Start, Search (5) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: (no name)[HKCU] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Browser.) (11.00.15063.608 (WinBuild.160101.0800)) -- C:\Windows\SysWOW64\ieframe.dll  =>.Microsoft Corporation

---\\ Internet Explorer, Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies []  =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.)  =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (65)

---\\ Global shortcuts Startup (64) - 19s
O4 - GS\Desktop [Admin]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) F:\CC\CCleaner64.exe    =>.Piriform Ltd®
O4 - GS\Desktop [Admin]: FireFox.lnk . (.Mozilla Corporation - Firefox.) F:\Mozilla Firefox\firefox.exe    =>.Mozilla Corporation®
O4 - GS\Desktop [Admin]: Tweaking.com - Windows Repair.lnk . (.Tweaking.com - Tweaking.com - Windows Repair.) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe    =>.Tweaking LLC®
O4 - GS\Desktop [Admin]: ZHPDiag.lnk . (...) C:\Users\Admin\AppData\Roaming\ZHP\ZHPDiag3.exe    =>.Nicolas Coolman
O4 - GS\Quicklaunch [Admin]: Launch Internet Explorer Browser.lnk . (...) C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\sendTo [Admin]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe    =>.Microsoft Corporation
O4 - GS\sendTo [Admin]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo   =>.Microsoft Corporation
O4 - GS\TaskBar [Admin]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\WINDOWS\system32\cleanmgr.exe    =>.Microsoft Corporation
O4 - GS\TaskBar [Admin]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe    =>.Microsoft Corporation
O4 - GS\TaskBar [Admin]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1   =>.Microsoft Corporation
O4 - GS\Programs [Admin]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe    =>.Microsoft Corporation®
O4 - GS\Programs [Admin]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNP UXLauncher.) C:\Windows\System32\UNP\UNPUXLauncher.exe /campaignID {91be532c-f9f1-406a-9858-43697c6f437a} /launchtype toast   =>.Microsoft Corporation
O4 - GS\Desktop [Administrator]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) F:\CC\CCleaner64.exe    =>.Piriform Ltd®
O4 - GS\Desktop [Administrator]: FireFox.lnk . (.Mozilla Corporation - Firefox.) F:\Mozilla Firefox\firefox.exe    =>.Mozilla Corporation®
O4 - GS\Desktop [Administrator]: Tweaking.com - Windows Repair.lnk . (.Tweaking.com - Tweaking.com - Windows Repair.) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe    =>.Tweaking LLC®
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (...) C:\Users\Admin\AppData\Roaming\ZHP\ZHPDiag3.exe    =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (...) C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe    =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo   =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\WINDOWS\system32\cleanmgr.exe    =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe    =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1   =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe    =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNP UXLauncher.) C:\Windows\System32\UNP\UNPUXLauncher.exe /campaignID {91be532c-f9f1-406a-9858-43697c6f437a} /launchtype toast   =>.Microsoft Corporation
O4 - GS\Desktop [Guest]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) F:\CC\CCleaner64.exe    =>.Piriform Ltd®
O4 - GS\Desktop [Guest]: FireFox.lnk . (.Mozilla Corporation - Firefox.) F:\Mozilla Firefox\firefox.exe    =>.Mozilla Corporation®
O4 - GS\Desktop [Guest]: Tweaking.com - Windows Repair.lnk . (.Tweaking.com - Tweaking.com - Windows Repair.) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe    =>.Tweaking LLC®
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (...) C:\Users\Admin\AppData\Roaming\ZHP\ZHPDiag3.exe    =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (...) C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe    =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo   =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\WINDOWS\system32\cleanmgr.exe    =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe    =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1   =>.Microsoft Corporation
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe    =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNP UXLauncher.) C:\Windows\System32\UNP\UNPUXLauncher.exe /campaignID {91be532c-f9f1-406a-9858-43697c6f437a} /launchtype toast   =>.Microsoft Corporation
O4 - GS\CommonDesktop [Public]: Malwarebytes.lnk . (.Malwarebytes - Malwarebytes.) F:\Malwarebytes Anti-Malware\Anti-Malware\mbam.exe    =>.Malwarebytes Corporation®
O4 - GS\CommonDesktop [Public]: Reason Core Security.lnk . (.Reason Software Company Inc. - Reason Core Security UI.) C:\Program Files\Reason\Security\rsUI.exe    =>.Reason Software Company Inc.®
O4 - GS\CommonDesktop [Public]: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe    =>.VS Revo Group®
O4 - GS\CommonDesktop [Public]: RogueKiller.lnk . (.Adlice Software - Anti-malware remediation tool.) C:\Program Files\RogueKiller\RogueKiller64.exe    =>.Adlice®
O4 - GS\CommonDesktop [Public]: ShopTracker.lnk . (.VL - AmazonMeter.) C:\Program Files (x86)\ShopTracker\AmazonMeter\AmazonMeter.exe   {21F6466DFDF98A66442D43453A0BDE4A}
O4 - GS\CommonDesktop [Public]: SpywareBlaster.lnk . (.Copyright © 2002-2016 BrightFort LLC. All Rights Re - SpywareBlaster.) C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe    =>.BrightFort LLC®
O4 - GS\CommonDesktop [Public]: Zemana AntiMalware.lnk . (.Copyright 2017. - ZAM.) F:\Zemana AntiMalware\ZAM.exe    =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe    =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Update and Privacy Settings.lnk . (.Microsoft Corporation - UNP UXLauncher.) C:\Windows\System32\UNP\UNPUXLauncher.exe /campaignID {91be532c-f9f1-406a-9858-43697c6f437a} /launchtype toast   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe    =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\WINDOWS\system32\eudcedit.exe    =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe    =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\WINDOWS\system32\mblctr.exe /open   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe    =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe    =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe    =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe    =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe    =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe    =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe    =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe    =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe    =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe    =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe    =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe    =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe    =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1   =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (6) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = attlocal.net  =>.Local Domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254  =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{0d8ce48a-75f5-47e6-98eb-050a46b686c2}: DhcpNameServer = 192.168.1.1  =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{e2165eab-e59e-41b6-9490-83c2f543c0a3}: DhcpNameServer = 192.168.1.254  =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{e9f4f0a1-f81d-4612-976e-b8a5df110409}: DhcpNameServer = 75.75.75.75 75.75.76.76  =>.UK Milton Keynes Dedicated Server Hosting
O17 - HKLM\System\CCS\Services\Tcpip\..\{e2165eab-e59e-41b6-9490-83c2f543c0a3}: DhcpDomain = attlocal.net  =>.Local Domain

---\\ Extra protocols (25) - 0s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll  =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll  =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll  =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll  =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll  =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll  =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll  =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll  =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll  =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll  =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll  =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\SysWOW64\inetcomm.dll  =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll  =>.Microsoft Corporation
O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll  =>.Microsoft Corporation®
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll  =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll  =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll  =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll  =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll  =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll  =>.Microsoft Corporation
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll  =>.Microsoft Corporation®
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll  =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll  =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll  =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL  =>.Microsoft Corporation®

---\\ ASIC (ActiveSetup Installed Components) (5) - 2s
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll  =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe  =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Microsoft Windows Media Player Setup Utilit.) -- C:\Windows\System32\unregmp2.exe  =>.Microsoft Corporation
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe  =>.Microsoft Corporation
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll  =>.Microsoft Corporation®

