Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan? Adware? Malware? - Need help removing please


  • This topic is locked This topic is locked
21 replies to this topic

#1 Emvie

Emvie

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 12 November 2017 - 02:08 AM

Hello.  I am new to this forum so please bear with me.  I recently downloaded what I thought was a manual for my espresso machine and now I have all these ads popping up in my browser.  I ran Windows Defender complete scan and still getting these pop-ups.  Google searching led me to download and run AdwCleaner.  I have run this several times, after each scan rebooting.  Still having pop-ups.  More Google searching led me to downloading and running Farbar Recovery Scan Tool.  After running the scan and not knowing what to do next has led me to this forum.  I have the .txt files and am attaching them.  Any help will be greatly appreciated.

 

I have a Lenovo Ideapad Yoga 13 running Windows 10 64-bit OS.

 

Thank you.

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 12 November 2017 - 07:57 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Emvie

Emvie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 13 November 2017 - 02:23 PM

Jo:

 

Thank you for your reply.  Here are the results of your instructions.

 

Step 1: SALog.txt

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 12th Novemeber, 2017
Running from:C:\Users\1\Desktop (10:38:39 - 11/13/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Google Chrome (61.0.3163.100)
Java (8.0.1310.11)
Microsoft Silverlight (5.1.50901.0)
Windows Live Essentials (16.4.3528.0331) ==> is no longer supported
***----------------Analysis Complete-------------------------***

 

 

Step 2:  MBAR-log-***

There is a mbar folder created on my desktop.  In this folder there is no MBAR-log file in the MBAR folder but there is a System-log.txt file.  I am attaching this one.  If this is not the correct log file you need, please let me know if I should look in another place for the other log file:

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.1358.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 4168376320, free: 1412059136
Downloaded database version: v2017.11.13.09
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
     11/13/2017 10:46:59
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\wfcre.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\Lace_wpf_x64.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\msgpiowin32.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\hidparse.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\Drivers\RtsUer.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\RtkBtfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\rtwlanu_oldIC.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\leymc.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\System32\drivers\hidbth.sys
\SystemRoot\System32\Drivers\vm331avs.sys
\SystemRoot\system32\DRIVERS\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\acpials.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\asyncmac.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\7467369A.sys
----------- End -----------
Done!
Scan started
Database versions:
  main:    v2017.11.13.09
  rootkit: v2017.10.14.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe28406b83060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe28406a99920, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe28406b82040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xffffe28406b83060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe28405f9d060, DeviceName: \Device\00000032\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A9DC68D2
GPT Protective MBR Partition information:
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
GPT Partition information:
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 4017891352
    GPT Header CurrentLba = 1 BackupLba 250069679
    GPT Header FirstUsableLba 34  LastUsableLba 250069646
    GPT Header Guid 733c33ca-8e80-469c-80d4-7ad2797c6bfd
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 4017891352
    Backup GPT header CurrentLba = 250069679 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 250069646
    Backup GPT header Guid 733c33ca-8e80-469c-80d4-7ad2797c6bfd
    Backup GPT header Contains 128 partition entries starting at LBA 250069647
    Backup GPT header Partition entry size = 128
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 59c78dfe-2ad6-406f-b131-68e1c7866e79
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 8f3d9e6c-ed21-40d6-aaa9-b6821ccd8c21
    FirstLBA 2050048  Last LBA 2582527
    Attributes 1
    Partition Name                 EFI system partition
    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 2f583d05-f5ce-45c3-9666-68b8a326b739
    FirstLBA 2582528  Last LBA 4630527
    Attributes 1
    Partition Name                 Basic data partition
    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID b9ad607a-de91-4b31-9180-e2c294e9e3c4
    FirstLBA 4630528  Last LBA 4892671
    Attributes 0
    Partition Name         Microsoft reserved partition
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 7f30ba14-9322-46e6-93ea-8f8cee9bdd59
    FirstLBA 4892672  Last LBA 218789887
    Attributes 0
    Partition Name                 Basic data partition
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 9bdce0c0-70b2-4764-ace4-967a42ebb414
    FirstLBA 218789888  Last LBA 219506687
    Attributes 1
    Partition Name                                    
    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID cb852892-eb08-4ae0-ae54-f6262ce0307d
    FirstLBA 219506688  Last LBA 227895295
    Attributes 0
    Partition Name                 Basic data partition
    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID a720a23d-742a-4a45-b96f-dd1382e4557a
    FirstLBA 227895296  Last LBA 250068991
    Attributes 1
    Partition Name                 Basic data partition
Disk Size: 128035676160 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a8ad9c1eb84ee05773b04b298573fa35\MSCORLIB.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\603a3bab60d64169412e83e06d7bac68\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\42cf6c4bff2cdf34e362267f66c9bf5e\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Simply.Conn2f6da4e1#\db96189b009d30ca8e7c3924721b8499\Simply.ConnectionManagerService.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\183bd383b402cf2a8d8d180ce5d36a62\System.Runtime.Remoting.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ef8d0d1ee6432515fff7f11d91eaf368\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\3d80ae4a3a0aa7f6933fbe8c5922a473\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a771d2428d6b5c8ca9ab6c393e26ee3c\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshbth.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\5be014817eaa365eca5b6453968abeb5\System.Web.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
Infected: C:\Windows\Microsoft\svchost.exe --> [Adware.LoadMoney]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SvcHost Service Host --> [Adware.LoadMoney]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE --> [Adware.LoadMoney]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE --> [Adware.LoadMoney]
Infected: C:\Windows\Microsoft\svchost.exe --> [Adware.LoadMoney]
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768)
Infected: C:\Windows\Microsoft\svchost.exe.exe --> [Adware.LoadMoney]
Infected: C:\Windows\Microsoft\svchost.exe.exe --> [Adware.LoadMoney]
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.953_none_baad48403594ab3f\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
Infected: C:\Program Files\Windows Mail\UFCQUIZLSY\YLFMINSGOX.exe --> [Trojan.Agent.Generic]
Infected: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|YLFMINSGOX.exe --> [Trojan.Agent.Generic]
Infected: C:\Program Files\Windows Mail\UFCQUIZLSY\YLFMINSGOX.exe --> [Trojan.Agent.Generic]
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wevtapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BITSPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d697906ab1398f3c359eb8102bc55a43\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e10224bb702b28e3fd0f55e2009d7448\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\quartz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qcap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvfw32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qedit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devenum.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFKSPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\atl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFSENSORGROUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ksproxy.ax" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Kswdmcap.ax" is sparse (flags = 32768)
File "C:\Windows\System32\mfc42.dll" is sparse (flags = 32768)
File "C:\Windows\System32\odbc32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vidcap.ax" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcp80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched20.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msls31.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntdsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemdisp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.SEARCH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STRUCTUREDQUERY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\687dc34f436f621648d97bcec377f33c\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\16cd2ff23ddf98547712a6b4377be348\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\f55810f7b1c169f9592179bc84bf635b\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hhctrl.ocx" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\36069be44eb7526107e37f7fc804944a\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7184b37a17bf31f510441a35a8660256\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2c487bdc9aee7121eebda8257af0a43f\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\77aefe1ed671a033b6fb4cf36cd502d8\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c585218f9bf85fb5bde703a491efd291\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\0527893dbcc7302575fed07f13ec00ce\System.Web.Services.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e545638ea70536add25a06f19669fc6d\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\88b1647db8a9c949fdfefbe376318546\System.ComponentModel.Composition.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NTLMSHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\4f6048167ceefcdb21db301bde120260\System.Transactions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcSpecfc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hlink.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768)
File "C:\Windows\splwow64.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MICROSOFTEDGE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BROWSER_BROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MICROSOFTEDGECP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\notepad.exe" is sparse (flags = 32768)
File "C:\Windows\System32\feclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efswrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpials.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthHfAud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rfcomm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthA2DP.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthpan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WSDPrint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Program Files (x86)\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
Infected: C:\Users\1\AppData\Local\Temp\San258B.tmp --> [Adware.SpeedBit]
Infected: C:\Users\1\AppData\Local\Temp\San6292.tmp --> [Adware.SpeedBit]
Infected: C:\Users\1\AppData\Local\Temp\fKY0foqi8yWc.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\722VC8g86Jh6.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\7iBUjfF9TRTs.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\815.tmp.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\ozpM6qwZ4mq1.exe --> [Adware.Tuto4PC]
Infected: C:\Users\1\AppData\Local\Temp\sHUxF2jh3hE3.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\QwfUELWy4b3a.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\xpmipsr1.o0m\Setup.exe --> [Adware.IStartSurf]
Infected: C:\Users\1\AppData\Local\Temp\t28680e1\kometapanel.exe --> [Adware.RuKometa]
Infected: C:\Users\1\AppData\Local\Temp\t327cc1\kometapanel.exe --> [Adware.RuKometa]
Infected: C:\Users\1\AppData\Local\Temp\k3iradsd.sjm\Setup.exe --> [Adware.IStartSurf]
File "C:\Users\1\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
Infected: C:\Users\1\AppData\Local\wutphost\wutphost.exe --> [Adware.LoadMoney]
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL\OtherSearch Inc CA 2.cer --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL\cert.db --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL\xtls.db --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1 --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\data.dt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\dlog.txt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\kl.dll --> [Adware.OtherSearch.TSKRST]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OtherSearch --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\kl.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\kl.ecf --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\s.xml --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\slite.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\uninstall.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\upd.dt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\updengine.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\certutil.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\mozcrt19.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\nspr4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\nss3.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\plc4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\plds4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\smime3.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\softokn3.dll --> [Adware.OtherSearch.TSKRST]
File C:\Windows\System32\drivers\Lace_wpf_x64.sys will be destroyed
Infected: C:\Windows\System32\drivers\Lace_wpf_x64.sys --> [Rootkit.Komodia.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Lace514 --> [Rootkit.Komodia.PUA]
File C:\Windows\System32\drivers\wfcre.sys will be destroyed
Infected: C:\Windows\System32\drivers\wfcre.sys --> [PUP.Optional.ChinAd]
Infected: C:\Windows\System32\icacl.exe --> [Trojan.Stantiko]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\icacl --> [Trojan.Stantiko]
Infected: C:\Windows\System32\icacl.exe --> [Trojan.Stantiko]
Scan finished

 

Step 3:  AdwCleaner.txt

 

 

# AdwCleaner 7.0.4.0 - Logfile created on Mon Nov 13 19:19:59 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-13-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
PUP.Optional.Legacy, OtherSearch
PUP.Optional.Legacy, SvcHost Service Host
Adware.RuKometa, SvcHost Service Host

***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
PUP.Optional.Legacy, C:\END
PUP.Optional.Legacy, C:\Windows\SysNative\drivers\Lace_wpf_x64.sys
PUP.Optional.ChinAd, C:\Windows\SysNative\drivers\wfcre.sys
PUP.Optional.CPUMiner, C:\Windows\Microsoft\svchost.exe.exe

***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.OtherSearch, [Key] - HKLM\SOFTWARE\OtherSearch

***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
PUP.Optional.Mail.Ru, Plugin found: Поиск Mail.Ru -
PUP.Optional.Mail.Ru, Plugin found: Домашняя страница Mail.Ru -
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271

*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [12992 B] - [2017/11/12 4:36:44]
C:/AdwCleaner/AdwCleaner[C1].txt - [1781 B] - [2017/11/12 4:47:13]
C:/AdwCleaner/AdwCleaner[C2].txt - [1671 B] - [2017/11/12 4:55:59]
C:/AdwCleaner/AdwCleaner[C3].txt - [1806 B] - [2017/11/12 5:4:31]
C:/AdwCleaner/AdwCleaner[C4].txt - [1941 B] - [2017/11/12 5:11:5]
C:/AdwCleaner/AdwCleaner[S0].txt - [14891 B] - [2017/11/12 4:35:9]
C:/AdwCleaner/AdwCleaner[S1].txt - [1928 B] - [2017/11/12 4:46:52]
C:/AdwCleaner/AdwCleaner[S2].txt - [1773 B] - [2017/11/12 4:54:44]
C:/AdwCleaner/AdwCleaner[S3].txt - [1909 B] - [2017/11/12 5:4:25]
C:/AdwCleaner/AdwCleaner[S4].txt - [2043 B] - [2017/11/12 5:10:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########


#4 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 13 November 2017 - 02:55 PM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Emvie

Emvie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 13 November 2017 - 04:49 PM

Step 1 - After Cleanup and reboot - log file:

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.1358.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 4168376320, free: 1412059136
Downloaded database version: v2017.11.13.09
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
     11/13/2017 10:46:59
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\wfcre.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\Lace_wpf_x64.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\msgpiowin32.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\hidparse.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\Drivers\RtsUer.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\RtkBtfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\rtwlanu_oldIC.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\leymc.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\System32\drivers\hidbth.sys
\SystemRoot\System32\Drivers\vm331avs.sys
\SystemRoot\system32\DRIVERS\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\acpials.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\asyncmac.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\7467369A.sys
----------- End -----------
Done!
Scan started
Database versions:
  main:    v2017.11.13.09
  rootkit: v2017.10.14.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe28406b83060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe28406a99920, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe28406b82040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xffffe28406b83060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe28405f9d060, DeviceName: \Device\00000032\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A9DC68D2
GPT Protective MBR Partition information:
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
GPT Partition information:
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 4017891352
    GPT Header CurrentLba = 1 BackupLba 250069679
    GPT Header FirstUsableLba 34  LastUsableLba 250069646
    GPT Header Guid 733c33ca-8e80-469c-80d4-7ad2797c6bfd
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 4017891352
    Backup GPT header CurrentLba = 250069679 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 250069646
    Backup GPT header Guid 733c33ca-8e80-469c-80d4-7ad2797c6bfd
    Backup GPT header Contains 128 partition entries starting at LBA 250069647
    Backup GPT header Partition entry size = 128
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 59c78dfe-2ad6-406f-b131-68e1c7866e79
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 8f3d9e6c-ed21-40d6-aaa9-b6821ccd8c21
    FirstLBA 2050048  Last LBA 2582527
    Attributes 1
    Partition Name                 EFI system partition
    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 2f583d05-f5ce-45c3-9666-68b8a326b739
    FirstLBA 2582528  Last LBA 4630527
    Attributes 1
    Partition Name                 Basic data partition
    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID b9ad607a-de91-4b31-9180-e2c294e9e3c4
    FirstLBA 4630528  Last LBA 4892671
    Attributes 0
    Partition Name         Microsoft reserved partition
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 7f30ba14-9322-46e6-93ea-8f8cee9bdd59
    FirstLBA 4892672  Last LBA 218789887
    Attributes 0
    Partition Name                 Basic data partition
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 9bdce0c0-70b2-4764-ace4-967a42ebb414
    FirstLBA 218789888  Last LBA 219506687
    Attributes 1
    Partition Name                                    
    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID cb852892-eb08-4ae0-ae54-f6262ce0307d
    FirstLBA 219506688  Last LBA 227895295
    Attributes 0
    Partition Name                 Basic data partition
    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID a720a23d-742a-4a45-b96f-dd1382e4557a
    FirstLBA 227895296  Last LBA 250068991
    Attributes 1
    Partition Name                 Basic data partition
Disk Size: 128035676160 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a8ad9c1eb84ee05773b04b298573fa35\MSCORLIB.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\603a3bab60d64169412e83e06d7bac68\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\42cf6c4bff2cdf34e362267f66c9bf5e\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Simply.Conn2f6da4e1#\db96189b009d30ca8e7c3924721b8499\Simply.ConnectionManagerService.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\183bd383b402cf2a8d8d180ce5d36a62\System.Runtime.Remoting.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ef8d0d1ee6432515fff7f11d91eaf368\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\3d80ae4a3a0aa7f6933fbe8c5922a473\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a771d2428d6b5c8ca9ab6c393e26ee3c\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshbth.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\5be014817eaa365eca5b6453968abeb5\System.Web.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
Infected: C:\Windows\Microsoft\svchost.exe --> [Adware.LoadMoney]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SvcHost Service Host --> [Adware.LoadMoney]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE --> [Adware.LoadMoney]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE --> [Adware.LoadMoney]
Infected: C:\Windows\Microsoft\svchost.exe --> [Adware.LoadMoney]
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768)
Infected: C:\Windows\Microsoft\svchost.exe.exe --> [Adware.LoadMoney]
Infected: C:\Windows\Microsoft\svchost.exe.exe --> [Adware.LoadMoney]
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.953_none_baad48403594ab3f\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
Infected: C:\Program Files\Windows Mail\UFCQUIZLSY\YLFMINSGOX.exe --> [Trojan.Agent.Generic]
Infected: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|YLFMINSGOX.exe --> [Trojan.Agent.Generic]
Infected: C:\Program Files\Windows Mail\UFCQUIZLSY\YLFMINSGOX.exe --> [Trojan.Agent.Generic]
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wevtapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BITSPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d697906ab1398f3c359eb8102bc55a43\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e10224bb702b28e3fd0f55e2009d7448\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\quartz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qcap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvfw32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qedit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devenum.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFKSPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\atl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFSENSORGROUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ksproxy.ax" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Kswdmcap.ax" is sparse (flags = 32768)
File "C:\Windows\System32\mfc42.dll" is sparse (flags = 32768)
File "C:\Windows\System32\odbc32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vidcap.ax" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcp80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched20.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msls31.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntdsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemdisp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.SEARCH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STRUCTUREDQUERY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\687dc34f436f621648d97bcec377f33c\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\16cd2ff23ddf98547712a6b4377be348\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\f55810f7b1c169f9592179bc84bf635b\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hhctrl.ocx" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\36069be44eb7526107e37f7fc804944a\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7184b37a17bf31f510441a35a8660256\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2c487bdc9aee7121eebda8257af0a43f\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\77aefe1ed671a033b6fb4cf36cd502d8\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c585218f9bf85fb5bde703a491efd291\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\0527893dbcc7302575fed07f13ec00ce\System.Web.Services.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e545638ea70536add25a06f19669fc6d\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\88b1647db8a9c949fdfefbe376318546\System.ComponentModel.Composition.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NTLMSHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\4f6048167ceefcdb21db301bde120260\System.Transactions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcSpecfc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hlink.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768)
File "C:\Windows\splwow64.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MICROSOFTEDGE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BROWSER_BROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MICROSOFTEDGECP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\notepad.exe" is sparse (flags = 32768)
File "C:\Windows\System32\feclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efswrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpials.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthHfAud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rfcomm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthA2DP.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthpan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WSDPrint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Program Files (x86)\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
Infected: C:\Users\1\AppData\Local\Temp\San258B.tmp --> [Adware.SpeedBit]
Infected: C:\Users\1\AppData\Local\Temp\San6292.tmp --> [Adware.SpeedBit]
Infected: C:\Users\1\AppData\Local\Temp\fKY0foqi8yWc.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\722VC8g86Jh6.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\7iBUjfF9TRTs.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\815.tmp.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\ozpM6qwZ4mq1.exe --> [Adware.Tuto4PC]
Infected: C:\Users\1\AppData\Local\Temp\sHUxF2jh3hE3.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\QwfUELWy4b3a.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\xpmipsr1.o0m\Setup.exe --> [Adware.IStartSurf]
Infected: C:\Users\1\AppData\Local\Temp\t28680e1\kometapanel.exe --> [Adware.RuKometa]
Infected: C:\Users\1\AppData\Local\Temp\t327cc1\kometapanel.exe --> [Adware.RuKometa]
Infected: C:\Users\1\AppData\Local\Temp\k3iradsd.sjm\Setup.exe --> [Adware.IStartSurf]
File "C:\Users\1\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
Infected: C:\Users\1\AppData\Local\wutphost\wutphost.exe --> [Adware.LoadMoney]
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL\OtherSearch Inc CA 2.cer --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL\cert.db --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL\xtls.db --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1 --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\data.dt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\dlog.txt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\kl.dll --> [Adware.OtherSearch.TSKRST]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OtherSearch --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\kl.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\kl.ecf --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\s.xml --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\slite.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\uninstall.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\upd.dt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\updengine.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\certutil.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\mozcrt19.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\nspr4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\nss3.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\plc4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\plds4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\smime3.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\softokn3.dll --> [Adware.OtherSearch.TSKRST]
File C:\Windows\System32\drivers\Lace_wpf_x64.sys will be destroyed
Infected: C:\Windows\System32\drivers\Lace_wpf_x64.sys --> [Rootkit.Komodia.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Lace514 --> [Rootkit.Komodia.PUA]
File C:\Windows\System32\drivers\wfcre.sys will be destroyed
Infected: C:\Windows\System32\drivers\wfcre.sys --> [PUP.Optional.ChinAd]
Infected: C:\Windows\System32\icacl.exe --> [Trojan.Stantiko]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\icacl --> [Trojan.Stantiko]
Infected: C:\Windows\System32\icacl.exe --> [Trojan.Stantiko]
Scan finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.1358.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 4168376320, free: 1468702720
=======================================

User declined to cleanup malware.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Lace_wpf_x64.sys-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Lace_wpf_x64.sys-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Lace_wpf_x64.sys-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Lace_wpf_x64.sys-(1)-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wfcre.sys-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wfcre.sys-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wfcre.sys-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wfcre.sys-(1)-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.1358.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 4168376320, free: 1481437184
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     11/13/2017 12:18:37
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\wfcre.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\Lace_wpf_x64.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\msgpiowin32.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\hidparse.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\Drivers\RtsUer.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\RtkBtfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\rtwlanu_oldIC.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\leymc.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\Drivers\vm331avs.sys
\SystemRoot\System32\drivers\acpials.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\asyncmac.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\6321619C.sys
----------- End -----------
Done!
Scan started
Database versions:
  main:    v2017.10.25.11
  rootkit: v2017.10.14.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe28406b83060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe28406a99920, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe28406b82040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xffffe28406b83060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe28405f9d060, DeviceName: \Device\00000032\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A9DC68D2
GPT Protective MBR Partition information:
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
GPT Partition information:
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 4017891352
    GPT Header CurrentLba = 1 BackupLba 250069679
    GPT Header FirstUsableLba 34  LastUsableLba 250069646
    GPT Header Guid 733c33ca-8e80-469c-80d4-7ad2797c6bfd
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 4017891352
    Backup GPT header CurrentLba = 250069679 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 250069646
    Backup GPT header Guid 733c33ca-8e80-469c-80d4-7ad2797c6bfd
    Backup GPT header Contains 128 partition entries starting at LBA 250069647
    Backup GPT header Partition entry size = 128
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 59c78dfe-2ad6-406f-b131-68e1c7866e79
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 8f3d9e6c-ed21-40d6-aaa9-b6821ccd8c21
    FirstLBA 2050048  Last LBA 2582527
    Attributes 1
    Partition Name                 EFI system partition
    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 2f583d05-f5ce-45c3-9666-68b8a326b739
    FirstLBA 2582528  Last LBA 4630527
    Attributes 1
    Partition Name                 Basic data partition
    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID b9ad607a-de91-4b31-9180-e2c294e9e3c4
    FirstLBA 4630528  Last LBA 4892671
    Attributes 0
    Partition Name         Microsoft reserved partition
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 7f30ba14-9322-46e6-93ea-8f8cee9bdd59
    FirstLBA 4892672  Last LBA 218789887
    Attributes 0
    Partition Name                 Basic data partition
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 9bdce0c0-70b2-4764-ace4-967a42ebb414
    FirstLBA 218789888  Last LBA 219506687
    Attributes 1
    Partition Name                                    
    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID cb852892-eb08-4ae0-ae54-f6262ce0307d
    FirstLBA 219506688  Last LBA 227895295
    Attributes 0
    Partition Name                 Basic data partition
    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID a720a23d-742a-4a45-b96f-dd1382e4557a
    FirstLBA 227895296  Last LBA 250068991
    Attributes 1
    Partition Name                 Basic data partition
Disk Size: 128035676160 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a8ad9c1eb84ee05773b04b298573fa35\MSCORLIB.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\603a3bab60d64169412e83e06d7bac68\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\42cf6c4bff2cdf34e362267f66c9bf5e\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Simply.Conn2f6da4e1#\db96189b009d30ca8e7c3924721b8499\Simply.ConnectionManagerService.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\183bd383b402cf2a8d8d180ce5d36a62\System.Runtime.Remoting.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ef8d0d1ee6432515fff7f11d91eaf368\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\3d80ae4a3a0aa7f6933fbe8c5922a473\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a771d2428d6b5c8ca9ab6c393e26ee3c\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshbth.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\5be014817eaa365eca5b6453968abeb5\System.Web.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\c93c27a2837219668b8a45fb74f0ad34\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\4f6048167ceefcdb21db301bde120260\System.Transactions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\odbc32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mtxdm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\82678864ae6f1cece5ed56f74ebdb456\System.EnterpriseServices.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\82678864ae6f1cece5ed56f74ebdb456\System.EnterpriseServices.Wrapper.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.953_none_baad48403594ab3f\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
Infected: C:\Program Files\Windows Mail\UFCQUIZLSY\YLFMINSGOX.exe --> [Trojan.Agent.Generic]
Infected: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|YLFMINSGOX.exe --> [Trojan.Agent.Generic]
Infected: C:\Program Files\Windows Mail\UFCQUIZLSY\YLFMINSGOX.exe --> [Trojan.Agent.Generic]
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wevtapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BITSPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d697906ab1398f3c359eb8102bc55a43\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e10224bb702b28e3fd0f55e2009d7448\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\quartz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qcap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvfw32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qedit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devenum.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFKSPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\atl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFSENSORGROUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ksproxy.ax" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Kswdmcap.ax" is sparse (flags = 32768)
File "C:\Windows\System32\mfc42.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vidcap.ax" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcp80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched20.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msls31.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntdsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemdisp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.SEARCH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STRUCTUREDQUERY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appwiz.cpl" is sparse (flags = 32768)
File "C:\Windows\System32\duser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\osbaseln.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\687dc34f436f621648d97bcec377f33c\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\16cd2ff23ddf98547712a6b4377be348\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\f55810f7b1c169f9592179bc84bf635b\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hhctrl.ocx" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\36069be44eb7526107e37f7fc804944a\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7184b37a17bf31f510441a35a8660256\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2c487bdc9aee7121eebda8257af0a43f\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\77aefe1ed671a033b6fb4cf36cd502d8\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c585218f9bf85fb5bde703a491efd291\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\0527893dbcc7302575fed07f13ec00ce\System.Web.Services.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e545638ea70536add25a06f19669fc6d\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\88b1647db8a9c949fdfefbe376318546\System.ComponentModel.Composition.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NTLMSHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcSpecfc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hlink.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768)
File "C:\Windows\splwow64.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\notepad.exe" is sparse (flags = 32768)
File "C:\Windows\System32\feclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efswrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimtf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dsreg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\normaliz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tquery.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdart.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msiltcfg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\idndl.dll" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MICROSOFTEDGE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BROWSER_BROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MICROSOFTEDGECP.EXE" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Simply.Conne126e6b8#\16e09558bf26b5d8dd56dc7b60939346\Simply.ConnectionManagerServiceClient.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\0a962f337b3651706d595ee4c1d56bef\Accessibility.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data7706cdc8#\88df1892f8503cacd47b5c6a149b1935\System.Data.DataSetExtensions.ni.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\System\ado\msado15.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\System\Ole DB\msdatl3.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\System\Ole DB\msdasqlr.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\System\msadc\msadce.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\fb496fe224f427f206ec5f4bc0d18aa3\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dui70.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ICONCODECSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ntlanman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DLNASHEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVDISPITEMPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHOTOMETADATAHANDLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKEXPLORER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\shunimpl.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\System\ado\msadrh15.dll" is sparse (flags = 32768)
File "C:\Windows\System32\odbccp32.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c8e6333b12f5ea1252b6d7800e7931de\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\9df4e2b15ccdd1180fbd9d30b17e5dd0\System.Security.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\97075863c4004de9c1cd8c4d690e1e14\Microsoft.CSharp.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\757d21f3949f8d2d82eb40b64d67509d\System.Dynamic.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpials.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthHfAud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rfcomm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthA2DP.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthpan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WSDPrint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Program Files (x86)\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
Infected: C:\Users\1\AppData\Local\Temp\722VC8g86Jh6.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\7iBUjfF9TRTs.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\fKY0foqi8yWc.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\ozpM6qwZ4mq1.exe --> [Adware.Tuto4PC]
Infected: C:\Users\1\AppData\Local\Temp\QwfUELWy4b3a.exe --> [Adware.LoadMoney]
Infected: C:\Users\1\AppData\Local\Temp\San258B.tmp --> [Adware.SpeedBit]
Infected: C:\Users\1\AppData\Local\Temp\San6292.tmp --> [Adware.SpeedBit]
Infected: C:\Users\1\AppData\Local\Temp\sHUxF2jh3hE3.exe --> [Adware.LoadMoney]
File "C:\Users\1\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL\OtherSearch Inc CA 2.cer --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL\cert.db --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\SSL\xtls.db --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1 --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\data.dt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\dlog.txt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\kl.dll --> [Adware.OtherSearch.TSKRST]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OtherSearch --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\kl.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\kl.ecf --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\s.xml --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\slite.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\uninstall.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\upd.dt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\updengine.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\certutil.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\mozcrt19.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\nspr4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\nss3.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\plc4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\plds4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\smime3.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\ZbJc59L7u1\nss\softokn3.dll --> [Adware.OtherSearch.TSKRST]
File C:\Windows\System32\drivers\Lace_wpf_x64.sys will be destroyed
Infected: C:\Windows\System32\drivers\Lace_wpf_x64.sys --> [Rootkit.Komodia.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Lace514 --> [Rootkit.Komodia.PUA]
File C:\Windows\System32\drivers\wfcre.sys will be destroyed
Infected: C:\Windows\System32\drivers\wfcre.sys --> [PUP.Optional.ChinAd]
Infected: C:\Windows\Microsoft\svchost.exe.exe --> [Trojan.Agent]
Infected: C:\Windows\System32\icacl.exe --> [Trojan.Stantiko]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\icacl --> [Trojan.Stantiko]
Infected: C:\Windows\System32\icacl.exe --> [Trojan.Stantiko]
Infected: C:\Windows\Microsoft\svchost.exe --> [Backdoor.XTRat]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SvcHost Service Host --> [Backdoor.XTRat]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE --> [Backdoor.XTRat]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE --> [Backdoor.XTRat]
Infected: C:\Windows\Microsoft\svchost.exe --> [Backdoor.XTRat]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 10.0.14393 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.1358.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 4168376320, free: 2091438080
 

 

 

Step 2 - After Clean and reboot - log file:

 

# AdwCleaner 7.0.4.0 - Logfile created on Mon Nov 13 20:55:27 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-13-2017.3
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
PUP.Optional.Legacy, C:\END
PUP.Optional.Legacy, C:\Windows\SysNative\drivers\Lace_wpf_x64.sys
PUP.Optional.ChinAd, C:\Windows\SysNative\drivers\wfcre.sys

***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
 
Step 3:  How is computer running now?  Well, nothing has popped up in the last 10 minutes.  Did we get rid of it?


#6 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 13 November 2017 - 06:01 PM

I think we have to do some more work.

FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the boxes next to Addition.txt and Shortcut.txt. Then press the Scan button.
  • When finished, it will produce logs called FRST.txt, Shortcut.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Edited by Jo*, 13 November 2017 - 06:02 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Emvie

Emvie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 13 November 2017 - 06:11 PM

Shortcut.txt

 

 

Users shortcut scan result (x64) Version: 12-11-2017 03
Ran by 1 (13-11-2017 15:05:56)
Running from C:\Users\1\Downloads
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

Shortcut: C:\Users\1\Videos\Barney Movies\Barney & Friends - Now I Know My ABC's (2004)UniversalFreedom.avi.lnk -> C:\Users\1\Desktop\Cheyannes Videos\Movies\Barney & Friends - Now I Know My ABC's (2004)UniversalFreedom.avi (No File)
Shortcut: C:\Users\1\Videos\Barney Movies\Barney - Lets Go To The Farm DVDRip Xvid ResourceRG Kids Release Reidy.avi.lnk -> C:\Users\1\Documents\LimeWire\Saved\Barney - Lets Go To The Farm DVDRip Xvid ResourceRG Kids Release Reidy\Barney - Lets Go To The Farm DVDRip Xvid ResourceRG Kids Release Reidy.avi (No File)
Shortcut: C:\Users\1\Music\Windows8_OS © - Shortcut.lnk -> C:\ ()
Shortcut: C:\Users\1\Links\Desktop.lnk -> C:\Users\1\Desktop ()
Shortcut: C:\Users\1\Links\Downloads.lnk -> C:\Users\1\Downloads ()
Shortcut: C:\Users\1\Links\Dropbox.lnk -> C:\Users\1\Dropbox ()
Shortcut: C:\Users\1\Links\OneDrive.lnk -> C:\Users\1\OneDrive ()
Shortcut: C:\Users\1\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\1\Documents\Downloads - Shortcut.lnk -> C:\Users\1\Downloads ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\FM PDF To Word.lnk -> C:\Program Files (x86)\FM Software Studio\FM PDF To Word Converter Pro\FM PDF To Word Pro.exe (No File)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Free PDF To Word.lnk -> C:\Program Files (x86)\FM Software Studio\Free PDF To Word Converter\Free PDF To Word Converter.exe (No File)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\3D Home Architect Design Suite Deluxe 8.lnk -> C:\Program Files (x86)\3D Home Architect\Design Suite Deluxe 8\Bin\3DHDS80.exe (CADSOFT)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (No File)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Flash Slideshow Maker Professional.lnk -> C:\Program Files (x86)\Flash Slideshow Maker Professional\fssmpro.exe ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Kobo.lnk -> C:\Program Files (x86)\Kobo\Kobo.exe ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Michaela.psafe3 - Shortcut.lnk -> C:\Users\1\Documents\My Safes\Michaela.psafe3 ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk -> C:\Program Files\Vuze\Azureus.exe (No File)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\InstantRails Manager.lnk -> C:\Users\1\Documents\InstantRails2\InstantRails.exe (InstantRails)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office FrontPage.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ZinioLLC.Zinio_0q6dqzpp40p2e\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Microsoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ParrotSA.AR.FreeFlight_5w198hbdrfdwt\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsScan_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsReadingList_8wekyb3d8bbwe\Microsoft.WindowsReadingList.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\CompanionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Reader_8wekyb3d8bbwe\Microsoft.Reader.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsDefaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingHealthAndFitness_8wekyb3d8bbwe\AppexHealthAndFitness.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AppexFoodAndDrink.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_bq6yxensn79aw\McAfeeCentral.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\king.com.CandyCrushSaga_kgqvnymyfvs32\App.lnk -> CandyCrushSodaSaga
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\GoPro.GoProChannel_1h9vz9xjm6b8c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Evernote.Evernote_q4d96b2w5wcc2\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ENFEEL.Birzzle_x6zre6nb2hma6\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\eBayInc.eBay_1618n3s9xq8tw\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\E046963F.LenovoSupport_k1h2ywk1493x8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\E046963F.LenovoCompanion_k1h2ywk1493x8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ConceptofIslam.ILoveMath_2dtm287phm2tt\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AFF540DC.FLVMediaPlayer_v7353qx4kg3sa\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AD2F1837.HPPrinterControl_v10z8vjag6ke6\AD2F1837.HPPrinterControl.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\9E2F88E3.Twitter_wgeqdkkx372wm\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Desktop\FRST64.exe - Shortcut.lnk -> C:\Users\1\Downloads\FRST64.exe (Farbar)
Shortcut: C:\Users\1\Desktop\Videos - Shortcut.lnk -> C:\Users\1\Videos ()
Shortcut: C:\Users\1\Desktop\WD Drive\WD Drive Utilities.lnk -> C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilities.exe (Western Digital Technologies, Inc.)
Shortcut: C:\Users\1\Desktop\WD Drive\WD Security.lnk -> C:\Program Files (x86)\Western Digital\WD Security\WDSecurity.exe (Western Digital Technologies, Inc.)
Shortcut: C:\Users\1\Desktop\Shortcuts\3D Home Architect Design Suite Deluxe 8.lnk -> C:\Program Files (x86)\3D Home Architect\Design Suite Deluxe 8\Bin\3DHDS80.exe (CADSOFT)
Shortcut: C:\Users\1\Desktop\Shortcuts\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\1\Desktop\Shortcuts\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (No File)
Shortcut: C:\Users\1\Desktop\Shortcuts\Flash Slideshow Maker Professional.lnk -> C:\Program Files (x86)\Flash Slideshow Maker Professional\fssmpro.exe ()
Shortcut: C:\Users\1\Desktop\Shortcuts\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\Users\1\Desktop\Shortcuts\Kobo.lnk -> C:\Program Files (x86)\Kobo\Kobo.exe ()
Shortcut: C:\Users\1\Desktop\Shortcuts\Michaela.psafe3 - Shortcut.lnk -> C:\Users\1\Documents\My Safes\Michaela.psafe3 ()
Shortcut: C:\Users\1\Desktop\Shortcuts\Sage 50 Pro Accounting .lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting\Sage50Accounting.exe (Sage)
Shortcut: C:\Users\1\Desktop\Shortcuts\Sage 50 Pro Accounting Version 2016.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2016\Sage50Accounting.exe (Sage)
Shortcut: C:\Users\1\Desktop\Shortcuts\Shop for Supplies - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\hpqDTSS.exe (Hewlett-Packard Development Company, LP)
Shortcut: C:\Users\1\Desktop\Shortcuts\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\1\Desktop\Shortcuts\TurboTax Canada 2014.lnk -> C:\Program Files (x86)\TurboTax 2014\tt2014.exe (Intuit Canada ULC)
Shortcut: C:\Users\1\Desktop\Easter\OneDrive - Shortcut.lnk -> C:\Users\1\OneDrive ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\1\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe\Password Safe Help.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.chm ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe\Password Safe Uninstall.lnk -> C:\Program Files (x86)\Password Safe\Uninstall.exe ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe\Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\1\Dropbox ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\InstantRails Manager.lnk -> C:\Users\1\Documents\InstantRails2\InstantRails.exe (InstantRails)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office FrontPage.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ZinioLLC.Zinio_0q6dqzpp40p2e\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Microsoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ParrotSA.AR.FreeFlight_5w198hbdrfdwt\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsScan_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsReadingList_8wekyb3d8bbwe\Microsoft.WindowsReadingList.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\CompanionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Reader_8wekyb3d8bbwe\Microsoft.Reader.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsDefaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingHealthAndFitness_8wekyb3d8bbwe\AppexHealthAndFitness.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AppexFoodAndDrink.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_bq6yxensn79aw\McAfeeCentral.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\king.com.CandyCrushSaga_kgqvnymyfvs32\App.lnk -> CandyCrushSodaSaga
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\GoPro.GoProChannel_1h9vz9xjm6b8c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Evernote.Evernote_q4d96b2w5wcc2\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ENFEEL.Birzzle_x6zre6nb2hma6\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\eBayInc.eBay_1618n3s9xq8tw\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\E046963F.LenovoSupport_k1h2ywk1493x8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\E046963F.LenovoCompanion_k1h2ywk1493x8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ConceptofIslam.ILoveMath_2dtm287phm2tt\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AFF540DC.FLVMediaPlayer_v7353qx4kg3sa\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AD2F1837.HPPrinterControl_v10z8vjag6ke6\AD2F1837.HPPrinterControl.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\9E2F88E3.Twitter_wgeqdkkx372wm\App.lnk -> Tile and icon assets
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\1\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\1\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\1\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\1\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\1\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\1 ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk -> C:\Windows\Installer\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}\amazonicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{52D87F32-70E4-4348-8148-C0B9F35B1314}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk -> C:\Windows\Installer\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}\Professional.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOW Slider\Get Business Edition!.lnk -> C:\Program Files (x86)\WOW Slider\buy.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOW Slider\Home Page.lnk -> C:\Program Files (x86)\WOW Slider\help.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOW Slider\Uninstall.lnk -> C:\Program Files (x86)\WOW Slider\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOW Slider\WOW Slider.lnk -> C:\Program Files (x86)\WOW Slider\WOWSlider.exe (WOWSlider.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD SmartWare\WD Quick View.lnk -> C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD Apps\WD Drive Utilities.lnk -> C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilities.exe (Western Digital Technologies, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD Apps\WD Security.lnk -> C:\Program Files (x86)\Western Digital\WD Security\WDSecurity.exe (Western Digital Technologies, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax\TurboTax Canada 2014.lnk -> C:\Program Files (x86)\TurboTax 2014\tt2014.exe (Intuit Canada ULC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype for desktop.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2017\Company File Check & Repair.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\dbverifier\Sage_SA_DBVerifier.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2017\Microsoft Office Documents.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\Sage_SA_custrep.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2017\Sage 50 Pro Accounting Version 2017.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\Sage50Accounting.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2016\Company File Check & Repair.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2016\dbverifier\Sage_SA_DBVerifier.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2016\Microsoft Office Documents.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2016\Sage_SA_custrep.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2016\Sage 50 Pro Accounting Version 2016.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2016\Sage50Accounting.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2015\Company File Check & Repair.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2015\dbverifier\Sage_SA_DBVerifier.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2015\Microsoft Office Documents.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2015\Sage_SA_custrep.exe (Sage Software Canada, Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2015\Sage 50 Pro Accounting Version 2015.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2015\Sage50Accounting.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneKey Recovery\OneKey Recovery.lnk -> C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe (CyberLink)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office FrontPage 2003.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Office Anytime Upgrade.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\promo.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\UserGuide.lnk -> C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe (Lenovo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\YouCam\Lenovo YouCam.lnk -> C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\MotionControl\Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Transition\Lenovo Transition.lnk -> C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe (Lenovo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo\Kobo.lnk -> C:\Program Files (x86)\Kobo\Kobo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Graphics and Media Control Panel.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Slideshow Maker Professional\Flash Slideshow Maker Professional.lnk -> C:\Program Files (x86)\Flash Slideshow Maker Professional\fssmpro.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Slideshow Maker Professional\Uninstall.lnk -> C:\Program Files (x86)\Flash Slideshow Maker Professional\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Slideshow Maker Professional\Website.lnk -> C:\Program Files (x86)\Flash Slideshow Maker Professional\Flash Slideshow Maker Pro.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cssSlider\cssSlider.lnk -> C:\Program Files (x86)\cssSlider\cssSlider.exe (cssSlider.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cssSlider\Home Page.lnk -> C:\Program Files (x86)\cssSlider\help.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cssSlider\Uninstall.lnk -> C:\Program Files (x86)\cssSlider\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant\SAII\SmartAudio.lnk -> C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\Brother Utilities.lnk -> C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe (Brother Industories, Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft® Windows® Operating System)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Home Architect\Design Suite Deluxe 8.lnk -> C:\Program Files (x86)\3D Home Architect\Design Suite Deluxe 8\Bin\3DHDS80.exe (CADSOFT)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software\Absolute Data Protect.lnk -> C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe (Absolute Software)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Brother Utilities.lnk -> C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe (Brother Industories, Ltd.)
Shortcut: C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk -> C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe ()
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Sage 50 Pro Accounting Version 2017.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\Sage50Accounting.exe (Sage)
Shortcut: C:\Users\Public\Desktop\WinSCP.lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl)
Shortcut: C:\Users\Public\Desktop\WOW Slider.lnk -> C:\Program Files (x86)\WOW Slider\WOWSlider.exe (WOWSlider.com)

ShortcutWithArgument: C:\Users\1\Desktop\Shortcuts\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=hbbzbcnbl1au,4d124127-238d-414c-a81c-dfd4102e2719,
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=hbbzbcnbl1au,4d124127-238d-414c-a81c-dfd4102e2719,

ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc.) -> /p 2
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\1\Desktop\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc.) -> /p 2
ShortcutWithArgument: C:\Users\1\Desktop\WD Drive\WD Backup.lnk -> C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe (Western Digital Technologies, Inc.) -> -launchbackupdefault
ShortcutWithArgument: C:\Users\1\Desktop\Shortcuts\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\SendTo\WinSCP (for upload).lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl) -> /upload
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD Backup\WD Backup.lnk -> C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe (Western Digital Technologies, Inc.) -> -launchbackupdefault
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2017\Sage 50 Connection Manager.lnk -> C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage) -> ShowDlgOnly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2017\Sage 50 Troubleshooter.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\TST\Sage_SA_TST.exe (Sage) -> en
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2016\Sage 50 Connection Manager.lnk -> C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage) -> ShowDlgOnly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2016\Sage 50 Troubleshooter.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2016\TST\Sage_SA_TST.exe (Sage) -> en
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2015\Sage 50 Connection Manager.lnk -> C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage) -> ShowDlgOnly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2015\Sage 50 Troubleshooter.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2015\TST\Sage_SA_TST.exe (Sage) -> en
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\YouCam\Lenovo YouCam Mirror.lnk -> C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) -> /m
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center\Intel AppUp(SM) center.lnk -> C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe (Intel Corporation) -> --domain F0399437-FD0C-4A48-B101-F0314A6172E4
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc.) -> /p 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP ENVY 4500 series\HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HP ENVY 4500 series.exe (Hewlett-Packard Development Company, LP) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HP ENVY 4500 series.exe (Hewlett-Packard Development Company, LP) -> -Start UDCDevicePage
ShortcutWithArgument: C:\Users\Public\Desktop\WD Backup.lnk -> C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe (Western Digital Technologies, Inc.) -> -launchbackupdefault