---\\ Software installed (32) - 13s
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {BBEC10F9-AC15-41EE-A271-0B1077F53740}  =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe AIR  =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Flash Player 27 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI  =>.Adobe Systems Incorporated®
O42 - Logiciel: Belkin Wireless Micro USB Adapter - (.Belkin International, Inc..) [HKLM][64Bits] -- {B20F9D1C-A0A5-4cd8-8306-DA03872311B1}  =>.Belkin International, Inc.
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner  =>.Piriform
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}  =>.Microsoft
O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM][64Bits] -- HDMI  =>.Intel Corporation®
O42 - Logiciel: Java 8 Update 111 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F32180111F0}  =>.Oracle Corporation
O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] -- {4A03706F-666A-4037-7777-5F2748764D10}  =>.Oracle Corporation
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {400C31E4-796F-4E86-8FDC-C3C4FACC6847}  =>.Microsoft Corporation
O42 - Logiciel: Malwarebytes version 3.2.2.2029 - (.Malwarebytes.) [HKLM][64Bits] -- {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1  =>.Malwarebytes Corporation®
O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM][64Bits] -- {95120000-00B9-0409-1000-0000000FF1CE}  =>.Microsoft Corporation
O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- OneDriveSetup.exe  =>.Microsoft Corporation®
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM][64Bits] -- {3061DCA5-2D0B-48F9-800F-9D7C1FEB5E78}  =>.Microsoft Corporation
O42 - Logiciel: Mozilla Firefox 56.0.2 (x86 en-US) - (.Mozilla.) [HKCU][64Bits] -- Mozilla Firefox 56.0.2 (x86 en-US)  =>.Mozilla Corporation®
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}  =>.Microsoft
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}  =>.Microsoft
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}  =>.Microsoft
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {E9FA781F-3E80-4399-825A-AD3E11C28C77}  =>.Microsoft
O42 - Logiciel: Reason Core Security - (.Reason Software Company Inc..) [HKLM][64Bits] -- Reason Core Security  =>.Reason Software Company Inc.®
O42 - Logiciel: Revo Uninstaller 2.0.3 - (.VS Revo Group, Ltd..) [HKLM][64Bits] -- {A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1  =>.VS Revo Group, Ltd.
O42 - Logiciel: RogueKiller version 12.11.21.0 - (.Adlice Software.) [HKLM][64Bits] -- 8B3D7924-ED89-486B-8322-E8594065D5CB_is1  =>.Adlice®
O42 - Logiciel: ShopTracker 1.1.24 - (.Nielsen.) [HKLM][64Bits] -- AmazonMeter {21F6466DFDF98A66442D43453A0BDE4A}
O42 - Logiciel: Sophos Virus Removal Tool - (.Sophos Limited.) [HKLM][64Bits] -- {B829E117-D072-41EA-9606-9826A38D34C1}  =>.Sophos Limited
O42 - Logiciel: SpywareBlaster 5.5 - (.BrightFort LLC.) [HKLM][64Bits] -- SpywareBlaster_is1  =>.BrightFort LLC
O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726}  =>.Adobe Systems, Inc
O42 - Logiciel: Tweaking.com - Windows Repair - (.Tweaking.com.) [HKLM][64Bits] -- Tweaking.com - Windows Repair  =>.Tweaking.com
O42 - Logiciel: Windows 10 Update and Privacy Settings - (.Microsoft Corporation.) [HKLM][64Bits] -- {4DFCD818-036A-4229-A67D-CF17DC461D92}  =>.Microsoft Corporation
O42 - Logiciel: WinPatrol - (.Ruiware.) [HKLM][64Bits] -- {6A206A04-6BC1-411B-AA04-4E52EDEEADF2}  =>.Tarma Software Research Ltd®
O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM][64Bits] -- {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1  =>.Zemana Ltd.
O42 - Logiciel: ZTE Handset USB Driver - (.ZTE Corporation.) [HKLM][64Bits] -- {01D42BF0-ED08-463f-8A28-99EB6FEE962B}  =>.ZTE Corporation
O42 - Logiciel: ZTE Handset USB Driver - (.ZTE Corporation.) [HKLM][64Bits] -- {D2D77DC2-8299-11D1-8949-444553540000}_is1  =>.ZTE CORPORATION®

---\\ HKCU & HKLM Software Keys (62) - 13s
HKLM\SOFTWARE\Wow6432Node\Adobe  =>.Adobe
HKLM\SOFTWARE\Wow6432Node\AmazonMeter
HKLM\SOFTWARE\Wow6432Node\AppDataLow  =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\BillP Studios  =>.BillP Studios
HKLM\SOFTWARE\Wow6432Node\CyberLink  =>.CyberLink Corporation
HKLM\SOFTWARE\Wow6432Node\Eset  =>.ESET
HKLM\SOFTWARE\Wow6432Node\Google  =>.Google
HKLM\SOFTWARE\Wow6432Node\Hewlett-Packard  =>.Hewlett-Packard
HKLM\SOFTWARE\Wow6432Node\HitmanPro  =>.EIDOS hitman Game
HKLM\SOFTWARE\Wow6432Node\Intel  =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft  =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics  =>.JreMetrics
HKLM\SOFTWARE\Wow6432Node\Licenses  =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Macromedia  =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Malwarebytes Anti-Rootkit  =>.Malwarebytes
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware  =>.Malwarebytes' Anti-Malware
HKLM\SOFTWARE\Wow6432Node\McAfee  =>.McAfee Inc.
HKLM\SOFTWARE\Wow6432Node\mozilla.org  =>.mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins  =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\NSCPID  =>.NetRatings
HKLM\SOFTWARE\Wow6432Node\ODBC  =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\RealNetworks  =>.RealNetworks
HKLM\SOFTWARE\Wow6432Node\Reason  =>.Propellerhead
HKLM\SOFTWARE\Wow6432Node\Rice Lake Weighing Systems
HKLM\SOFTWARE\Wow6432Node\Software  =>.Unknown
HKLM\SOFTWARE\Wow6432Node\Sophos  =>.Sophos
HKLM\SOFTWARE\Wow6432Node\SpywareBlaster  =>.Javacool Software
HKLM\SOFTWARE\Wow6432Node\Symantec  =>.Symantec
HKLM\SOFTWARE\Wow6432Node\SySaver
HKLM\SOFTWARE\Wow6432Node\Volatile  =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\WordOv
HKLM\SOFTWARE\Wow6432Node\WOW6432Node  =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Yahoo  =>.Yahoo! Inc.
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications  =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow  =>.Microsoft Corporation
HKCU\SOFTWARE\BillP Studios  =>.BillP Studios
HKCU\SOFTWARE\Canon  =>.Canon
HKCU\SOFTWARE\CanonBJ  =>.Canon Inc.
HKCU\SOFTWARE\GlarySoft  =>.Glarysoft
HKCU\SOFTWARE\Google  =>.Google
HKCU\SOFTWARE\INTEL  =>.Intel
HKCU\SOFTWARE\JavaSoft  =>.JavaSoft
HKCU\SOFTWARE\Licenses  =>.Microsoft Corporation
HKCU\SOFTWARE\Macromedia  =>.Macromedia
HKCU\SOFTWARE\Malwarebytes  =>.Malwarebytes
HKCU\SOFTWARE\Mozilla  =>.Mozilla
HKCU\SOFTWARE\MozillaPlugins  =>.MozillaPlugins
HKCU\SOFTWARE\Netscape  =>.Netscape
HKCU\SOFTWARE\ODBC  =>.DB Connectivity Solutions
HKCU\SOFTWARE\Piriform  =>.Piriform
HKCU\SOFTWARE\QtProject  =>.QtProject
HKCU\SOFTWARE\Reason  =>.Propellerhead
HKCU\SOFTWARE\RegisteredApplications  =>.Microsoft Corporation
HKCU\SOFTWARE\Sysinternals  =>.Sysinternals
HKCU\SOFTWARE\The Silicon Realms Toolworks  =>.The Silicon Realms Toolworks
HKCU\SOFTWARE\Trolltech  =>.Trolltech
HKCU\SOFTWARE\VS Revo Group  =>.VS Revo Group
HKCU\SOFTWARE\Wow6432Node  =>.Microsoft Corporation
HKCU\SOFTWARE\Zemana  =>.Zemana
HKCU\SOFTWARE\ZHP  =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software  =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft  =>.JavaSoft

---\\ Contents of the Common Files folders (234) - 122s
O43 - CFD: 03/08/2017 - [] DC -- C:\Program Files\Common Files  =>.Microsoft Corporation
O43 - CFD: 17/12/2016 - [0] DC -- C:\Program Files\DIFX  =>.Microsoft Corporation
O43 - CFD: 27/07/2016 - [] DC -- C:\Program Files\DVD Maker  =>.Aone Software
O43 - CFD: 27/10/2017 - [0] DC -- C:\Program Files\HitmanPro  =>.EIDOS hitman Game
O43 - CFD: 10/08/2017 - [] DC -- C:\Program Files\Internet Explorer  =>.Microsoft Corporation
O43 - CFD: 22/03/2017 - [] DC -- C:\Program Files\McAfee  =>.McAfee
O43 - CFD: 14/02/2013 - [] DC -- C:\Program Files\Microsoft Office  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] DC -- C:\Program Files\MSBuild  =>.Microsoft Corporation
O43 - CFD: 20/10/2016 - [] DC -- C:\Program Files\Reason  =>.Reason Software Company Inc.®
O43 - CFD: 03/08/2017 - [] DC -- C:\Program Files\Reference Assemblies  =>.Microsoft Corporation
O43 - CFD: 27/10/2017 - [] ADC -- C:\Program Files\RogueKiller  =>.Adlice Software
O43 - CFD: 17/10/2015 - [] DC -- C:\Program Files\Samsung  =>.Samsung Electronics
O43 - CFD: 26/04/2016 - [0] HDC -- C:\Program Files\Uninstall Information  =>.Microsoft Corporation
O43 - CFD: 07/07/2017 - [] ADC -- C:\Program Files\UNP  =>.Microsoft Corporation
O43 - CFD: 28/05/2017 - [] DC -- C:\Program Files\VS Revo Group  =>.VS Revo Group
O43 - CFD: 10/08/2017 - [] RD -- C:\Program Files\Windows Defender  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files\Windows Defender Advanced Threat Protection  =>.Microsoft Corporation
O43 - CFD: 19/03/2013 - [] DC -- C:\Program Files\Windows Live  =>.Microsoft Corporation
O43 - CFD: 15/09/2017 - [] DC -- C:\Program Files\Windows Mail  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files\Windows Media Player  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files\Windows Multimedia Platform  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files\Windows NT  =>.Microsoft Corporation
O43 - CFD: 15/09/2017 - [] DC -- C:\Program Files\Windows Photo Viewer  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files\Windows Portable Devices  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files\Windows Security  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] SHDC -- C:\Program Files\Windows Sidebar  =>.Microsoft Corporation
O43 - CFD: 01/11/2017 - [] HD -- C:\Program Files\WindowsApps  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files\WindowsPowerShell  =>.Microsoft Corporation
O43 - CFD: 18/08/2016 - [] DC -- C:\Program Files (x86)\Adobe  =>.Adobe Systems Incorporated®
O43 - CFD: 25/03/2014 - [] DC -- C:\Program Files (x86)\Belkin  =>.Belkin International
O43 - CFD: 03/08/2017 - [] DC -- C:\Program Files (x86)\Common Files  =>.Microsoft Corporation
O43 - CFD: 13/07/2016 - [] DC -- C:\Program Files (x86)\Google  =>.Google
O43 - CFD: 13/07/2016 - [] DC -- C:\Program Files (x86)\HP  =>.Hewlett-Packard
O43 - CFD: 13/07/2016 - [] HDC -- C:\Program Files (x86)\InstallShield Installation Information  =>.InstallShield
O43 - CFD: 04/07/2013 - [] DC -- C:\Program Files (x86)\Intel  =>.Intel Corporation
O43 - CFD: 10/08/2017 - [] DC -- C:\Program Files (x86)\Internet Explorer  =>.Microsoft Corporation
O43 - CFD: 10/01/2017 - [] DC -- C:\Program Files (x86)\Java  =>.Oracle
O43 - CFD: 14/02/2013 - [] ADC -- C:\Program Files (x86)\Microsoft Office  =>.Microsoft Corporation
O43 - CFD: 26/05/2017 - [0] ADC -- C:\Program Files (x86)\Microsoft Silverlight  =>.Microsoft Corporation
O43 - CFD: 14/02/2013 - [] DC -- C:\Program Files (x86)\Microsoft Visual Studio  =>.Microsoft Corporation
O43 - CFD: 14/02/2013 - [] ADC -- C:\Program Files (x86)\Microsoft Visual Studio 8  =>.Microsoft Corporation
O43 - CFD: 14/02/2013 - [] DC -- C:\Program Files (x86)\Microsoft Works  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] DC -- C:\Program Files (x86)\Microsoft.NET  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] ADC -- C:\Program Files (x86)\MSBuild  =>.Microsoft Corporation
O43 - CFD: 19/08/2013 - [] DC -- C:\Program Files (x86)\Ralink  =>.Ralink
O43 - CFD: 09/10/2013 - [] DC -- C:\Program Files (x86)\Real  =>.RealNetworks Inc.
O43 - CFD: 03/08/2017 - [] DC -- C:\Program Files (x86)\Reference Assemblies  =>.Microsoft Corporation
O43 - CFD: 26/08/2016 - [] DC -- C:\Program Files (x86)\Ruiware  =>.Ruiware, LLC®
O43 - CFD: 13/07/2016 - [0] DC -- C:\Program Files (x86)\Samsung  =>.Samsung Electronics
O43 - CFD: 10/08/2016 - [] ADC -- C:\Program Files (x86)\ShopTracker {21F6466DFDF98A66442D43453A0BDE4A}
O43 - CFD: 25/02/2017 - [] ADC -- C:\Program Files (x86)\SpywareBlaster  =>.Javacool Software
O43 - CFD: 27/10/2017 - [0] DC -- C:\Program Files (x86)\stinger
O43 - CFD: 08/11/2015 - [0] DC -- C:\Program Files (x86)\surf Aond ukeEpu  =>PUP.Optional.SurfAndKeep
O43 - CFD: 15/09/2016 - [0] DC -- C:\Program Files (x86)\surff and keepi  =>PUP.Optional.SurfAndKeep
O43 - CFD: 31/10/2017 - [] DC -- C:\Program Files (x86)\Tweaking.com  =>.Tweaking LLC®
O43 - CFD: 13/07/2009 - [0] HDC -- C:\Program Files (x86)\Uninstall Information  =>.Microsoft Corporation
O43 - CFD: 26/02/2014 - [0] DC -- C:\Program Files (x86)\UTubeNoAAdsi  =>PUP.Optional.UTubeNoAdS
O43 - CFD: 10/08/2017 - [] D -- C:\Program Files (x86)\Windows Defender  =>.Microsoft Corporation
O43 - CFD: 19/03/2013 - [] ADC -- C:\Program Files (x86)\Windows Live  =>.Microsoft Corporation
O43 - CFD: 15/09/2017 - [] DC -- C:\Program Files (x86)\Windows Mail  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files (x86)\Windows Media Player  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files (x86)\Windows Multimedia Platform  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files (x86)\Windows NT  =>.Microsoft Corporation
O43 - CFD: 15/09/2017 - [] DC -- C:\Program Files (x86)\Windows Photo Viewer  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files (x86)\Windows Portable Devices  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] SHDC -- C:\Program Files (x86)\Windows Sidebar  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files (x86)\WindowsPowerShell  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility  =>.Microsoft Corporation
O43 - CFD: 22/10/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories  =>.Microsoft Corporation
O43 - CFD: 15/09/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools  =>.Administrative Tools
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin  =>.Belkin International
O43 - CFD: 21/11/2010 - [0] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java  =>.Oracle
O43 - CFD: 18/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance  =>.Microsoft Corporation
O43 - CFD: 27/10/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes  =>.Malwarebytes