InternetURL: C:\Users\1\OneDrive\Documents\Michaela's Notebook.url -> URL: hxxps://onedrive.live.com/redir.aspx?cid=21237385f829bced&resid=21237385F829BCED!4655&type=3
InternetURL: C:\Users\1\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\1\Favorites\powderking.com  Home.url -> URL: hxxp://www.powderking.com/
InternetURL: C:\Users\1\Favorites\Sandwich Event Planner--Ellen's Kitchen.url -> URL: hxxp://www.ellenskitchen.com/bigpots/plan/sandwich100.html
InternetURL: C:\Users\1\Favorites\Tabor Mountain Ski Resort.url -> URL: hxxp://www.tabormountain.com/index.php?limit=3
InternetURL: C:\Users\1\Favorites\▶ I Can Only Imagine (with lyrics) - MercyMe - YouTube.url -> URL: hxxps://www.youtube.com/watch?v=0xwzItqYmII
InternetURL: C:\Users\1\Favorites\Links\Activities.url -> URL: hxxps://www.mec.ca/en/search/?text=leather+telemark+boots#/activities
InternetURL: C:\Users\1\Favorites\Links\Blakebuchanan's Buysell - Pinkbike.url -> BASEURL: hxxps://www.pinkbike.com/u/Blakebuchanan/buysell/watchlist/ URL: hxxps://www.pinkbike.com/u/Blakebuchanan/buysell/watchlist/
InternetURL: C:\Users\1\Favorites\Links\Google.url -> BASEURL: hxxps://www.google.ca/?gfe_rd=cr&dcr=0&ei=F47mWf7IH-fe8AfW97_oBg&gws_rd=ssl URL: hxxps://www.google.ca/?gfe_rd=cr&dcr=0&ei=F47mWf7IH-fe8AfW97_oBg&gws_rd=ssl
InternetURL: C:\Users\1\Favorites\Links\Log In.url -> URL: hxxps://www.paypal.com/ca/cgi-bin/webscr?cmd=_login-run
InternetURL: C:\Users\1\Favorites\Links\powderking.com  Home.url -> URL: hxxp://www.powderking.com/
InternetURL: C:\Users\1\Favorites\Links\Purden Ski Village - British Columbia, Canada.url -> URL: hxxp://www.purden.com/ski/wintersetup.htm
InternetURL: C:\Users\1\Favorites\Links\purdenlake.everfocusddns.com.url -> BASEURL: hxxp://209.52.70.143:70/login.html?1600 URL: hxxp://209.52.70.143:70/login.html?1600
InternetURL: C:\Users\1\Favorites\Links\purdenski.everfocusddns.com.url -> BASEURL: hxxp://209.52.70.146:90/login.html?1600 URL: hxxp://209.52.70.146:90/login.html?1600
InternetURL: C:\Users\1\Favorites\Links\Tabor Mountain Ski Resort.url -> URL: hxxp://www.tabormountain.com/index.php?limit=3
InternetURL: C:\Users\1\Favorites\Links\Troll Resort  Your Skiing and Outdoor Family Fun Destination.url -> URL: hxxp://trollresort.com/
InternetURL: C:\Users\1\Favorites\Links\YouTube to mp3 Converter.url -> URL: hxxp://www.youtube-mp3.org/
InternetURL: C:\Users\1\Favorites\Links\YouTube.url -> URL: hxxps://www.youtube.com/?gl=CA
InternetURL: C:\Users\1\Favorites\Lenovo\Lenovo Support.url -> URL: hxxp://support.lenovo.com/
InternetURL: C:\Users\1\Favorites\Lenovo\Lenovo.url -> URL: hxxp://www.lenovo.com/
InternetURL: C:\Users\1\Favorites\HP\Accessories.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\eBay.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\Everyday Printing & Computing.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\HP Creative Studio.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\HP Shopping.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpshop&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\Snapfish.url -> URL: hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_ca
InternetURL: C:\Users\1\Favorites\HP\Software and Driver Downloads.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\WildTangent Games for HP.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Lake Cameras.website -> URL: hxxp://10.10.61.229:70/login.html?1600
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\OpenCampground.url -> BASEURL: hxxp://localhost:3000/?%2F=reservation URL: hxxp://localhost:3000/?%2F=reservation
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Prince George, BC - 7 Day Forecast - Environment Canada (2).url -> URL: hxxps://weather.gc.ca/city/pages/bc-79_metric_e.html
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Coughs - And How to Treat Them » Homeopathy Plus.url -> URL: hxxp://homeopathyplus.com.au/coughs-and-how-to-treat-them/
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\EasyWeb.url -> URL: hxxps://easyweb.td.com/waw/idp/login.htm?execution=e1s1
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Integris Credit Union - Online Banking (2).url -> URL: hxxps://my.integriscu.ca/
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\4_04_six_tips_convo_skills.url -> URL: hxxp://www.autismoutreach.ca/sites/default/files/4_04_six_tips_convo_skills.pdf
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\Google.url -> URL: hxxps://www.google.ca/
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\The Son-Rise Program Blog.url -> URL: hxxp://blog.autismtreatmentcenter.org/
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\YouTube.url -> URL: hxxps://www.youtube.com/?gl=CA
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Internet Explorer\Pinned Sites\Digital Video Recorder.website -> URL: hxxp://10.10.61.229:70/login.html?1600
InternetURL: C:\Users\1\Documents\My Files\Paul\Court Lists\Breach\Criminal Law Firm  Criminal Defence Lawyer  Bolton Hatcher Dance, Vancouver.url -> URL: hxxp://www.bhd-law.com/
InternetURL: C:\Users\1\Desktop\Everfocus DDNS.url -> URL: hxxp://everfocusddns.com/main/index.php
InternetURL: C:\Users\1\Desktop\OpenCampground.url -> BASEURL: hxxp://localhost:3000/?%2F=reservation URL: hxxp://localhost:3000/?%2F=reservation
InternetURL: C:\Users\1\Desktop\Part V - Standard 507 - Flight Authority and Certificate of Noise Compliance - Transport Canada.url -> URL: hxxp://www.tc.gc.ca/eng/civilaviation/regserv/cars/part5-standards-standard507-1953.htm
InternetURL: C:\Users\1\Desktop\Part V - Standard 571 - Maintenance - Transport Canada.url -> URL: hxxp://www.tc.gc.ca/eng/civilaviation/regserv/cars/part5-standards-standard571-1971.htm
InternetURL: C:\Users\1\Desktop\Prince George, BC - 7 Day Forecast - Environment Canada (2).url -> URL: hxxps://weather.gc.ca/city/pages/bc-79_metric_e.html
InternetURL: C:\Users\1\Desktop\Weather Radar - Prince George, BC - Environment Canada.url -> URL: hxxps://weather.gc.ca/radar/index_e.html?id=XPG
InternetURL: C:\Users\1\Desktop\Shortcuts\Coughs - And How to Treat Them » Homeopathy Plus.url -> URL: hxxp://homeopathyplus.com.au/coughs-and-how-to-treat-them/
InternetURL: C:\Users\1\Desktop\Shortcuts\EasyWeb.url -> URL: hxxps://easyweb.td.com/waw/idp/login.htm?execution=e1s1
InternetURL: C:\Users\1\Desktop\Shortcuts\Integris Credit Union - Online Banking (2).url -> URL: hxxps://my.integriscu.ca/
InternetURL: C:\Users\1\Desktop\Shortcuts\RBC Royal Bank - Sign In to Online Banking.url -> URL: hxxps://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH&_ga=1.222070161.866738058.1405805191
InternetURL: C:\Users\1\Desktop\Shortcuts\T_Court of Appeal.url -> URL: hxxps://www.google.ca/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwjy1OjLwuPQAhVU2GMKHXHFBigQFggcMAA&url=http%3A%2F%2Fwww.courts.gov.bc.ca%2FCourt_of_Appeal%2F&usg=AFQjCNFlzH0d8xFmyoi0OeqHf0fY4wa4iQ&sig2=zG_tkCCWk2Hnb86_k5R9oA
InternetURL: C:\Users\1\Desktop\Shortcuts\u_Adult Court Lists Daily(Provincial) - Criminal Court Lists - Court Services - Ministry of Justice.url -> URL: hxxp://www.ag.gov.bc.ca/courts/court-lists/criminal/DAPCindex.html
InternetURL: C:\Users\1\Desktop\Shortcuts\v_Completed Adult Court Lists (Provincial) - Criminal Court Lists - Court Services - Ministry of Justice.url -> URL: hxxp://www.ag.gov.bc.ca/courts/court-lists/criminal/DACCPindex.html
InternetURL: C:\Users\1\Desktop\Shortcuts\w_CSO - Search Traffic-Criminal By Participant Name.url -> URL: hxxps://justice.gov.bc.ca/cso/esearch/criminal/partySearchNew.do
InternetURL: C:\Users\1\Desktop\Shortcuts\x_Completed Adult Court Lists (Supreme) - Criminal Court Lists - Court Services - Ministry of Justice (2).url -> URL: hxxp://www.ag.gov.bc.ca/courts/court-lists/criminal/DACCSindex.html
InternetURL: C:\Users\1\Desktop\Shortcuts\y_Supreme Court - Hearing Lists.url -> URL: hxxp://www.courts.gov.bc.ca/supreme_court/hearing_list/index.aspx
InternetURL: C:\Users\1\Desktop\Shortcuts\z_Adult Court Lists Daily (Supreme).url -> URL: hxxp://www.ag.gov.bc.ca/courts/court-lists/criminal/DASCindex.html
InternetURL: C:\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\4_04_six_tips_convo_skills.url -> URL: hxxp://www.autismoutreach.ca/sites/default/files/4_04_six_tips_convo_skills.pdf
InternetURL: C:\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\Google.url -> URL: hxxps://www.google.ca/
InternetURL: C:\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\The Son-Rise Program Blog.url -> URL: hxxp://blog.autismtreatmentcenter.org/
InternetURL: C:\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\YouTube.url -> URL: hxxps://www.youtube.com/?gl=CA
InternetURL: C:\Users\1\AppData\Local\Microsoft\Internet Explorer\Pinned Sites\Digital Video Recorder.website -> URL: hxxp://10.10.61.229:70/login.html?1600
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL ->
InternetURL: C:\Users\Default\Favorites\Lenovo\Lenovo Support.url -> URL: hxxp://support.lenovo.com/
InternetURL: C:\Users\Default\Favorites\Lenovo\Lenovo.url -> URL: hxxp://www.lenovo.com/
InternetURL: C:\Users\Default\Favorites\Amazon\Amazon.com.url -> URL: hxxp://www.amazon.com/ref=bit_lnv_fav?tag=lenovo-abb-bm-us-ie-20
InternetURL: C:\Users\Default\Favorites\Amazon\AmazonBrowserBar.url -> URL: hxxp://www.amazon.com/gp/bit/amazonbrowserbar/ref=bit_lnv_fav?tag=lenovo-abb-bm-us-ie-20
==================== End of Shortcut.txt =============================

 

 

Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by 1 (13-11-2017 15:05:16)
Running from C:\Users\1\Downloads
Windows 10 Home Version 1607 14393.1358 (X64) (2016-10-02 04:19:44)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
1 (S-1-5-21-1725315453-2740151350-3882751306-1001 - Administrator - Enabled) => C:\Users\1
Administrator (S-1-5-21-1725315453-2740151350-3882751306-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1725315453-2740151350-3882751306-503 - Limited - Disabled)
Guest (S-1-5-21-1725315453-2740151350-3882751306-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1725315453-2740151350-3882751306-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore) Hidden
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J625DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
cssSlider (HKLM-x32\...\cssSlider_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 38.4.27 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
Flash Slideshow Maker Pro 5.20 (HKLM-x32\...\Flash Slideshow Maker Pro) (Version: 5.20 - Flash-Slideshow-Maker.COM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.12.0.7638 (HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\GoToMeeting) (Version: 8.12.0.7638 - LogMeIn, Inc.)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.37.11 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kobo (HKLM-x32\...\Kobo) (Version: 3.18.0 - Rakuten Kobo Inc.)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.907.1 - Vimicro)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.22 - Lenovo)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.43 - Lenovo)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
mydlink services plugin (HKLM-x32\...\{1A9B665A-5F27-4F71-BF90-22FDFE7A1635}) (Version: 1.0.2.7 - D-Link Corporation)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{6A85286D-BA0F-4318-8C30-AD74A33AAD36}) (Version: 3.51.28 - Oracle Corporation)
MySQL Connector/ODBC 5.2(a) (HKLM-x32\...\{6BAA9A62-1520-4063-A5B4-FFB3D6EC62BB}) (Version: 5.2.4 - Oracle Corporation)
Nitro Pro 8 (HKLM\...\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}) (Version: 8.0.7.3 - Nitro)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.00.0198 - REALTEK Semiconductor Corp.)
Sage 50 Accounting (HKLM-x32\...\{040522E9-CDA8-495B-941D-8B4164A2CE49}) (Version: 24.10.1001 - Sage Software) Hidden
Sage 50 Accounting (HKLM-x32\...\{1585982E-766D-476A-BF0D-5FE4A1C1BE9F}) (Version: 22.00.1001 - Sage Software) Hidden
Sage 50 Accounting (HKLM-x32\...\{3F4F1778-F87C-4B08-BCE6-1BF3E42F26BD}) (Version: 23.00.2001 - Sage Software) Hidden
Sage 50 Accounting (HKLM-x32\...\{B9DBDDE5-ED84-4D53-92BD-DD5BE646BB4B}) (Version: 21.20.1001 - Sage Software) Hidden
Sage 50 Accounting (HKLM-x32\...\InstallShield_{B9DBDDE5-ED84-4D53-92BD-DD5BE646BB4B}) (Version: 21.20.1001 - Sage Software)
Sage 50 Accounting Component (HKLM-x32\...\{17DD6AD4-5F32-4B6B-9323-1F034C818BF5}) (Version: 24.10.10002.1 - Sage Software) Hidden
Sage 50 Accounting Component (HKLM-x32\...\{9D79A79D-B2B1-44F3-8E7A-4E5E2C87B3DF}) (Version: 24.10.10002.1 - Sage Software) Hidden
Sage 50 Accounting Version 2015 (HKLM-x32\...\InstallShield_{1585982E-766D-476A-BF0D-5FE4A1C1BE9F}) (Version: 22.00.1001 - Sage Software)
Sage 50 Accounting Version 2016 (HKLM-x32\...\InstallShield_{3F4F1778-F87C-4B08-BCE6-1BF3E42F26BD}) (Version: 23.00.2001 - Sage Software)
Sage 50 Accounting Version 2017 (HKLM-x32\...\InstallShield_{040522E9-CDA8-495B-941D-8B4164A2CE49}) (Version: 24.10.1001 - Sage Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TurboTax 2014 (HKLM-x32\...\{0B69B187-4F9F-41C2-B850-735D1A323571}) (Version: 1.00.0000 - Intuit Canada)
Unity Web Player (HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
WD Backup (HKLM-x32\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinSCP 5.9.4 (HKLM-x32\...\winscp3_is1) (Version: 5.9.4 - Martin Prikryl)
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version:  - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\1\AppData\Local\GoToMeeting\7297\G2MOutlookAddin64.dll (LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2012-11-18] (Nitro PDF)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01C8DA5B-3123-454F-B303-572AC6DA7F4D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0576CC06-1186-4E6C-8C9A-D309CA100F46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {0BE03EB6-B592-45A2-9F81-784702E4D8DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0D74D9B8-7BE8-40E3-A03C-2F03C4F2730A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {123B1EFF-5577-4EFB-9AD6-2902C2475437} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {23970C07-B79E-4773-9E44-51ED892642C0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2B4AD9FB-3888-46EB-8462-4EEAF5A7B032} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {2C3B20AC-3D51-4252-AC5F-03E878BD13ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN4152T72W => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {2DF7591C-E635-4567-A676-6D25E08AFC75} - System32\Tasks\G2MUploadTask-S-1-5-21-1725315453-2740151350-3882751306-1001 => C:\Users\1\AppData\Local\GoToMeeting\7638\g2mupload.exe [2017-09-17] (LogMeIn, Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4F500BEA-64DB-4AD0-94D2-326D03875419} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5214883E-BC67-4730-962E-D37578CE8288} - System32\Tasks\curl => C:\Users\1\AppData\Roaming\curl\curl_7_54.exe [2017-11-11] (curl, hxxps://curl.haxx.se/) <==== ATTENTION
Task: {55E25868-512B-4DB6-82BE-3D7EBCA93528} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5F843619-E52C-4F09-BE5D-1F27589A846C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {60F04CD6-F7C2-489D-9164-D5B3E5E98A13} - System32\Tasks\curls => C:\Users\1\AppData\Roaming\curl\curl.exe <==== ATTENTION
Task: {625997F0-1568-4D76-BA95-B71BD67B87F8} - System32\Tasks\5SJB4cSjkS => C:\Program Files (x86)\ZbJc59L7u1\updengine.exe <==== ATTENTION
Task: {69CCCCD4-47BA-4B35-93A6-8E41B2F32106} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {7C5C963C-FAF0-447D-98C8-FB41E0AD4B90} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {876088D4-FD93-4E8B-9F2B-15DAFA867A62} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-15] (Dropbox, Inc.)
Task: {8984EF9E-C264-4452-93F9-393CDEDC8B31} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {8D22576A-B276-4B2C-BD18-6BC74C1021A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {9015E709-46A1-4B44-AF1A-63E6309DD601} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {A375ABD0-6A73-4343-95C6-AABFFD1ABBAC} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {A68FC3CB-5705-47AB-AEAA-B4BA8E404ED7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {AF8C5D69-9C02-4B0E-8120-B27212C6C87C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {BAE6DF68-6B3F-41D8-B6FF-7EC5D6600D6B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BBE35E76-8D54-4D99-B4A4-3414E55639D8} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {BDAA99AE-79FA-49E6-9CA4-268E67EA04C3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C11ABE89-1867-4B7C-8D48-3D918C8BB2FB} - System32\Tasks\HPCeeScheduleFor1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {D14EECB8-508C-4471-A48F-608396E9BD18} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E0686D46-060A-422E-906A-6065FC6E3298} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E60D4ADB-55C9-4044-8EA2-ED98CE4447B5} - System32\Tasks\G2MUpdateTask-S-1-5-21-1725315453-2740151350-3882751306-1001 => C:\Users\1\AppData\Local\GoToMeeting\7638\g2mupdate.exe [2017-09-17] (LogMeIn, Inc.)
Task: {E67C957F-D084-4EAE-8E8F-1E0DB0F0ADE2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {EA5DE9DE-2A7F-451D-9EA9-93E42EE63108} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {EF721C5A-5CED-421A-A995-834EF3BED675} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-15] (Dropbox, Inc.)
Task: {F0CEE7AB-153C-458C-AC8C-3EDA35B70153} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F5C45611-3856-4283-B27E-0D6BEA6D6100} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {F6ABF613-28D7-4F1D-A69C-BB74C73A0922} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1725315453-2740151350-3882751306-1001.job => C:\Users\1\AppData\Local\GoToMeeting\7638\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1725315453-2740151350-3882751306-1001.job => C:\Users\1\AppData\Local\GoToMeeting\7638\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFor1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
ShortcutWithArgument: C:\Users\1\Desktop\Shortcuts\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=hbbzbcnbl1au,4d124127-238d-414c-a81c-dfd4102e2719,
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=hbbzbcnbl1au,4d124127-238d-414c-a81c-dfd4102e2719,
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 03:42 - 2016-07-16 03:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-23 09:25 - 2017-06-03 02:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-08 23:44 - 2017-05-08 23:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-25 18:54 - 2005-04-21 20:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2013-02-03 18:15 - 2013-02-03 18:15 - 000059472 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2016-10-01 21:01 - 2016-10-01 21:01 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-06-03 13:16 - 2017-03-03 22:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-06-03 13:16 - 2017-03-03 22:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-06-03 13:16 - 2017-03-03 22:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-03 13:16 - 2017-03-03 22:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-23 09:25 - 2017-06-03 00:47 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-23 09:25 - 2017-06-03 00:47 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-23 09:25 - 2017-06-03 00:51 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-02-03 18:15 - 2013-02-03 18:15 - 000209488 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2013-02-03 18:14 - 2013-02-03 18:14 - 000172112 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2013-12-11 08:54 - 2013-12-11 08:54 - 011685888 ____R () C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
2013-02-03 18:15 - 2013-02-03 18:15 - 000269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2013-02-03 18:15 - 2013-02-03 18:15 - 000018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2013-02-03 18:15 - 2013-02-03 18:15 - 000018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2017-11-11 11:54 - 2017-10-19 07:53 - 003103232 _____ () C:\Users\1\AppData\Local\yc\Application\61.0.3163.100\libglesv2.dll
2017-11-11 11:54 - 2017-10-19 07:53 - 000079872 _____ () C:\Users\1\AppData\Local\yc\Application\61.0.3163.100\libegl.dll
2013-02-03 18:14 - 2013-02-03 18:14 - 001623632 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2013-02-03 18:14 - 2013-02-03 18:14 - 000030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2017-11-05 09:49 - 2017-11-01 03:58 - 000724288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-11-05 09:49 - 2017-11-01 03:58 - 002002752 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-11-05 09:49 - 2017-11-01 03:57 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-11-05 09:49 - 2017-11-01 03:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-11-05 09:49 - 2017-11-01 03:57 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-11-05 09:49 - 2017-11-01 03:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-11-05 09:49 - 2017-11-01 04:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-11-05 09:49 - 2017-11-01 03:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-11-05 09:49 - 2017-11-01 04:01 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-11-05 09:49 - 2017-11-01 03:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-11-05 09:49 - 2017-11-01 04:01 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-11-05 09:49 - 2017-11-01 04:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-11-05 09:49 - 2017-11-01 04:01 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-11-05 09:49 - 2017-11-01 04:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-05-25 18:54 - 2009-02-27 15:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-02-03 18:07 - 2012-06-24 18:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 02:42 - 2015-11-11 02:42 - 001045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:0A8E2C33 [133]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\experts-exchange.com -> hxxps://www.experts-exchange.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2017-11-11 10:27 - 000001832 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 bratitlamio.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.wizzuniquify.com
127.0.0.1 wizzmonetize.com
127.0.0.1 laserveradedomaina.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\1\Documents\Purden Web Page\ski\images\2013_2014 Images\20140223_100326.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EE62D818-78A5-4AAC-95FE-678B5A32A775}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS6CA1\HPDiagnosticCoreUI.exe
FirewallRules: [{EE3A5F35-7330-4F41-B70F-9800EF881032}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS6CA1\HPDiagnosticCoreUI.exe
FirewallRules: [{53DBC9DE-D858-4D9F-A9BD-5668C2B40696}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{BAD161EA-4F3C-4B93-BADA-1D2A8AE43872}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{0E3C0616-8CB1-4AC7-A4BF-70CBF38D20DF}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS2440\HPDiagnosticCoreUI.exe
FirewallRules: [{5D5A2DD3-5BE2-4447-9B1B-73AC1339D7D5}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS2440\HPDiagnosticCoreUI.exe
FirewallRules: [{A7D842B5-2BC8-4A56-811C-0A09E3A38A0C}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS2300\HPDiagnosticCoreUI.exe
FirewallRules: [{56E7BCDF-6140-425F-80DD-BC91C39FE9EA}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS2300\HPDiagnosticCoreUI.exe
FirewallRules: [{D99168AE-3E97-429D-B394-3578A868390D}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS5C47\HPDiagnosticCoreUI.exe
FirewallRules: [{32D335E2-1A88-4C45-A04C-800F7EF4E663}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS5C47\HPDiagnosticCoreUI.exe
FirewallRules: [{1944057A-39E9-4A70-8E0E-DA4E5DE29EEF}] => (Allow) LPort=1900
FirewallRules: [{89C6244A-A748-47D8-A37D-26CD76B2E2BD}] => (Allow) LPort=2869
FirewallRules: [{81CF2688-D2C9-45CE-B49F-78CC14E18CB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DBF8AB7E-B3E2-4942-AA26-898F109C16AC}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1FEA\HPDiagnosticCoreUI.exe
FirewallRules: [{214E4C2C-11AF-4A5F-BA35-E485A10F92C6}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1FEA\HPDiagnosticCoreUI.exe
FirewallRules: [{3744840A-4AB1-4E28-A8FF-81306B5A7989}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1642\HPDiagnosticCoreUI.exe
FirewallRules: [{8C85621C-3BC4-4F73-AB78-8BE69FA978FE}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1642\HPDiagnosticCoreUI.exe
FirewallRules: [{F5F476F1-6166-477A-89C0-6F2D750D88FF}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1DCD848D-EFC9-4536-B012-32EA62408BE4}] => (Allow) LPort=5357
FirewallRules: [{B67AB40A-781F-45C4-A120-A5D68E81954C}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{BBAE23EA-AF09-4005-8C7D-D71D86405049}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1C23\HPDiagnosticCoreUI.exe
FirewallRules: [{A2F4FD30-8297-4D26-A8F9-A3D5E9BB6351}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1C23\HPDiagnosticCoreUI.exe
FirewallRules: [{7FC22663-8BE8-415F-BB9D-E7202ACCF266}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS184B\HPDiagnosticCoreUI.exe
FirewallRules: [{345BA362-89FA-4B33-B279-43C88FA798A6}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS184B\HPDiagnosticCoreUI.exe
FirewallRules: [{4D384774-502F-4858-B7FB-A41DC9FD6DEA}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1746\HPDiagnosticCoreUI.exe
FirewallRules: [{51F07D23-C4CA-404C-9D1C-0CE6235F6E4B}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1746\HPDiagnosticCoreUI.exe
FirewallRules: [{19C6AC29-D3B3-4C87-A6FA-9C5DB1B43149}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS5254\HPDiagnosticCoreUI.exe
FirewallRules: [{825B2CAB-2263-4CF0-993E-0AAE51616277}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS5254\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{B338A3A4-6FDB-40DF-AB03-AB66F84E03F3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{73A16418-4A43-453F-B403-5B500F554E47}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FD643ED8-1CB4-4CED-9B3E-AB122DFE846C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{BD67AE84-05C3-4B24-B318-11311AD3505F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E0D21D7C-88A3-42D6-8716-7EBA4C0BA8A6}C:\users\1\documents\instantrails2(old)\ruby\bin\ruby.exe] => (Allow) C:\users\1\documents\instantrails2(old)\ruby\bin\ruby.exe
FirewallRules: [TCP Query User{F0846B68-BCBA-4528-A26E-8EE8FCE48A01}C:\users\1\documents\instantrails2(old)\ruby\bin\ruby.exe] => (Allow) C:\users\1\documents\instantrails2(old)\ruby\bin\ruby.exe
FirewallRules: [UDP Query User{005BBD09-4E22-4DF7-81D0-482608711DB1}C:\users\1\documents\instantrails2(old)\apache\apache.exe] => (Allow) C:\users\1\documents\instantrails2(old)\apache\apache.exe
FirewallRules: [TCP Query User{D1BAE156-0789-4EA8-895D-B8801DE01275}C:\users\1\documents\instantrails2(old)\apache\apache.exe] => (Allow) C:\users\1\documents\instantrails2(old)\apache\apache.exe
FirewallRules: [UDP Query User{EB14AC90-7669-4200-AC66-298C41349A55}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{C8231343-7DEA-4F64-8A7E-134FE29854C2}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [{3E026185-A86B-44EC-8E15-1169E4C44DD4}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{0AC70BF4-AF35-4AE2-8D51-FA6B64E5E14A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [UDP Query User{8AE36CAF-C16A-4F27-A022-1FF81FDC0BE8}C:\users\1\documents\instantrails2\ruby\bin\ruby.exe] => (Allow) C:\users\1\documents\instantrails2\ruby\bin\ruby.exe
FirewallRules: [TCP Query User{DB7C38E0-059B-4545-B922-6B10B8D5B332}C:\users\1\documents\instantrails2\ruby\bin\ruby.exe] => (Allow) C:\users\1\documents\instantrails2\ruby\bin\ruby.exe
FirewallRules: [UDP Query User{371A0F1B-2E65-4A01-A8B8-765717DF9D92}C:\users\1\documents\instantrails2\apache\apache.exe] => (Allow) C:\users\1\documents\instantrails2\apache\apache.exe
FirewallRules: [TCP Query User{4F7DDC34-DA1C-455E-9073-9F9D0B0B8D78}C:\users\1\documents\instantrails2\apache\apache.exe] => (Allow) C:\users\1\documents\instantrails2\apache\apache.exe
FirewallRules: [{E0E9B62B-B282-48BE-A4B6-9B375D40888B}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [{59B6E4B6-D6FB-4757-8AE4-4BD9815DC07A}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [{31BD5C0B-9D51-4DEB-A94A-5C360BC26E00}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{8C63DC20-B63E-49C1-9770-E8DF5A8D4E3A}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{7E1B1531-7CF6-4283-84CB-12E558C6F5CC}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{A05DB88F-2A0C-4254-85BB-969BDCC1517E}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{99793999-3DF6-4467-B8E4-C93495BEE068}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS022C\HPDiagnosticCoreUI.exe
FirewallRules: [{4B339B3C-B92E-4603-B104-83427C20AA55}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS022C\HPDiagnosticCoreUI.exe
FirewallRules: [{998481A9-6456-4A97-894C-C0D090262997}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7838\HPDiagnosticCoreUI.exe
FirewallRules: [{C65296E8-4B9C-43E1-9859-F5B5EA1B50F8}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7838\HPDiagnosticCoreUI.exe
FirewallRules: [{82B03C11-CD65-40FE-8B33-7FBA2110FE66}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS26AD\HPDiagnosticCoreUI.exe
FirewallRules: [{6939B36C-E463-4D9F-AE44-453704534C36}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS26AD\HPDiagnosticCoreUI.exe
FirewallRules: [{F4459EBB-6CA8-42AD-B68F-5EBC983A380C}] => (Allow) C:\Users\1\Downloads\flashcardmaker_setup-67034840.exe
FirewallRules: [{5403BC59-5D35-44B0-911B-AD1194BF7C8C}] => (Allow) C:\Users\1\Downloads\flashcardmaker_setup-67034840.exe
FirewallRules: [{DD30BB1F-E8FC-4CE9-A7A2-FAE6FE764B64}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7211\HPDiagnosticCoreUI.exe
FirewallRules: [{AD0DD608-9D19-46F3-BB52-830AC2E9789F}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7211\HPDiagnosticCoreUI.exe
FirewallRules: [{6A2455BA-34B5-4BD1-9509-C066FF7FC789}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS75CE\HPDiagnosticCoreUI.exe
FirewallRules: [{D59EF725-33B3-4CD6-9E12-D60E8BD65D35}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS75CE\HPDiagnosticCoreUI.exe
FirewallRules: [{A650C126-BA98-4E8E-929D-1E7C0E4778C4}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1BE4\HPDiagnosticCoreUI.exe
FirewallRules: [{FBFBBF7F-5449-4880-A3CA-B16D0C1E71D3}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1BE4\HPDiagnosticCoreUI.exe
FirewallRules: [{44ABFB95-39B4-4CF4-9621-49522938E782}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7B38\HPDiagnosticCoreUI.exe
FirewallRules: [{201CF4FB-DDA8-4F0D-A63C-8558C3CCFE00}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7B38\HPDiagnosticCoreUI.exe
FirewallRules: [{52979F53-C415-40F1-9FFA-18EDCE0AE126}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{3CEBD08D-4511-41EA-A0DD-4E60A1478A15}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{E91D53B7-03F4-4488-A863-F7A2EE5F7F65}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{29973ED4-1E8E-4AB5-8DE5-A8B8FDD5CC52}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{BBF24589-C14B-4E8F-8BC9-648E563BDC27}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [{2E16E90A-231E-4B63-B299-CED9EB1A8019}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [TCP Query User{0E3FDA6B-14A9-4E45-B551-F934E600E97D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{B207ECDD-13C9-454E-A3AB-25AA775C3F05}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{0B5CEE51-E3FC-427F-AE89-AEF65BEC7659}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{C6724735-07F6-482F-91AF-5C1E0649F397}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{2D151198-D180-4569-A046-A8B894A5AEF6}] => (Allow) LPort=54925
FirewallRules: [{D90900B2-6F89-4597-B3F0-B811B52D1912}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A8E3F6F-AE78-47CA-B964-2AF2682DC5BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B13B927D-F7A5-4CCB-9347-190C2605455D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{71D990A8-805E-4D60-AFEE-D2121916F992}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E9C2FE68-C9C8-44B4-A32F-2FB68972166A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3DAF6BC6-C102-419C-A9E5-AC13CAE2EDF9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C376DA41-FED1-4037-BA5E-30F1FF986D5A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{3C73F4C7-A5EE-497C-B52B-FFFA9041F4E1}] => (Allow) C:\Users\1\AppData\Local\yc\Application\yc.exe
==================== Restore Points =========================
13-11-2017 12:41:20 Malwarebytes Anti-Rootkit Restore Point
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (11/13/2017 01:50:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/13/2017 01:50:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/13/2017 01:26:44 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR
DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 183
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  dataLength is invalid.
Participant:  TCPU [1]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
Error: (11/13/2017 01:22:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/13/2017 01:22:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/13/2017 01:22:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/13/2017 01:20:45 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR
DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 183
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  dataLength is invalid.
Participant:  TCPU [1]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
Error: (11/13/2017 01:20:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.
Error: (11/13/2017 01:20:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.
Error: (11/13/2017 01:20:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.

System errors:
=============
Error: (11/13/2017 01:26:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/13/2017 01:24:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (11/13/2017 01:21:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/13/2017 01:21:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/13/2017 01:21:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/13/2017 01:20:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.
Error: (11/13/2017 01:20:18 PM) (Source: DCOM) (EventID: 10010) (User: IDEA-PC)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (11/13/2017 01:20:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/13/2017 01:19:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/13/2017 01:19:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
  Date: 2017-11-10 20:49:24.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-09-21 10:08:17.890
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-08-07 07:42:58.387
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-08-03 20:30:33.216
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-22 16:54:10.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-06 11:52:12.290
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-01 15:59:05.390
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-01 12:15:05.874
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-06-23 14:53:45.878
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-06-06 14:47:53.728
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 58%
Total physical RAM: 3975.27 MB
Available physical RAM: 1633.68 MB
Total Virtual: 7175.27 MB
Available Virtual: 3958.19 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:101.99 GB) (Free:13.52 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: A9DC68D2)
Partition: GPT.
==================== End of Addition.txt ============================

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by 1 (administrator) on IDEA-PC (13-11-2017 15:04:37)
Running from C:\Users\1\Downloads
Loaded Profiles: 1 (Available Profiles: 1)
Platform: Windows 10 Home Version 1607 14393.1358 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Sage) C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(The Chromium Authors) C:\Users\1\AppData\Local\yc\Application\yc.exe
(The Chromium Authors) C:\Users\1\AppData\Local\yc\Application\yc.exe
(The Chromium Authors) C:\Users\1\AppData\Local\yc\Application\yc.exe
(The Chromium Authors) C:\Users\1\AppData\Local\yc\Application\yc.exe
(The Chromium Authors) C:\Users\1\AppData\Local\yc\Application\yc.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Sage) C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Sage) C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\Sage50Accounting.exe
() C:\Program Files (x86)\winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Sage) C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\Sage50Accounting.exe
() C:\Program Files (x86)\winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
(Sage) C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\Sage50Accounting.exe
() C:\Program Files (x86)\winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2013-02-03] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-02-03] (Lenovo (Beijing) Limited)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [376224 2016-08-09] (Sage)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-06-21] (Google Inc.)
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [UM] => C:\Users\1\AppData\Roaming\Update Manager\UM.EXE
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [ycAutoLaunch_1CC43526C9D533E0CD117B25D98AA3A6] => C:\Users\1\AppData\Local\yc\Application\yc.exe [4018688 2017-10-19] (The Chromium Authors)
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [gkndkgtfhc] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=1CFD5440AC285014D47BD30DF26A4E94&utm_d=20171111" <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
Startup: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-03-22]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk [2013-02-03]
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1e0510d1-89be-47cc-af12-f1f50a3d9b11}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2806c88b-8472-4577-8e3a-a8bd4ab5e7c5}: [NameServer] 35.177.46.238,46.101.28.31,82.202.226.203
Internet Explorer:
==================
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {45487CD6-0F1B-41D1-8D47-27A4D0E5DB0C} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {64B95AF3-8F12-4C4D-8799-EB568715234C} URL =
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {ED005395-D745-4C2E-B46D-7CE2BD4083DF} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&intl=ca&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {F262FD2F-6869-4E1A-B94D-6B417ADDA96F} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=HBBzbcnbl1AU,4d124127-238d-414c-a81c-dfd4102e2719,
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BFA0805D6-E542-4CBF-B218-7B60E8C2779A%7D&gp=855500
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-15] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-15] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {B9BE4AC6-505E-480F-BAC1-35512FBA992F} hxxp://10.10.62.250:90/eDVR.cab
Handler-x32: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files (x86)\TurboTax 2014\ic2014pp.dll [2015-02-27] (Intuit Canada, a general partnership/une société en nom collectif.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-15] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-11-18] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1725315453-2740151350-3882751306-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1725315453-2740151350-3882751306-1001: www.mydlink.com/Uplayer -> C:\Users\1\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-Link Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=hbbzbcnbl1au,4d124127-238d-414c-a81c-dfd4102e2719,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=hbbzbcnbl1au,4d124127-238d-414c-a81c-dfd4102e2719,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=hbbzbcnbl1au,4d124127-238d-414c-a81c-dfd4102e2719,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\1\AppData\Local\Google\Chrome\User Data\Default [2017-11-13]
CHR Extension: (Docs) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (Mail.Ru) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-11-11]
CHR Extension: (YouTube) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25]
CHR Extension: (Google Search) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2017-11-11]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhemechcanjmilllmccjbjldonmnnjjj [2017-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-17]
CHR Extension: (Gmail) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-14]
CHR Extension: (Chrome Media Router) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-17]
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-15] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1394360 2015-10-02] (Intel Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-18] (Nitro PDF Software)
S3 Sage 50 Transaction Manager 2014 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2014 - CDN\Sage_SA.TransactionManager.exe [36144 2014-06-11] (Sage)
S3 Sage 50 Transaction Manager 2015 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2015 - CDN\Sage_SA.TransactionManager.exe [36144 2015-06-08] (Sage)
S3 Sage 50 Transaction Manager 2016 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2016 - CDN\Sage_SA.TransactionManager.exe [35848 2016-12-06] (Sage)
S3 Sage 50 Transaction Manager 2017 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2017 - CDN\Sage_SA.TransactionManager.exe [42400 2017-06-06] (Sage)
R2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [32160 2016-08-09] (Sage)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2013-02-03] (Lenovo)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 6321619C; C:\WINDOWS\System32\drivers\6321619C.sys [255928 2017-11-13] (Malwarebytes)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-10-02] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-10-02] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 leymc; C:\WINDOWS\system32\DRIVERS\leymc.sys [17240 2013-02-03] (Lenovo)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [624456 2015-07-07] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-13 15:04 - 2017-11-13 15:04 - 000000000 ____D C:\Users\1\Downloads\FRST-OlderVersion
2017-11-13 12:18 - 2017-11-13 12:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6321619C.sys
2017-11-13 11:16 - 2017-11-13 11:16 - 008261584 _____ (Malwarebytes) C:\Users\1\Desktop\AdwCleaner.exe
2017-11-13 10:47 - 2017-11-13 10:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-13 10:46 - 2017-11-13 10:46 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7467369A.sys
2017-11-13 10:45 - 2017-11-13 12:41 - 000000000 ____D C:\Users\1\Desktop\mbar
2017-11-13 10:45 - 2017-11-13 12:41 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-13 10:45 - 2017-11-13 12:18 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-11-13 10:45 - 2017-11-13 10:45 - 014178840 _____ (Malwarebytes Corp.) C:\Users\1\Desktop\mbar-1.10.3.1001.exe
2017-11-13 10:38 - 2017-11-13 10:38 - 000000847 _____ C:\Users\1\Desktop\SALog.txt
2017-11-13 10:36 - 2017-11-13 10:36 - 000899584 _____ C:\Users\1\Desktop\RGSA.exe
2017-11-13 10:07 - 2017-11-13 10:07 - 001660448 _____ (Nakose ) C:\Users\1\Downloads\JavaPlugin.exe
2017-11-13 09:31 - 2017-11-13 09:31 - 000000000 _____ C:\Users\1\AppData\Local\{AF2E990F-CC2B-4C70-B220-11DF6552AAAF}
2017-11-13 09:30 - 2017-11-13 09:30 - 000417244 _____ C:\WINDOWS\Minidump\111317-14328-01.dmp
2017-11-11 21:50 - 2017-11-11 21:53 - 000039175 _____ C:\Users\1\Downloads\fixlist.txt
2017-11-11 21:20 - 2017-11-11 21:21 - 000069031 _____ C:\Users\1\Downloads\Addition.txt
2017-11-11 21:20 - 2017-11-11 21:20 - 000002052 _____ C:\WINDOWS\System32\Tasks\5SJB4cSjkS
2017-11-11 21:19 - 2017-11-13 15:04 - 000028052 _____ C:\Users\1\Downloads\FRST.txt
2017-11-11 21:19 - 2017-11-13 15:04 - 000000000 ____D C:\FRST
2017-11-11 21:17 - 2017-11-13 15:03 - 000001015 _____ C:\Users\1\Desktop\FRST64.exe - Shortcut.lnk
2017-11-11 21:14 - 2017-11-13 15:04 - 002392576 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2017-11-11 20:33 - 2017-11-13 13:32 - 000000000 ____D C:\AdwCleaner
2017-11-11 13:24 - 2017-11-11 13:24 - 000000000 ____D C:\Users\1\AppData\Local\Chromium
2017-11-11 10:35 - 2017-11-11 10:35 - 000000000 ____D C:\Users\1\AppData\Local\NetBoxLogs
2017-11-11 10:33 - 2017-11-11 10:33 - 000003604 _____ C:\WINDOWS\System32\Tasks\curl
2017-11-11 10:33 - 2017-11-11 10:33 - 000003394 _____ C:\WINDOWS\System32\Tasks\curls
2017-11-11 10:33 - 2017-11-11 10:33 - 000000103 _____ C:\WINDOWS\SysWOW64\del.bat
2017-11-11 10:33 - 2017-11-11 10:33 - 000000000 ____D C:\Users\1\AppData\Roaming\curl
2017-11-11 10:32 - 2017-11-11 11:54 - 000000000 ____D C:\Users\1\AppData\Local\yc
2017-11-11 10:30 - 2017-11-11 10:41 - 000000368 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2017-11-11 10:30 - 2017-11-11 10:41 - 000000368 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2017-11-11 10:30 - 2017-11-11 10:41 - 000000368 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2017-11-11 10:30 - 2017-11-11 10:30 - 000003258 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2017-11-11 10:30 - 2017-11-11 10:30 - 000003258 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2017-11-11 10:30 - 2017-11-11 10:30 - 000003258 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2017-11-11 10:29 - 2017-11-11 13:48 - 000000000 ____D C:\Users\1\AppData\Local\wutphost
2017-11-11 10:26 - 2017-11-11 13:31 - 000000000 ____D C:\Users\1\AppData\Roaming\AGData
2017-11-11 09:49 - 2017-11-11 09:49 - 000417284 _____ C:\WINDOWS\Minidump\111117-6015-01.dmp
2017-11-11 07:50 - 2017-11-11 09:49 - 000000332 _____ C:\WINDOWS\Tasks\HPCeeScheduleFor1.job
2017-11-11 07:50 - 2017-11-11 08:52 - 000003208 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFor1
2017-11-07 13:15 - 2017-11-07 13:15 - 000012219 _____ C:\Users\1\Downloads\ResumeJaceyWolfe.pdf
2017-11-07 12:38 - 2017-11-07 12:38 - 000014860 _____ C:\Users\1\Downloads\ResumeSaraLoehndorf.pdf
2017-11-07 08:26 - 2017-11-07 08:26 - 000265067 _____ C:\Users\1\Documents\Scan0003.pdf
2017-11-05 09:50 - 2017-11-05 09:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-01 03:58 - 2017-11-01 03:58 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-11-01 03:58 - 2017-11-01 03:58 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-11-01 03:58 - 2017-11-01 03:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-11-01 03:58 - 2017-11-01 03:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-10-28 18:36 - 2017-10-28 18:36 - 000104816 _____ C:\Users\1\Desktop\BCRK_GST_July-Sep 2017.pdf
2017-10-27 10:18 - 2017-10-27 10:22 - 000285519 _____ C:\Users\1\Documents\PayStubs_Jackie.pdf
2017-10-19 10:53 - 2017-10-19 10:53 - 000143948 _____ C:\Users\1\Downloads\451210XXXXXX2378-2017Sep09-2017Oct10.pdf
2017-10-17 15:31 - 2017-10-17 15:31 - 000162085 _____ C:\Users\1\Downloads\50453-OOK®30lb.ConventionalHook.pdf
2017-10-17 13:55 - 2017-10-17 13:55 - 000203317 _____ C:\Users\1\Documents\Scan0002.pdf
2017-10-17 11:30 - 2017-10-17 11:30 - 000128160 _____ C:\Users\1\Downloads\RE-201.dwg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-13 14:55 - 2016-10-01 20:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-13 14:19 - 2014-06-20 20:41 - 000000000 ____D C:\Users\1\Documents\Outlook Files
2017-11-13 13:25 - 2015-08-19 21:57 - 004288926 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-13 13:21 - 2014-06-13 18:17 - 000000000 __SHD C:\Users\1\IntelGraphicsProfiles
2017-11-13 13:20 - 2016-10-01 20:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-13 13:20 - 2016-07-15 22:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-11-13 12:36 - 2014-12-18 08:58 - 000000000 ____D C:\Users\1\AppData\Local\PasswordSafe
2017-11-13 09:31 - 2016-10-01 20:08 - 000000000 ____D C:\Users\1
2017-11-13 09:30 - 2017-07-22 12:31 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-13 08:32 - 2014-06-20 23:38 - 000000000 ____D C:\Users\1\AppData\Roaming\Nitro PDF
2017-11-13 08:24 - 2014-06-25 09:36 - 000000000 ____D C:\Users\1\Documents\My Files
2017-11-12 09:03 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\registration
2017-11-11 20:36 - 2016-05-30 15:42 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-11-11 20:36 - 2015-10-29 23:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-11 20:36 - 2014-06-21 00:03 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-11 20:36 - 2013-02-03 18:14 - 000000000 ____D C:\Program Files (x86)\Amazon
2017-11-11 20:25 - 2016-02-10 21:31 - 000000000 ____D C:\Users\1\AppData\Local\FMSoftwareStudio
2017-11-11 20:25 - 2016-02-10 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Software Studio
2017-11-11 20:25 - 2016-02-10 21:31 - 000000000 ____D C:\Program Files (x86)\FM Software Studio
2017-11-11 13:46 - 2014-11-22 17:42 - 000000000 ____D C:\Program Files\Vuze
2017-11-11 10:27 - 2013-02-03 18:16 - 000000000 ____D C:\Program Files\Lenovo
2017-11-11 10:25 - 2015-12-04 21:45 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-11-11 08:53 - 2016-07-16 03:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-11 08:50 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-11 07:45 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-08 12:45 - 2016-07-04 20:44 - 000000000 ___RD C:\Users\1\Dropbox
2017-11-06 09:58 - 2017-07-26 15:57 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1725315453-2740151350-3882751306-1001
2017-11-06 09:58 - 2015-08-20 06:02 - 000002404 _____ C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-06 09:58 - 2014-06-20 18:25 - 000000000 __RDO C:\Users\1\OneDrive
2017-11-05 09:50 - 2015-09-04 15:26 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-11-02 17:21 - 2014-12-18 08:58 - 000000000 ____D C:\Users\1\Documents\My Safes
2017-10-22 12:53 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-17 14:31 - 2017-03-19 11:10 - 000000000 ____D C:\Users\1\Desktop\Easter
2017-10-17 10:22 - 2016-07-16 03:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-14 15:41 - 2014-06-21 00:13 - 000000600 _____ C:\Users\1\AppData\Roaming\winscp.rnd
==================== Files in the root of some directories =======
2014-06-13 08:38 - 2014-06-14 08:46 - 000003011 _____ () C:\Users\1\AppData\Roaming\AbsoluteReminder.xml
2014-06-21 00:13 - 2017-10-14 15:41 - 000000600 _____ () C:\Users\1\AppData\Roaming\winscp.rnd
2014-06-13 08:37 - 2015-08-19 21:30 - 000049637 _____ () C:\Users\1\AppData\Local\BTServer.log
2016-02-11 13:40 - 2016-02-11 13:40 - 000000000 _____ () C:\Users\1\AppData\Local\{0B94F59E-3EBF-4637-8BEE-52C9DFB9D129}
2016-02-11 13:40 - 2016-02-11 13:40 - 000000000 _____ () C:\Users\1\AppData\Local\{213DAA8E-E7AB-48F3-A361-0BEE563CECBC}
2017-07-01 11:34 - 2017-07-01 11:34 - 000000000 _____ () C:\Users\1\AppData\Local\{6E0E2E39-C2F7-4BE8-8AB6-B03CCA8418AF}
2017-11-13 09:31 - 2017-11-13 09:31 - 000000000 _____ () C:\Users\1\AppData\Local\{AF2E990F-CC2B-4C70-B220-11DF6552AAAF}
2017-07-01 11:32 - 2017-07-01 11:32 - 000000000 _____ () C:\Users\1\AppData\Local\{BAD9059D-D20D-4840-B2FB-9792AFA80903}
2014-06-21 00:30 - 2014-06-21 00:30 - 000000057 _____ () C:\ProgramData\Ament.ini
2016-10-01 20:06 - 2016-10-01 20:06 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-11-11 10:32 - 2017-11-11 10:29 - 000775168 _____ (PhoneLine SOFT Inc) C:\Users\1\AppData\Local\Temp\815.tmp.exe
2017-11-11 10:32 - 2017-11-11 10:32 - 038316032 ____N (The Chromium Authors) C:\Users\1\AppData\Local\Temp\bEK1Y0vtOp7Y.exe
2017-11-11 10:31 - 2017-11-11 10:31 - 064938720 ____N (Kometa LCC) C:\Users\1\AppData\Local\Temp\FC71Pb1zfbxi.exe
2017-11-11 10:26 - 2017-11-11 10:26 - 000920448 _____ () C:\Users\1\AppData\Local\Temp\I4YuXpBYpU89.exe
2017-11-11 10:35 - 2017-11-11 10:35 - 003817472 _____ (OneSystemCare                                               ) C:\Users\1\AppData\Local\Temp\IbB1Jy1JAs1I.exe
2017-06-14 19:39 - 2017-06-14 19:39 - 000739904 _____ (Oracle Corporation) C:\Users\1\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-09-16 08:54 - 2017-09-16 08:54 - 038125328 _____ (Microsoft Corporation) C:\Users\1\AppData\Local\Temp\mpam-f4ffe129.exe
2017-11-11 13:39 - 2017-11-11 20:31 - 000046924 _____ () C:\Users\1\AppData\Local\Temp\tu17p84.exe
2017-11-11 10:24 - 2017-11-11 10:24 - 002643640 _____ () C:\Users\1\AppData\Local\Temp\xJLA1joO8OiO.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-10 20:49
==================== End of FRST.txt ============================


#8 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 13 November 2017 - 07:11 PM

Uninstall Chrome extension(s)
CHR Extension: (Mail.Ru) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-11-11]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2017-11-11]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhemechcanjmilllmccjbjldonmnnjjj [2017-11-11]
---

Copy FRST / FSRT64.exe to your desktop!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt


Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [ycAutoLaunch_1CC43526C9D533E0CD117B25D98AA3A6] => C:\Users\1\AppData\Local\yc\Application\yc.exe [4018688 2017-10-19] (The Chromium Authors)
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [gkndkgtfhc] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=1CFD5440AC285014D47BD30DF26A4E94&utm_d=20171111" <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BFA0805D6-E542-4CBF-B218-7B60E8C2779A%7D&gp=855500
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [No File]
S3 dbx; system32\DRIVERS\dbx.sys [X]
2017-11-11 13:24 - 2017-11-11 13:24 - 000000000 ____D C:\Users\1\AppData\Local\Chromium
2017-11-11 10:32 - 2017-11-11 10:32 - 038316032 ____N (The Chromium Authors) C:\Users\1\AppData\Local\Temp\bEK1Y0vtOp7Y.exe
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
Task: {01C8DA5B-3123-454F-B303-572AC6DA7F4D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0BE03EB6-B592-45A2-9F81-784702E4D8DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0D74D9B8-7BE8-40E3-A03C-2F03C4F2730A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {23970C07-B79E-4773-9E44-51ED892642C0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2B4AD9FB-3888-46EB-8462-4EEAF5A7B032} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {4F500BEA-64DB-4AD0-94D2-326D03875419} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5214883E-BC67-4730-962E-D37578CE8288} - System32\Tasks\curl => C:\Users\1\AppData\Roaming\curl\curl_7_54.exe [2017-11-11] (curl, hxxps://curl.haxx.se/) <==== ATTENTION
Task: {55E25868-512B-4DB6-82BE-3D7EBCA93528} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {60F04CD6-F7C2-489D-9164-D5B3E5E98A13} - System32\Tasks\curls => C:\Users\1\AppData\Roaming\curl\curl.exe <==== ATTENTION
Task: {625997F0-1568-4D76-BA95-B71BD67B87F8} - System32\Tasks\5SJB4cSjkS => C:\Program Files (x86)\ZbJc59L7u1\updengine.exe <==== ATTENTION
Task: {7C5C963C-FAF0-447D-98C8-FB41E0AD4B90} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9015E709-46A1-4B44-AF1A-63E6309DD601} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {A375ABD0-6A73-4343-95C6-AABFFD1ABBAC} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {BAE6DF68-6B3F-41D8-B6FF-7EC5D6600D6B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BDAA99AE-79FA-49E6-9CA4-268E67EA04C3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D14EECB8-508C-4471-A48F-608396E9BD18} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E0686D46-060A-422E-906A-6065FC6E3298} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F0CEE7AB-153C-458C-AC8C-3EDA35B70153} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\1\Desktop\Shortcuts\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=hbbzbcnbl1au,4d124127-238d-414c-a81c-dfd4102e2719,
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=hbbzbcnbl1au,4d124127-238d-414c-a81c-dfd4102e2719,
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.