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller  =>.VS Revo Group
O43 - CFD: 27/10/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller  =>.Adlice Software
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopTracker
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos  =>.Sophos
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster  =>.Javacool Software
O43 - CFD: 07/10/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools  =>.Microsoft Corporation
O43 - CFD: 31/10/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com  =>.Tweaking.com
O43 - CFD: 27/10/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol  =>.Bill2 Software
O43 - CFD: 28/10/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware  =>.Zemana
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZTE Handset USB Driver
O43 - CFD: 21/07/2016 - [] DC -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69  =>.GEAR Software, Inc.
O43 - CFD: 26/08/2016 - [] DC -- C:\ProgramData\373sgsd7
O43 - CFD: 26/08/2016 - [] DC -- C:\ProgramData\373sgsdg
O43 - CFD: 26/08/2016 - [] DC -- C:\ProgramData\373sgsdv
O43 - CFD: 28/08/2013 - [] DC -- C:\ProgramData\373sgsdY
O43 - CFD: 18/08/2016 - [] DC -- C:\ProgramData\Adobe  =>.Adobe
O43 - CFD: 17/09/2013 - [] DC -- C:\ProgramData\Apple  =>.Apple Inc.
O43 - CFD: 17/09/2013 - [] DC -- C:\ProgramData\Apple Computer  =>.Apple Inc.
O43 - CFD: 03/08/2017 - [0] SHD -- C:\ProgramData\Application Data  =>.Microsoft Corporation
O43 - CFD: 19/08/2016 - [] HDC -- C:\ProgramData\CanonBJ  =>.Canon Inc.
O43 - CFD: 16/07/2016 - [0] DC -- C:\ProgramData\Comms  =>.Microsoft Corporation
O43 - CFD: 17/03/2013 - [] DC -- C:\ProgramData\Dell  =>.Dell
O43 - CFD: 03/08/2017 - [0] SHD -- C:\ProgramData\Desktop  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [0] SHD -- C:\ProgramData\Documents  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [0] SHD -- C:\ProgramData\Favorites  =>.Microsoft Corporation
O43 - CFD: 27/10/2017 - [] DC -- C:\ProgramData\HitmanPro  =>.EIDOS hitman Game
O43 - CFD: 13/07/2016 - [] DC -- C:\ProgramData\HP  =>.Hewlett-Packard
O43 - CFD: 27/10/2017 - [] DC -- C:\ProgramData\InstallMate  =>Adware.Tarma
O43 - CFD: 09/10/2013 - [] DC -- C:\ProgramData\InstallShield  =>.InstallShield
O43 - CFD: 30/10/2015 - [] DC -- C:\ProgramData\IsolatedStorage  =>.id Software
O43 - CFD: 19/10/2016 - [] DC -- C:\ProgramData\Licenses  =>.Microsoft Corporation
O43 - CFD: 27/10/2017 - [] D -- C:\ProgramData\Malwarebytes  =>.Malwarebytes
O43 - CFD: 19/10/2016 - [0] DC -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)  =>.Malwarebytes
O43 - CFD: 03/08/2017 - [] SDC -- C:\ProgramData\Microsoft  =>.Microsoft Corporation
O43 - CFD: 21/10/2017 - [] DC -- C:\ProgramData\Microsoft Help  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\Microsoft OneDrive  =>.Microsoft Corporation
O43 - CFD: 09/03/2014 - [] DC -- C:\ProgramData\Norton  =>.Symantec Corporation
O43 - CFD: 09/03/2014 - [] DC -- C:\ProgramData\NortonInstaller  =>.Symantec
O43 - CFD: 10/01/2017 - [] DC -- C:\ProgramData\Oracle  =>.Oracle
O43 - CFD: 31/12/2016 - [] DC -- C:\ProgramData\Package Cache  =>.Microsoft Corporation
O43 - CFD: 19/08/2013 - [] DC -- C:\ProgramData\Ralink  =>.Ralink
O43 - CFD: 19/08/2013 - [] DC -- C:\ProgramData\Ralink Driver  =>.Ralink
O43 - CFD: 09/10/2013 - [] DC -- C:\ProgramData\Real  =>.RealNetworks Inc.
O43 - CFD: 20/10/2016 - [] DC -- C:\ProgramData\Reason
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\regid.1991-06.com.microsoft  =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [] DC -- C:\ProgramData\RogueKiller  =>.Adlice Software
O43 - CFD: 20/04/2013 - [0] DC -- C:\ProgramData\Roxio  =>.Roxio
O43 - CFD: 17/10/2015 - [] DC -- C:\ProgramData\Samsung  =>.Samsung Electronics
O43 - CFD: 02/10/2013 - [] DC -- C:\ProgramData\SearchOnline
O43 - CFD: 18/03/2017 - [0] DC -- C:\ProgramData\SoftwareDistribution  =>.Microsoft Corporation
O43 - CFD: 06/09/2013 - [] DC -- C:\ProgramData\Sonic  =>.Sonic
O43 - CFD: 20/09/2016 - [] DC -- C:\ProgramData\Sophos  =>.Sophos
O43 - CFD: 03/08/2017 - [0] SHD -- C:\ProgramData\Start Menu  =>.Microsoft Corporation
O43 - CFD: 26/08/2016 - [0] DC -- C:\ProgramData\surf Aond ukeEpu  =>PUP.Optional.SurfAndKeep
O43 - CFD: 10/11/2013 - [0] DC -- C:\ProgramData\surff and keepi  =>PUP.Optional.SurfAndKeep
O43 - CFD: 22/08/2013 - [] DC -- C:\ProgramData\Symantec  =>.Symantec
O43 - CFD: 01/06/2017 - [0] ADC -- C:\ProgramData\TEMP  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [0] SHD -- C:\ProgramData\Templates  =>.Microsoft Corporation
O43 - CFD: 17/03/2013 - [] DC -- C:\ProgramData\Uninstall  =>.Unknown
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\USOPrivate  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] DC -- C:\ProgramData\USOShared  =>.Microsoft Corporation
O43 - CFD: 26/02/2014 - [0] DC -- C:\ProgramData\UTubeNoAAdsi  =>PUP.Optional.UTubeNoAdS
O43 - CFD: 31/10/2015 - [] DC -- C:\ProgramData\VsTelemetry  =>.Legitimate
O43 - CFD: 18/03/2017 - [] DC -- C:\ProgramData\WindowsHolographicDevices  =>.Microsoft Corporation
O43 - CFD: 09/10/2013 - [0] DC -- C:\ProgramData\Yahoo!  =>.Yahoo!
O43 - CFD: 21/07/2016 - [] DC -- C:\Program Files (x86)\Common Files\Adobe  =>.Adobe
O43 - CFD: 23/11/2016 - [] ADC -- C:\Program Files (x86)\Common Files\Adobe AIR  =>.Adobe Inc.
O43 - CFD: 03/07/2014 - [] ADC -- C:\Program Files (x86)\Common Files\DESIGNER  =>.Designer
O43 - CFD: 09/10/2013 - [] DC -- C:\Program Files (x86)\Common Files\InstallShield  =>.InstallShield
O43 - CFD: 10/01/2017 - [] DC -- C:\Program Files (x86)\Common Files\Java  =>.Oracle
O43 - CFD: 03/08/2017 - [] ADC -- C:\Program Files (x86)\Common Files\Microsoft Shared  =>.Microsoft Corporation
O43 - CFD: 09/10/2013 - [] DC -- C:\Program Files (x86)\Common Files\Roxio Shared  =>.Roxio
O43 - CFD: 18/03/2017 - [] DC -- C:\Program Files (x86)\Common Files\Services  =>.Microsoft Corporation
O43 - CFD: 20/09/2016 - [] DC -- C:\Program Files (x86)\Common Files\Sophos  =>.Sophos
O43 - CFD: 03/08/2017 - [] DC -- C:\Program Files (x86)\Common Files\SpeechEngines  =>.Microsoft Corporation
O43 - CFD: 23/03/2014 - [0] DC -- C:\Program Files (x86)\Common Files\Symantec Shared  =>.Symantec Corporation
O43 - CFD: 03/08/2017 - [] DC -- C:\Program Files (x86)\Common Files\System  =>.Microsoft Corporation
O43 - CFD: 19/03/2013 - [] DC -- C:\Program Files (x86)\Common Files\Windows Live  =>.Microsoft Corporation
O43 - CFD: 18/08/2016 - [] DC -- C:\Users\Admin\AppData\Roaming\Adobe  =>.Adobe
O43 - CFD: 21/07/2016 - [] DC -- C:\Users\Admin\AppData\Roaming\Apple Computer  =>.Apple Inc.
O43 - CFD: 21/07/2016 - [] DC -- C:\Users\Admin\AppData\Roaming\Atlantis  =>.Rising Star Games
O43 - CFD: 18/08/2016 - [] DC -- C:\Users\Admin\AppData\Roaming\com.cricut.Cricut-CraftRoom
O43 - CFD: 06/03/2017 - [] DC -- C:\Users\Admin\AppData\Roaming\GlarySoft  =>.GlarySoft
O43 - CFD: 09/07/2016 - [] DC -- C:\Users\Admin\AppData\Roaming\Identities  =>.Microsoft Corporation
O43 - CFD: 13/08/2016 - [] DC -- C:\Users\Admin\AppData\Roaming\Macromedia  =>.Macromedia
O43 - CFD: 21/11/2010 - [0] DC -- C:\Users\Admin\AppData\Roaming\Media Center Programs  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] SDC -- C:\Users\Admin\AppData\Roaming\Microsoft  =>.Microsoft Corporation
O43 - CFD: 17/07/2017 - [] DC -- C:\Users\Admin\AppData\Roaming\Mozilla  =>.Mozilla Corporation
O43 - CFD: 08/03/2017 - [] DC -- C:\Users\Admin\AppData\Roaming\ODIN
O43 - CFD: 13/07/2016 - [0] DC -- C:\Users\Admin\AppData\Roaming\Samsung  =>.Samsung Electronics
O43 - CFD: 17/10/2016 - [] DC -- C:\Users\Admin\AppData\Roaming\Skype  =>.Skype
O43 - CFD: 09/07/2016 - [] DC -- C:\Users\Admin\AppData\Roaming\Sun  =>.Oracle
O43 - CFD: 07/10/2017 - [] DC -- C:\Users\Admin\AppData\Roaming\WinPatrol  =>.Bill2 Software
O43 - CFD: 02/11/2017 - [] DC -- C:\Users\Admin\AppData\Roaming\ZHP  =>.Nicolas Coolman
O43 - CFD: 27/07/2016 - [0] DC -- C:\Users\Admin\AppData\Local\ActiveSync  =>.Microsoft Corporation
O43 - CFD: 05/03/2017 - [] DC -- C:\Users\Admin\AppData\Local\Adobe  =>.Adobe
O43 - CFD: 21/07/2016 - [] DC -- C:\Users\Admin\AppData\Local\Apple  =>.Apple Inc.
O43 - CFD: 21/07/2016 - [] DC -- C:\Users\Admin\AppData\Local\Apple Computer  =>.Apple Inc.
O43 - CFD: 03/08/2017 - [0] SHD -- C:\Users\Admin\AppData\Local\Application Data  =>.Microsoft Corporation
O43 - CFD: 15/08/2016 - [] DC -- C:\Users\Admin\AppData\Local\Apps  =>.Microsoft Corporation
O43 - CFD: 08/08/2016 - [] DC -- C:\Users\Admin\AppData\Local\Comms  =>.Microsoft Corporation
O43 - CFD: 18/10/2016 - [] DC -- C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform  =>.Microsoft Corporation
O43 - CFD: 31/10/2017 - [0] DC -- C:\Users\Admin\AppData\Local\CrashDumps  =>.Microsoft Corporation
O43 - CFD: 11/08/2017 - [0] DC -- C:\Users\Admin\AppData\Local\DBG  =>.DBG
O43 - CFD: 22/10/2017 - [0] DC -- C:\Users\Admin\AppData\Local\Diagnostics  =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] DC -- C:\Users\Admin\AppData\Local\fontconfig  =>.Portable Apps
O43 - CFD: 04/12/2016 - [] DC -- C:\Users\Admin\AppData\Local\gegl-0.2  =>.Portable Apps
O43 - CFD: 17/07/2017 - [] DC -- C:\Users\Admin\AppData\Local\Google  =>.Google
O43 - CFD: 17/05/2017 - [] DC -- C:\Users\Admin\AppData\Local\gtk-2.0  =>.GTK Project
O43 - CFD: 09/07/2016 - [] DC -- C:\Users\Admin\AppData\Local\GWX  =>.GWX
O43 - CFD: 03/08/2017 - [0] SHD -- C:\Users\Admin\AppData\Local\History  =>.Microsoft Corporation
O43 - CFD: 13/08/2016 - [] DC -- C:\Users\Admin\AppData\Local\Macromedia  =>.Macromedia
O43 - CFD: 31/10/2017 - [] DC -- C:\Users\Admin\AppData\Local\Microsoft  =>.Microsoft Corporation
O43 - CFD: 19/03/2013 - [0] DC -- C:\Users\Admin\AppData\Local\Microsoft Help  =>.Microsoft Corporation
O43 - CFD: 07/06/2017 - [] DC -- C:\Users\Admin\AppData\Local\MicrosoftEdge  =>.Microsoft Corporation
O43 - CFD: 17/12/2016 - [] DC -- C:\Users\Admin\AppData\Local\Mozilla  =>.Mozilla Corporation
O43 - CFD: 30/10/2017 - [] DC -- C:\Users\Admin\AppData\Local\Packages  =>.Microsoft Corporation
O43 - CFD: 13/08/2016 - [0] DC -- C:\Users\Admin\AppData\Local\PeerDistRepub  =>.Microsoft Corporation
O43 - CFD: 21/07/2016 - [] DC -- C:\Users\Admin\AppData\Local\Programs  =>.Microsoft Corporation
O43 - CFD: 27/07/2016 - [] DC -- C:\Users\Admin\AppData\Local\Publishers  =>.Microsoft Corporation
O43 - CFD: 31/10/2017 - [] DC -- C:\Users\Admin\AppData\Local\Recovery  =>.Recovery Labs
O43 - CFD: 02/11/2017 - [] DC -- C:\Users\Admin\AppData\Local\Temp  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [0] SHD -- C:\Users\Admin\AppData\Local\Temporary Internet Files  =>.Microsoft Corporation
O43 - CFD: 27/07/2016 - [] DC -- C:\Users\Admin\AppData\Local\TileDataLayer  =>.Microsoft Corporation
O43 - CFD: 07/07/2017 - [] DC -- C:\Users\Admin\AppData\Local\UNP  =>.Microsoft Corporation
O43 - CFD: 27/01/2017 - [] DC -- C:\Users\Admin\AppData\Local\Valassis
O43 - CFD: 21/10/2016 - [] DC -- C:\Users\Admin\AppData\Local\VirtualStore  =>.Microsoft Corporation
O43 - CFD: 04/12/2016 - [] DC -- C:\Users\Admin\AppData\Local\webkit  =>.webkit
O43 - CFD: 28/10/2017 - [] DC -- C:\Users\Admin\AppData\Local\Zemana  =>.Zemana
O43 - CFD: 02/11/2017 - [] DC -- C:\Users\Admin\AppData\Local\ZHP  =>.Nicolas Coolman
O43 - CFD: 21/07/2016 - [0] DC -- C:\Users\Admin\AppData\Local\Programs\Common  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RDC -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [] RDC -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories  =>.Microsoft Corporation
O43 - CFD: 22/10/2017 - [] RDC -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools  =>.Administrative Tools
O43 - CFD: 02/12/2016 - [0] DC -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cricut Design Space
O43 - CFD: 03/08/2017 - [] DC -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance  =>.Microsoft Corporation
O43 - CFD: 22/10/2017 - [] RDC -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RDC -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RDC -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [0] SHD -- C:\Users\Default\AppData\Local\History  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Users\Default\AppData\Local\Microsoft  =>.Microsoft Corporation
O43 - CFD: 17/10/2016 - [0] DC -- C:\Users\Default\AppData\Local\Microsoft Help  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] DC -- C:\Users\Default\AppData\Local\Temp  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\History  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] DC -- C:\Users\Default User\AppData\Local\Microsoft  =>.Microsoft Corporation
O43 - CFD: 17/10/2016 - [0] DC -- C:\Users\Default User\AppData\Local\Microsoft Help  =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] DC -- C:\Users\Default User\AppData\Local\Temp  =>.Microsoft Corporation
O43 - CFD: 03/08/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files  =>.Microsoft Corporation
O43 - CFD: 31/10/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Microsoft  =>.Microsoft Corporation
O43 - CFD: 27/10/2017 - [0] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\PeerDistRepub  =>.Microsoft Corporation
O43 - CFD: 28/10/2017 - []  -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Zemana  =>.Zemana
O43 - CFD: 23/10/2017 - []  -- C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\Macromedia  =>.Macromedia