How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Emvie

Emvie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 13 November 2017 - 08:31 PM

Thank you Jo:

 

I'm not sure about the 'Uninstall Chrome Extensions' part.  I opened Chrome.  Clicked on the three dots in the right hand corner and chose 'more tools' and then 'extensions'.  There I found 2 extensions that were Russian-looking and I clicked on the garbage can icon to "remove from chrome".

 

I followed the rest of your instructions.  Here is the Fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by 1 (13-11-2017 16:35:37) Run:1
Running from C:\Users\1\Desktop
Loaded Profiles: 1 (Available Profiles: 1)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [ycAutoLaunch_1CC43526C9D533E0CD117B25D98AA3A6] => C:\Users\1\AppData\Local\yc\Application\yc.exe [4018688 2017-10-19] (The Chromium Authors)
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [gkndkgtfhc] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=1CFD5440AC285014D47BD30DF26A4E94&utm_d=20171111" <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BFA0805D6-E542-4CBF-B218-7B60E8C2779A%7D&gp=855500
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [No File]
S3 dbx; system32\DRIVERS\dbx.sys [X]
2017-11-11 13:24 - 2017-11-11 13:24 - 000000000 ____D C:\Users\1\AppData\Local\Chromium
2017-11-11 10:32 - 2017-11-11 10:32 - 038316032 ____N (The Chromium Authors) C:\Users\1\AppData\Local\Temp\bEK1Y0vtOp7Y.exe
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
Task: {01C8DA5B-3123-454F-B303-572AC6DA7F4D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0BE03EB6-B592-45A2-9F81-784702E4D8DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0D74D9B8-7BE8-40E3-A03C-2F03C4F2730A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {23970C07-B79E-4773-9E44-51ED892642C0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2B4AD9FB-3888-46EB-8462-4EEAF5A7B032} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {4F500BEA-64DB-4AD0-94D2-326D03875419} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5214883E-BC67-4730-962E-D37578CE8288} - System32\Tasks\curl => C:\Users\1\AppData\Roaming\curl\curl_7_54.exe [2017-11-11] (curl, hxxps://curl.haxx.se/) <==== ATTENTION
Task: {55E25868-512B-4DB6-82BE-3D7EBCA93528} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {60F04CD6-F7C2-489D-9164-D5B3E5E98A13} - System32\Tasks\curls => C:\Users\1\AppData\Roaming\curl\curl.exe <==== ATTENTION
Task: {625997F0-1568-4D76-BA95-B71BD67B87F8} - System32\Tasks\5SJB4cSjkS => C:\Program Files (x86)\ZbJc59L7u1\updengine.exe <==== ATTENTION
Task: {7C5C963C-FAF0-447D-98C8-FB41E0AD4B90} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9015E709-46A1-4B44-AF1A-63E6309DD601} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {A375ABD0-6A73-4343-95C6-AABFFD1ABBAC} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {BAE6DF68-6B3F-41D8-B6FF-7EC5D6600D6B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BDAA99AE-79FA-49E6-9CA4-268E67EA04C3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D14EECB8-508C-4471-A48F-608396E9BD18} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E0686D46-060A-422E-906A-6065FC6E3298} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F0CEE7AB-153C-458C-AC8C-3EDA35B70153} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\1\Desktop\Shortcuts\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=hbbzbcnbl1au,4d124127-238d-414c-a81c-dfd4102e2719,
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=hbbzbcnbl1au,4d124127-238d-414c-a81c-dfd4102e2719,
*****************
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ycAutoLaunch_1CC43526C9D533E0CD117B25D98AA3A6 => value removed successfully
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\Software\Microsoft\Windows\CurrentVersion\Run\\gkndkgtfhc => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0 => value removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ContentExplorer.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancer.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancerservice.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancer.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerApp.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerAppservice.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancerservice.exe => key removed successfully
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key removed successfully
HKLM\Software\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found.
HKLM\Software\Classes\PROTOCOLS\Filter\application/x-mfe-ipt => key removed successfully
HKLM\Software\Classes\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found.
HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10 => key removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
C:\Users\1\AppData\Local\Chromium => moved successfully
C:\Users\1\AppData\Local\Temp\bEK1Y0vtOp7Y.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp => key removed successfully
HKLM\Software\Classes\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending => key removed successfully
HKLM\Software\Classes\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot => key removed successfully
HKLM\Software\Classes\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared => key removed successfully
HKLM\Software\Classes\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SugarSync => key removed successfully
HKLM\Software\Classes\CLSID\{305BC11B-5175-492B-B569-866547FCDA40} => key removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SugarSync => key removed successfully
HKLM\Software\Classes\CLSID\{305BC11B-5175-492B-B569-866547FCDA40} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01C8DA5B-3123-454F-B303-572AC6DA7F4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01C8DA5B-3123-454F-B303-572AC6DA7F4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BE03EB6-B592-45A2-9F81-784702E4D8DB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BE03EB6-B592-45A2-9F81-784702E4D8DB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0D74D9B8-7BE8-40E3-A03C-2F03C4F2730A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D74D9B8-7BE8-40E3-A03C-2F03C4F2730A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23970C07-B79E-4773-9E44-51ED892642C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23970C07-B79E-4773-9E44-51ED892642C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B4AD9FB-3888-46EB-8462-4EEAF5A7B032} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B4AD9FB-3888-46EB-8462-4EEAF5A7B032} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G6 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F500BEA-64DB-4AD0-94D2-326D03875419} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F500BEA-64DB-4AD0-94D2-326D03875419} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5214883E-BC67-4730-962E-D37578CE8288} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5214883E-BC67-4730-962E-D37578CE8288} => key removed successfully
C:\WINDOWS\System32\Tasks\curl => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\curl => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55E25868-512B-4DB6-82BE-3D7EBCA93528} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55E25868-512B-4DB6-82BE-3D7EBCA93528} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60F04CD6-F7C2-489D-9164-D5B3E5E98A13} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60F04CD6-F7C2-489D-9164-D5B3E5E98A13} => key removed successfully
C:\WINDOWS\System32\Tasks\curls => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\curls => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{625997F0-1568-4D76-BA95-B71BD67B87F8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{625997F0-1568-4D76-BA95-B71BD67B87F8} => key removed successfully
C:\WINDOWS\System32\Tasks\5SJB4cSjkS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5SJB4cSjkS => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C5C963C-FAF0-447D-98C8-FB41E0AD4B90} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C5C963C-FAF0-447D-98C8-FB41E0AD4B90} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9015E709-46A1-4B44-AF1A-63E6309DD601} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9015E709-46A1-4B44-AF1A-63E6309DD601} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G5 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A375ABD0-6A73-4343-95C6-AABFFD1ABBAC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A375ABD0-6A73-4343-95C6-AABFFD1ABBAC} => key removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G4 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAE6DF68-6B3F-41D8-B6FF-7EC5D6600D6B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAE6DF68-6B3F-41D8-B6FF-7EC5D6600D6B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDAA99AE-79FA-49E6-9CA4-268E67EA04C3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDAA99AE-79FA-49E6-9CA4-268E67EA04C3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D14EECB8-508C-4471-A48F-608396E9BD18} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14EECB8-508C-4471-A48F-608396E9BD18} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0686D46-060A-422E-906A-6065FC6E3298} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0686D46-060A-422E-906A-6065FC6E3298} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0CEE7AB-153C-458C-AC8C-3EDA35B70153} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0CEE7AB-153C-458C-AC8C-3EDA35B70153} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
C:\WINDOWS\Tasks\Online Application V2G4.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G5.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G6.job => moved successfully
C:\Users\1\Desktop\Shortcuts\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully.

The system needed a reboot.
==== End of Fixlog 16:36:00 ====
 
How is the computer running now?  Microsoft Edge seems to be okay.  No ad pop-ups anymore.  However when I open Chrome (homepage www.google.ca), there are still girl ads (pictures of girls) coming up below the Google search bar.


#10 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 14 November 2017 - 01:47 AM

Hello again,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


:step3: Please download and run this tool:
Chrome Cleanup Tool

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Emvie

Emvie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 14 November 2017 - 01:05 PM

1.  rkill.exe

 

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/14/2017 09:31:24 AM in x64 mode.
Windows Version: Windows 10 Home
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * Windows Defender Disabled
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
Searching for Missing Digital Signatures:
 * No issues found.
Checking HOSTS File:
 * HOSTS file entries found:
  127.0.0.1 wemsofts.com
  127.0.0.1 bongadoom.com
  127.0.0.1 wepcmainsystem.com
  127.0.0.1 internalcampaigntargets.com
  127.0.0.1 bongadoom.com
  127.0.0.1 getthefilenow.com
  127.0.0.1 bigpicturepop.com
  127.0.0.1 wizzcaster.com
  127.0.0.1 bestoffersfortoday.com
  127.0.0.1 wepcmainsystem.com
  127.0.0.1 agent.wizztrakys.com
  127.0.0.1 csdimonetize.com
  127.0.0.1 dl.azalee.site
  127.0.0.1 titiaredh.com
  127.0.0.1 wepcdisplaysystem.com
  127.0.0.1 wepcanalyticsystem.com
  127.0.0.1 healthydownload.com
  127.0.0.1 leading2download.com
  127.0.0.1 dwl0.wizzlabs.com
  127.0.0.1 dwl1.wizzlabs.com
  20 out of 30 HOSTS entries shown.
  Please review HOSTS file for further entries.
Program finished at: 11/14/2017 09:32:07 AM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)

 

2.  Malwarebytes

 

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 11/14/17
Scan Time: 9:39 AM
Log File: ce0d62fc-c962-11e7-842e-2cd05a11077d.json
Administrator: Yes
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3254
License: Trial
-System Information-
OS: Windows 10 (Build 14393.1358)
CPU: x64
File System: NTFS
User: IDEA-PC\1
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423821
Threats Detected: 52
Threats Quarantined: 52
Time Elapsed: 5 min, 24 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 9
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\CONSOLE\TASKENG.EXE, Quarantined, [5411], [425125],1.0.3254
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [5411], [425124],1.0.3254
PUP.Optional.Spigot, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{45487CD6-0F1B-41D1-8D47-27A4D0E5DB0C}, Quarantined, [648], [243431],1.0.3254
PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F262FD2F-6869-4E1A-B94D-6B417ADDA96F}, Quarantined, [9097], [256101],1.0.3254
PUP.Optional.StartPage, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\START PAGE, Quarantined, [46], [259290],1.0.3254
PUP.Optional.SpeeDownloader, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\WOW6432NODE\Speedownloader0099, Quarantined, [8167], [453126],1.0.3254
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhjhnafpiilpffhglajcaepjbnbjemci, Quarantined, [680], [448286],1.0.3254
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hcadgijmedbfgciegjomfpjcdchlhnif, Quarantined, [680], [403165],1.0.3254
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lhemechcanjmilllmccjbjldonmnnjjj, Quarantined, [10], [450941],1.0.3254
Registry Value: 8
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [5411], [425125],1.0.3254
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [5411], [425124],1.0.3254
PUP.Optional.Spigot, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{45487CD6-0F1B-41D1-8D47-27A4D0E5DB0C}|URL, Quarantined, [648], [243431],1.0.3254
PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F262FD2F-6869-4E1A-B94D-6B417ADDA96F}|OSDFILEURL, Quarantined, [9097], [256101],1.0.3254
PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F262FD2F-6869-4E1A-B94D-6B417ADDA96F}|FAVICONURL, Quarantined, [9097], [256101],1.0.3254
PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F262FD2F-6869-4E1A-B94D-6B417ADDA96F}|URL, Quarantined, [9097], [256101],1.0.3254
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [5411], [425126],1.0.3254
PUP.Optional.StartPage, HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\SOFTWARE\START PAGE|START PAGE, Quarantined, [46], [259290],1.0.3254
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 4
PUP.Optional.Spigot, C:\USERS\1\APPDATA\LOCAL\dff56bbb-18ab-428d-902e-d95514e8648a, Quarantined, [648], [318193],1.0.3254
PUP.Optional.AnonymizerGadget, C:\USERS\1\APPDATA\ROAMING\AGDATA, Quarantined, [1572], [338259],1.0.3254
PUP.Optional.AdLoad, C:\USERS\1\APPDATA\LOCAL\WUTPHOST, Quarantined, [614], [381890],1.0.3254
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [559], [391425],1.0.3254
File: 31
PUP.Optional.Spigot, C:\USERS\1\APPDATA\LOCAL\dff56bbb-18ab-428d-902e-d95514e8648a\sysad.exe, Quarantined, [648], [318193],1.0.3254
PUP.Optional.AnonymizerGadget, C:\USERS\1\APPDATA\ROAMING\AGDATA\CONFIG.JSON, Quarantined, [1572], [338259],1.0.3254
PUP.Optional.AnonymizerGadget, C:\Users\1\AppData\Roaming\AGData\add.json, Quarantined, [1572], [338259],1.0.3254
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [559], [391431],1.0.3254
PUP.Optional.AdLoad, C:\Users\1\AppData\Local\wutphost\wutphost.exe, Quarantined, [614], [381890],1.0.3254
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [559], [391425],1.0.3254
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [559], [391425],1.0.3254
PUP.Optional.MailRu, C:\USERS\1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [680], [448286],1.0.3254
PUP.Optional.MailRu, C:\USERS\1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [680], [403165],1.0.3254
PUP.Optional.RussAd, C:\USERS\1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [10], [450941],1.0.3254
PUP.Optional.Amonetize, C:\USERS\1\APPDATA\LOCAL\TEMP\AMIPIXEL.CFG, Quarantined, [6], [302488],1.0.3254
PUP.Optional.Spigot, C:\PROGRAM FILES\VUZE\SPG.ZIP, Quarantined, [648], [300859],1.0.3254
PUP.Optional.BitCoinMiner, C:\USERS\1\APPDATA\LOCAL\TEMP\2XIN4YLV.EZB\SOFT.EXE, Quarantined, [180], [363441],1.0.3254
PUP.Optional.BitCoinMiner, C:\USERS\1\APPDATA\LOCAL\TEMP\TACX23JM.1O5\CN3.EXE, Quarantined, [180], [363441],1.0.3254
Adware.IStartSurf, C:\USERS\1\APPDATA\LOCAL\TEMP\XPMIPSR1.O0M\SETUP.EXE, Quarantined, [698], [456773],1.0.3254
Adware.IStartSurf, C:\USERS\1\APPDATA\LOCAL\TEMP\K3IRADSD.SJM\SETUP.EXE, Quarantined, [698], [456773],1.0.3254
Adware.LoadMoney, C:\USERS\1\APPDATA\LOCAL\TEMP\815.TMP.EXE, Quarantined, [45], [450559],1.0.3254
PUP.Optional.OneSystemCare, C:\USERS\1\APPDATA\LOCAL\TEMP\IBB1JY1JAS1I.EXE, Quarantined, [471], [427523],1.0.3254
PUP.Optional.SystemHealer, C:\USERS\1\APPDATA\LOCAL\TEMP\PADPYKPA.JXB\SYSTEMHEALER.EXE, Quarantined, [994], [424479],1.0.3254
Adware.RuKometa, C:\USERS\1\APPDATA\LOCAL\TEMP\T28680E1\KOMETAPANEL.EXE, Quarantined, [149], [454317],1.0.3254
PUP.Optional.FastDataX, C:\USERS\1\APPDATA\LOCAL\TEMP\WHAG2ZAQ.C4Z\DATA.EXE, Quarantined, [8455], [407240],1.0.3254
PUP.Optional.AnonymizerGadget, C:\USERS\1\APPDATA\LOCAL\TEMP\I4YUXPBYPU89.EXE, Quarantined, [1572], [338559],1.0.3254
PUP.Optional.EnjoyWiFi, C:\USERS\1\APPDATA\LOCAL\TEMP\T0SOBO2Z.JBM\SETUP.4.22.EXE, Quarantined, [8701], [417533],1.0.3254
Adware.RuKometa, C:\USERS\1\APPDATA\LOCAL\TEMP\T327CC1\KOMETAPANEL.EXE, Quarantined, [149], [454317],1.0.3254
Generic.Malware/Suspicious, C:\USERS\1\APPDATA\LOCAL\TEMP\R2NFRN2H.F5I\PPI02.EXE, Quarantined, [0], [392686],1.0.3254
Generic.Malware/Suspicious, C:\USERS\1\DOWNLOADS\IPSCAN221.EXE, Quarantined, [0], [392686],1.0.3254
PUP.Optional.InstallCore, C:\USERS\1\DOWNLOADS\JAVAPLUGIN.EXE, Quarantined, [2], [450992],1.0.3254
PUP.Optional.Searching.ShrtCln, C:\USERS\1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [16370], [454819],1.0.3254
PUP.Optional.Searching.ShrtCln, C:\USERS\1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [16370], [454819],1.0.3254
PUP.Optional.Searching.ShrtCln, C:\USERS\1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [16370], [454819],1.0.3254
PUP.Optional.Searching.ShrtCln, C:\USERS\1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [16370], [454819],1.0.3254
Physical Sector: 0
(No malicious items detected)

(end)
 
3.  Confirming that I ran Chrome Cleanup Tool
 
I opened Chrome and the girl pictures are gone. 