---\\ ShellIconOverlayIdentifiers (SIOI) (6) - 1s
O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll  =>.Microsoft Corporation®
O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll  =>.Microsoft Corporation®
O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll  =>.Microsoft Corporation®
O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll  =>.Microsoft Corporation®
O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll  =>.Microsoft Corporation®
O106 - SIOI: ReadOnlyOverlayHandler Class [ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll  =>.Microsoft Corporation®

---\\ Image File Execution Options (17) - 1s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\\3]  =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\\3]  =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\\3]  =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\\256]  =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\\256]  =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\\3]  =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\MRT.exe - (.Microsoft Corporation - Microsoft Windows Malicious Software Remova.) [CFGOptions\\1]  =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\\256]  =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft ® HTML Application host.) [MitigationOptions\\256]  =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\\1118481]  =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\\2097152]  =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\\4294967296]  =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\\3]  =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\\3]  =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\\2097152]  =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\\32768]  =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\\3]  =>.Microsoft Corporation

---\\ System Drivers List (71) - 30s
O58 - SDL:2017/03/18 13:56:25 AC . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\WINDOWS\System32\drivers\3ware.sys   [107424]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys   [1135512]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys   [83352]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys   [259488]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys   [27040]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys   [132000]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:26 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\WINDOWS\System32\drivers\b57nd60a.sys   [452608]  =>.Broadcom Corporation
O58 - SDL:2017/03/18 13:56:25 AC . (.Windows ® Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys   [9728]  =>.Windows ® Win 7 DDK provider
O58 - SDL:2017/03/18 13:56:23 AC . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) -- C:\WINDOWS\System32\drivers\bxvbda.sys   [533920]  =>.Microsoft Windows®
O58 - SDL:2017/03/05 14:48:42 AC . (.Ruiware, LLC - WinAntiRansom Driver.) -- C:\WINDOWS\System32\drivers\CGKDarkWatcher.sys   [15128]  =>.Ruiware, LLC.®
O58 - SDL:2017/03/18 13:56:25 AC . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) -- C:\WINDOWS\System32\drivers\cht4dx64.sys   [102816]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) -- C:\WINDOWS\System32\drivers\cht4sx64.sys   [347032]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) -- C:\WINDOWS\System32\drivers\cht4vx64.sys   [2104224]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:23 AC . (.QLogic Corporation - QLogic 10 GigE VBD.) -- C:\WINDOWS\System32\drivers\evbda.sys   [3419040]  =>.Microsoft Windows®
O58 - SDL:2017/10/31 13:37:23 AC . (.Malwarebytes - Malwarebytes Anti-Ransomware Protection.) -- C:\WINDOWS\System32\drivers\farflt.sys   [110016]  =>.Malwarebytes Corporation®
O58 - SDL:2012/09/04 13:49:38 AC . (.HS Coporation - USB NDIS Miniport Driver.) -- C:\WINDOWS\System32\drivers\ghsnet.sys   [162816]
O58 - SDL:2012/12/20 09:04:22 AC . (.HS Coporation - USB Modem/Serial Device Driver.) -- C:\WINDOWS\System32\drivers\ghsser.sys   [123520]
O58 - SDL:2017/03/18 13:56:25 AC . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys   [64416]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:28 A . (.Intel® Corporation - Intel® Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iagpio.sys   [33280]  =>.Intel® Corporation
O58 - SDL:2017/03/18 13:56:28 AC . (.Intel® Corporation - Intel® Serial IO I2C Driver.) -- C:\WINDOWS\System32\drivers\iai2c.sys   [81408]  =>.Intel® Corporation
O58 - SDL:2017/03/18 13:56:28 AC . (.Intel Corporation - Intel® Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys   [70656]  =>.Intel Corporation
O58 - SDL:2017/03/18 13:56:28 AC . (.Intel Corporation - Intel® Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys   [85504]  =>.Intel Corporation
O58 - SDL:2017/03/18 13:56:28 AC . (.Intel Corporation - Intel® Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys   [165376]  =>.Intel Corporation
O58 - SDL:2017/03/18 13:56:28 AC . (.Intel Corporation - Intel® Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys   [168448]  =>.Intel Corporation
O58 - SDL:2017/03/18 13:56:23 AC . (.Intel Corporation - Intel® Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys   [38128]  =>.Intel Corporation - Client Components Group®
O58 - SDL:2017/03/18 13:56:19 AC . (.Intel Corporation - Intel® Serial IO I2C Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys   [113152]  =>.Intel Corporation
O58 - SDL:2017/03/18 13:56:26 AC . (.Intel Corporation - Intel® Rapid Storage Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAV.sys   [673184]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:26 AC . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorV.sys   [412064]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\WINDOWS\System32\drivers\ibbus.sys   [526240]  =>.Microsoft Windows®
O58 - SDL:2012/03/23 04:33:52 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\WINDOWS\System32\drivers\igdkmd64.sys   [6192640]  =>.Intel Corporation
O58 - SDL:2017/03/18 13:56:25 AC . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys   [108960]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys   [123808]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys   [103328]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys   [82848]  =>.Microsoft Windows®
O58 - SDL:2012/06/20 11:51:32 AC . (.HandSet Incorporated - HandSet CDROM Filter.) -- C:\WINDOWS\System32\drivers\massfilter_hs.sys   [20232]  =>.ZTE CORPORATION®
O58 - SDL:2017/10/04 13:15:42 A . (...) -- C:\WINDOWS\System32\drivers\mbae64.sys   [77440]  =>.Malwarebytes Corporation®
O58 - SDL:2017/10/31 13:37:22 AC . (.Malwarebytes - Malwarebytes Real-Time Protection.) -- C:\WINDOWS\System32\drivers\mbam.sys   [45504]  =>.Malwarebytes Corporation®
O58 - SDL:2017/10/31 13:37:23 AC . (.Malwarebytes - Malwarebytes Chameleon.) -- C:\WINDOWS\System32\drivers\MbamChameleon.sys   [192952]  =>.Malwarebytes Corporation®
O58 - SDL:2017/10/31 13:37:19 AC . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys   [252232]  =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 13:56:25 AC . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys   [59808]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\MegaSas2i.sys   [64416]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys   [575904]  =>.Microsoft Windows®
O58 - SDL:2017/05/24 16:31:09 AC . (.McAfee, Inc. - McAfee Link Driver.) -- C:\WINDOWS\System32\drivers\mfehidk.sys   [917008]  =>.McAfee, Inc.®
O58 - SDL:2017/05/24 16:31:10 AC . (.McAfee, Inc. - McAfee Code Analysis Driver.) -- C:\WINDOWS\System32\drivers\mferkdet.sys   [124432]  =>.McAfee, Inc.®
O58 - SDL:2017/03/18 13:56:25 AC . (.Mellanox - MLX4 Bus Driver.) -- C:\WINDOWS\System32\drivers\mlx4_bus.sys   [842656]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys   [63904]  =>.Microsoft Windows®
O58 - SDL:2017/11/02 12:53:49 AC . (.Malwarebytes - Malwarebytes Web Protection.) -- C:\WINDOWS\System32\drivers\mwac.sys   [94144]  =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 13:56:25 AC . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\WINDOWS\System32\drivers\ndfltr.sys   [108960]  =>.Microsoft Windows®
O58 - SDL:2010/09/30 12:00:06 AC . (.Renesas Electronics Corporation - USB 3.0 Hub Driver.) -- C:\WINDOWS\System32\drivers\nusb3hub.sys   [80384]  =>.Renesas Electronics Corporation
O58 - SDL:2010/09/30 12:00:06 AC . (.Renesas Electronics Corporation - USB 3.0 Host Controller Driver.) -- C:\WINDOWS\System32\drivers\nusb3xhc.sys   [180736]  =>.Renesas Electronics Corporation
O58 - SDL:2017/03/18 13:56:25 AC . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys   [150432]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys   [166304]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys   [58784]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys   [61848]  =>.Microsoft Windows®
O58 - SDL:2016/09/20 17:15:07 AC . (.Sophos Limited - SAV On-Access and HIPS for Windows Vista (A.) -- C:\WINDOWS\System32\drivers\savonaccess.sys   [161024]  =>.Sophos Limited®
O58 - SDL:2017/03/18 13:56:26 A . (...) -- C:\WINDOWS\System32\drivers\SDFRd.sys   [31128]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys   [44960]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys   [81824]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys   [31136]  =>.Microsoft Windows®
O58 - SDL:2017/10/28 21:09:45 AC . (...) -- C:\WINDOWS\System32\drivers\TrueSight.sys   [28272]  =>.Adlice®
O58 - SDL:2012/12/13 13:50:36 AC . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\System32\drivers\usbaapl64.sys   [54784]  =>.Apple, Inc.
O58 - SDL:2012/10/31 16:02:02 AC . (.Via Telecom, Inc. - viausbets driver.) -- C:\WINDOWS\System32\drivers\viahsets.sys   [32136]  =>.ZTE CORPORATION®
O58 - SDL:2012/11/09 15:14:34 AC . (.VIA Telecom - USB2SER/MDM.) -- C:\WINDOWS\System32\drivers\viahsser.sys   [62728]  =>.ZTE CORPORATION®
O58 - SDL:2017/03/18 13:56:25 AC . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\WINDOWS\System32\drivers\vsmraid.sys   [166816]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS   [305568]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Mellanox - Kernel WinMad.) -- C:\WINDOWS\System32\drivers\winmad.sys   [32160]  =>.Microsoft Windows®
O58 - SDL:2017/03/18 13:56:25 AC . (.Mellanox - Kernel WinVerbs.) -- C:\WINDOWS\System32\drivers\winverbs.sys   [64920]  =>.Microsoft Windows®
O58 - SDL:2017/10/28 10:54:32 A . (.Zemana Ltd. - ZAM.) -- C:\WINDOWS\System32\drivers\zam64.sys   [203680]  =>.Zemana Ltd.®
O58 - SDL:2017/06/03 22:02:50 A . (.Zemana Ltd. - ZAM.) -- C:\WINDOWS\System32\drivers\zamguard64.sys   [203680]  =>.Zemana Ltd.®
O58 - SDL:2012/06/20 11:51:32 AC . (.ZTE Incorporated - USB NDIS Miniport Driver.) -- C:\WINDOWS\System32\drivers\zghsnet.sys   [171272]  =>.ZTE CORPORATION®
O58 - SDL:2012/10/31 16:00:58 AC . (.ZTE Corporation - USB Modem/Serial Device Driver.) -- C:\WINDOWS\System32\drivers\zghsser.sys   [131976]  =>.ZTE CORPORATION®

---\\ File Associations Shell Spawning (10) - 1s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\WINDOWS\System32\control.exe  =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\WINDOWS\System32\eventvwr.exe  =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (...) -- %1" %*
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe  =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- F:\Mozilla Firefox\firefox.exe  =>.Mozilla Corporation®

---\\ Search Browser Infection (2) - 7s
O69 - SBI: SearchScopes [HKCU] [64Bits]{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
O69 - SBI: SearchScopes [HKLM] [64Bits]{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) -

---\\ Search Svchost Services (48) - 1s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll   [189952]  =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll   [189952]  =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\System32\srvsvc.dll   [303104]  =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\WINDOWS\System32\gpsvc.dll   [1269248]  =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\WINDOWS\System32\ikeext.dll   [934912]  =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\WINDOWS\System32\iphlpsvc.dll   [996864]  =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll   [31232]  =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\WINDOWS\System32\appinfo.dll   [138752]  =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\WINDOWS\System32\iscsiexe.dll   [150016]  =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\WINDOWS\System32\eapsvc.dll   [108032]  =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\WINDOWS\System32\schedsvc.dll   [877568]  =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\System32\wbem\WMIsvc.dll   [221696]  =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll   [133120]  =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\WINDOWS\System32\profsvc.dll   [413184]  =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\WINDOWS\System32\sessenv.dll   [385536]  =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\WINDOWS\System32\wercplsupport.dll   [93184]  =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\WINDOWS\System32\Windows.SharedPC.AccountManager.dll   [192512]  =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\WINDOWS\System32\XblGameSave.dll   [1135104]  =>.Microsoft Corporation
O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) -- C:\WINDOWS\System32\NaturalAuth.dll   [723968]  =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\WINDOWS\System32\wlidsvc.dll   [2153984]  =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\WINDOWS\System32\usermgr.dll   [877568]  =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\WINDOWS\System32\XblAuthManager.dll   [1015296]  =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) -- C:\WINDOWS\System32\Windows.Internal.Management.dll   [536064]  =>.Microsoft Corporation
O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) -- C:\WINDOWS\System32\xbgmsvc.dll   [301216]  =>.Microsoft Windows Publisher®
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\WINDOWS\System32\themeservice.dll   [69632]  =>.Microsoft Corporation
O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) -- C:\WINDOWS\System32\TokenBroker.dll   [1052672]  =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) -- C:\WINDOWS\System32\lfsvc.dll   [43520]  =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) -- C:\WINDOWS\System32\irmon.dll   [24576]  =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll   [104448]  =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll   [874496]  =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\System32\mprdim.dll   [490496]  =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\System32\sens.dll   [69632]  =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\System32\ipnathlp.dll   [537600]  =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) -- C:\WINDOWS\System32\tapisrv.dll   [306688]  =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\WINDOWS\System32\wuaueng.dll   [2446336]  =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\System32\qmgr.dll   [1159680]  =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\System32\shsvcs.dll   [612864]  =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\System32\dmwappushsvc.dll   [55296]  =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) -- C:\WINDOWS\System32\flightsettings.dll   [699904]  =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) -- C:\WINDOWS\System32\WpnService.dll   [276480]  =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\WINDOWS\System32\bdesvc.dll   [385536]  =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\WINDOWS\System32\XboxNetApiSvc.dll   [1067008]  =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) -- C:\WINDOWS\System32\usocore.dll   [684032]  =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) -- C:\WINDOWS\System32\NetSetupSvc.dll   [261632]  =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\WINDOWS\System32\DeviceSetupManager.dll   [233984]  =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\WINDOWS\System32\ncasvc.dll   [167424]  =>.Microsoft Corporation
O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) -- C:\WINDOWS\System32\XboxGipSvc.dll   [18944]  =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\WINDOWS\System32\appmgmts.dll   [196096]  =>.Microsoft Corporation

---\\ Additional Scan (O88) (7) - 1s
C:\Program Files (x86)\surf Aond ukeEpu  =>PUP.Optional.SurfAndKeep
C:\Program Files (x86)\surff and keepi  =>PUP.Optional.SurfAndKeep
C:\Program Files (x86)\UTubeNoAAdsi  =>PUP.Optional.UTubeNoAdS
C:\ProgramData\InstallMate  =>Adware.Tarma
C:\ProgramData\surf Aond ukeEpu  =>PUP.Optional.SurfAndKeep
C:\ProgramData\surff and keepi  =>PUP.Optional.SurfAndKeep
C:\ProgramData\UTubeNoAAdsi  =>PUP.Optional.UTubeNoAdS

---\\ Summary of the elements found (4) - 0s





~ Unselected Options:  O82,
~ End of the scan, 35348 items in 05mn55s (875)(0)



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 PM

Posted 03 November 2017 - 07:43 AM


I'm not familiar with the program.

I do recommend that you run this fix to remove these Folders in bold.
They seen to re empty. You can check them before proceeding.

C:\Program Files (x86)\surf Aond ukeEpu
C:\Program Files (x86)\surff and keepi
C:\Program Files (x86)\UTubeNoAAdsi
C:\ProgramData\InstallMate
C:\ProgramData\surf Aond ukeEpu
C:\ProgramData\surff and keepi
C:\ProgramData\UTubeNoAAdsi

Here is my fix.


Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

C:\Program Files (x86)\surf Aond ukeEpu
C:\Program Files (x86)\surff and keepi
C:\Program Files (x86)\UTubeNoAAdsi
C:\ProgramData\InstallMate
C:\ProgramData\surf Aond ukeEpu
C:\ProgramData\surff and keepi
C:\ProgramData\UTubeNoAAdsi


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
==

Hope it helps.

#11 Dimera

Dimera
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 03 November 2017 - 02:21 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Admin (03-11-2017 12:15:19) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

C:\Program Files (x86)\surf Aond ukeEpu
C:\Program Files (x86)\surff and keepi
C:\Program Files (x86)\UTubeNoAAdsi
C:\ProgramData\InstallMate
C:\ProgramData\surf Aond ukeEpu
C:\ProgramData\surff and keepi
C:\ProgramData\UTubeNoAAdsi


End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\surf Aond ukeEpu => moved successfully
C:\Program Files (x86)\surff and keepi => moved successfully
C:\Program Files (x86)\UTubeNoAAdsi => moved successfully
C:\ProgramData\InstallMate => moved successfully
C:\ProgramData\surf Aond ukeEpu => moved successfully
C:\ProgramData\surff and keepi => moved successfully
C:\ProgramData\UTubeNoAAdsi => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18122724 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 12060 B
Edge => 0 B
Chrome => 0 B
Firefox => 16905722 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Admin => 5180669 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 45.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:16:32 ====



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 PM

Posted 04 November 2017 - 06:50 AM

Hi,

How is the computer performing now?

#13 Dimera

Dimera
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 05 November 2017 - 01:52 PM

Better.  Thank you very much for your time and help/



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 PM

Posted 06 November 2017 - 08:30 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users