#12 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 14 November 2017 - 01:17 PM

Your FRST log shows:
Tcpip\..\Interfaces\{2806c88b-8472-4577-8e3a-a8bd4ab5e7c5}: [NameServer] 35.177.46.238,46.101.28.31,82.202.226.203

One nameserver on your pc is related to russia:
https://ipaddress.ip-adress.com/82.202.226.203

Did you know that or can we remove it?

---

FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the boxes next to Addition.txt and Shortcut.txt. Then press the Scan button.
  • When finished, it will produce logs called FRST.txt, Shortcut.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Edited by Jo*, 14 November 2017 - 01:18 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Emvie

Emvie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 14 November 2017 - 01:27 PM

1.  Nameserver:  No, I did not know that and yes we can definitely remove that.  There should be nothing related to Russia on my computer!!!

 

2.  FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by 1 (administrator) on IDEA-PC (14-11-2017 10:22:27)
Running from C:\Users\1\Desktop
Loaded Profiles: 1 &  (Available Profiles: 1)
Platform: Windows 10 Home Version 1607 14393.1358 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Sage) C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Sage) C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2013-02-03] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-02-03] (Lenovo (Beijing) Limited)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [376224 2016-08-09] (Sage)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-06-21] (Google Inc.)
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [UM] => C:\Users\1\AppData\Roaming\Update Manager\UM.EXE
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-06-21] (Google Inc.)
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334\...\Run: [UM] => C:\Users\1\AppData\Roaming\Update Manager\UM.EXE
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
Startup: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-03-22]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk [2013-02-03]
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1e0510d1-89be-47cc-af12-f1f50a3d9b11}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2806c88b-8472-4577-8e3a-a8bd4ab5e7c5}: [NameServer] 35.177.46.238,46.101.28.31,82.202.226.203
Internet Explorer:
==================
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {64B95AF3-8F12-4C4D-8799-EB568715234C} URL =
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> {ED005395-D745-4C2E-B46D-7CE2BD4083DF} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&intl=ca&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334 -> {64B95AF3-8F12-4C4D-8799-EB568715234C} URL =
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334 -> {ED005395-D745-4C2E-B46D-7CE2BD4083DF} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&intl=ca&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-15] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-15] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {B9BE4AC6-505E-480F-BAC1-35512FBA992F} hxxp://10.10.62.250:90/eDVR.cab
Handler-x32: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files (x86)\TurboTax 2014\ic2014pp.dll [2015-02-27] (Intuit Canada, a general partnership/une société en nom collectif.)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-11-18] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1725315453-2740151350-3882751306-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1725315453-2740151350-3882751306-1001: www.mydlink.com/Uplayer -> C:\Users\1\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-Link Corporation)
FF Plugin HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334: www.mydlink.com/Uplayer -> C:\Users\1\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-Link Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Profile: C:\Users\1\AppData\Local\Google\Chrome\User Data\Default [2017-11-14]
CHR Extension: (Docs) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25]
CHR Extension: (Google Search) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-17]
CHR Extension: (Gmail) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-14]
CHR Extension: (Chrome Media Router) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-15] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1394360 2015-10-02] (Intel Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-18] (Nitro PDF Software)
S3 Sage 50 Transaction Manager 2014 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2014 - CDN\Sage_SA.TransactionManager.exe [36144 2014-06-11] (Sage)
S3 Sage 50 Transaction Manager 2015 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2015 - CDN\Sage_SA.TransactionManager.exe [36144 2015-06-08] (Sage)
S3 Sage 50 Transaction Manager 2016 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2016 - CDN\Sage_SA.TransactionManager.exe [35848 2016-12-06] (Sage)
S3 Sage 50 Transaction Manager 2017 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2017 - CDN\Sage_SA.TransactionManager.exe [42400 2017-06-06] (Sage)
R2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [32160 2016-08-09] (Sage)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2013-02-03] (Lenovo)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 6321619C; C:\WINDOWS\System32\drivers\6321619C.sys [255928 2017-11-13] (Malwarebytes)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-10-02] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-10-02] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 leymc; C:\WINDOWS\system32\DRIVERS\leymc.sys [17240 2013-02-03] (Lenovo)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-14] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-14] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-14] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-14] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-14] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [624456 2015-07-07] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-14 10:22 - 2017-11-14 10:22 - 000027076 _____ C:\Users\1\Desktop\FRST.txt
2017-11-14 09:55 - 2017-11-14 09:55 - 000000000 ____D C:\Program Files (x86)\GUM941F.tmp
2017-11-14 09:51 - 2017-11-14 09:51 - 000008254 _____ C:\Users\1\Desktop\MBAM.txt
2017-11-14 09:38 - 2017-11-14 10:20 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-14 09:38 - 2017-11-14 09:47 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-14 09:38 - 2017-11-14 09:47 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-14 09:38 - 2017-11-14 09:38 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-14 09:38 - 2017-11-14 09:38 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-14 09:38 - 2017-11-14 09:38 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-14 09:38 - 2017-11-14 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-14 09:38 - 2017-11-14 09:38 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-14 09:38 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-14 09:36 - 2017-11-14 09:37 - 078346672 _____ (Malwarebytes ) C:\Users\1\Desktop\mb3-setup-1878.1878-3.3.1.2183.exe
2017-11-14 09:31 - 2017-11-14 09:32 - 000003550 _____ C:\Users\1\Desktop\Rkill.txt
2017-11-14 09:29 - 2017-11-14 09:29 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\1\Desktop\rkill.exe
2017-11-13 16:35 - 2017-11-13 16:36 - 000019363 _____ C:\Users\1\Desktop\Fixlog.txt
2017-11-13 15:05 - 2017-11-13 15:05 - 000086675 _____ C:\Users\1\Downloads\Shortcut.txt
2017-11-13 15:04 - 2017-11-13 15:04 - 000000000 ____D C:\Users\1\Downloads\FRST-OlderVersion
2017-11-13 12:18 - 2017-11-13 12:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6321619C.sys
2017-11-13 11:16 - 2017-11-13 11:16 - 008261584 _____ (Malwarebytes) C:\Users\1\Desktop\AdwCleaner.exe
2017-11-13 10:47 - 2017-11-14 09:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-13 10:46 - 2017-11-13 10:46 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7467369A.sys
2017-11-13 10:45 - 2017-11-13 12:41 - 000000000 ____D C:\Users\1\Desktop\mbar
2017-11-13 10:45 - 2017-11-13 12:41 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-13 10:45 - 2017-11-13 10:45 - 014178840 _____ (Malwarebytes Corp.) C:\Users\1\Desktop\mbar-1.10.3.1001.exe
2017-11-13 10:38 - 2017-11-13 10:38 - 000000847 _____ C:\Users\1\Desktop\SALog.txt
2017-11-13 10:36 - 2017-11-13 10:36 - 000899584 _____ C:\Users\1\Desktop\RGSA.exe
2017-11-13 09:31 - 2017-11-13 09:31 - 000000000 _____ C:\Users\1\AppData\Local\{AF2E990F-CC2B-4C70-B220-11DF6552AAAF}
2017-11-13 09:30 - 2017-11-13 09:30 - 000417244 _____ C:\WINDOWS\Minidump\111317-14328-01.dmp
2017-11-11 21:50 - 2017-11-13 16:27 - 000039170 _____ C:\Users\1\Downloads\fixlist.txt
2017-11-11 21:20 - 2017-11-13 15:05 - 000070103 _____ C:\Users\1\Downloads\Addition.txt
2017-11-11 21:19 - 2017-11-14 10:22 - 000000000 ____D C:\FRST
2017-11-11 21:19 - 2017-11-13 16:26 - 000038165 _____ C:\Users\1\Downloads\FRST.txt
2017-11-11 21:14 - 2017-11-13 15:04 - 002392576 _____ (Farbar) C:\Users\1\Desktop\FRST64.exe
2017-11-11 20:33 - 2017-11-13 13:32 - 000000000 ____D C:\AdwCleaner
2017-11-11 10:35 - 2017-11-11 10:35 - 000000000 ____D C:\Users\1\AppData\Local\NetBoxLogs
2017-11-11 10:33 - 2017-11-11 10:33 - 000000103 _____ C:\WINDOWS\SysWOW64\del.bat
2017-11-11 10:33 - 2017-11-11 10:33 - 000000000 ____D C:\Users\1\AppData\Roaming\curl
2017-11-11 10:32 - 2017-11-11 11:54 - 000000000 ____D C:\Users\1\AppData\Local\yc
2017-11-11 09:49 - 2017-11-11 09:49 - 000417284 _____ C:\WINDOWS\Minidump\111117-6015-01.dmp
2017-11-11 07:50 - 2017-11-11 09:49 - 000000332 _____ C:\WINDOWS\Tasks\HPCeeScheduleFor1.job
2017-11-11 07:50 - 2017-11-11 08:52 - 000003208 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFor1
2017-11-07 13:15 - 2017-11-07 13:15 - 000012219 _____ C:\Users\1\Downloads\ResumeJaceyWolfe.pdf
2017-11-07 12:38 - 2017-11-07 12:38 - 000014860 _____ C:\Users\1\Downloads\ResumeSaraLoehndorf.pdf
2017-11-07 08:26 - 2017-11-07 08:26 - 000265067 _____ C:\Users\1\Documents\Scan0003.pdf
2017-11-05 09:50 - 2017-11-05 09:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-01 03:58 - 2017-11-01 03:58 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-11-01 03:58 - 2017-11-01 03:58 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-11-01 03:58 - 2017-11-01 03:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-11-01 03:58 - 2017-11-01 03:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-10-28 18:36 - 2017-10-28 18:36 - 000104816 _____ C:\Users\1\Desktop\BCRK_GST_July-Sep 2017.pdf
2017-10-27 10:18 - 2017-10-27 10:22 - 000285519 _____ C:\Users\1\Documents\PayStubs_Jackie.pdf
2017-10-19 10:53 - 2017-10-19 10:53 - 000143948 _____ C:\Users\1\Downloads\451210XXXXXX2378-2017Sep09-2017Oct10.pdf
2017-10-17 15:31 - 2017-10-17 15:31 - 000162085 _____ C:\Users\1\Downloads\50453-OOK®30lb.ConventionalHook.pdf
2017-10-17 13:55 - 2017-10-17 13:55 - 000203317 _____ C:\Users\1\Documents\Scan0002.pdf
2017-10-17 11:30 - 2017-10-17 11:30 - 000128160 _____ C:\Users\1\Downloads\RE-201.dwg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-14 10:07 - 2014-06-20 20:41 - 000000000 ____D C:\Users\1\Documents\Outlook Files
2017-11-14 09:55 - 2016-10-01 20:17 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 09:55 - 2016-10-01 20:17 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 09:52 - 2015-08-19 21:57 - 004353564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-14 09:47 - 2016-10-01 20:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-14 09:47 - 2016-07-15 22:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-11-14 09:47 - 2014-06-13 18:17 - 000000000 __SHD C:\Users\1\IntelGraphicsProfiles
2017-11-14 09:46 - 2014-11-22 17:42 - 000000000 ____D C:\Program Files\Vuze
2017-11-14 08:16 - 2016-10-01 20:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-13 19:10 - 2016-10-01 20:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-11-13 18:54 - 2014-12-18 08:58 - 000000000 ____D C:\Users\1\Documents\My Safes
2017-11-13 18:50 - 2014-12-18 08:58 - 000000000 ____D C:\Users\1\AppData\Local\PasswordSafe
2017-11-13 16:36 - 2014-06-21 00:40 - 000000000 ___RD C:\Users\1\Desktop\Shortcuts
2017-11-13 09:31 - 2016-10-01 20:08 - 000000000 ____D C:\Users\1
2017-11-13 09:30 - 2017-07-22 12:31 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-13 08:32 - 2014-06-20 23:38 - 000000000 ____D C:\Users\1\AppData\Roaming\Nitro PDF
2017-11-13 08:24 - 2014-06-25 09:36 - 000000000 ____D C:\Users\1\Documents\My Files
2017-11-12 09:03 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\registration
2017-11-11 20:36 - 2016-05-30 15:42 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-11-11 20:36 - 2015-10-29 23:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-11 20:36 - 2014-06-21 00:03 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-11 20:36 - 2013-02-03 18:14 - 000000000 ____D C:\Program Files (x86)\Amazon
2017-11-11 20:25 - 2016-02-10 21:31 - 000000000 ____D C:\Users\1\AppData\Local\FMSoftwareStudio
2017-11-11 20:25 - 2016-02-10 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Software Studio
2017-11-11 20:25 - 2016-02-10 21:31 - 000000000 ____D C:\Program Files (x86)\FM Software Studio
2017-11-11 10:27 - 2013-02-03 18:16 - 000000000 ____D C:\Program Files\Lenovo
2017-11-11 10:25 - 2015-12-04 21:45 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-11-11 08:53 - 2016-07-16 03:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-11 08:50 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-11 07:45 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-08 12:45 - 2016-07-04 20:44 - 000000000 ___RD C:\Users\1\Dropbox
2017-11-06 09:58 - 2017-07-26 15:57 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1725315453-2740151350-3882751306-1001
2017-11-06 09:58 - 2015-08-20 06:02 - 000002404 _____ C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-06 09:58 - 2014-06-20 18:25 - 000000000 __RDO C:\Users\1\OneDrive
2017-11-05 09:50 - 2015-09-04 15:26 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-10-22 12:53 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-17 14:31 - 2017-03-19 11:10 - 000000000 ____D C:\Users\1\Desktop\Easter
2017-10-17 10:22 - 2016-07-16 03:47 - 000000000 ___HD C:\Program Files\WindowsApps
==================== Files in the root of some directories =======
2014-06-13 08:38 - 2014-06-14 08:46 - 000003011 _____ () C:\Users\1\AppData\Roaming\AbsoluteReminder.xml
2014-06-21 00:13 - 2017-10-14 15:41 - 000000600 _____ () C:\Users\1\AppData\Roaming\winscp.rnd
2014-06-13 08:37 - 2015-08-19 21:30 - 000049637 _____ () C:\Users\1\AppData\Local\BTServer.log
2016-02-11 13:40 - 2016-02-11 13:40 - 000000000 _____ () C:\Users\1\AppData\Local\{0B94F59E-3EBF-4637-8BEE-52C9DFB9D129}
2016-02-11 13:40 - 2016-02-11 13:40 - 000000000 _____ () C:\Users\1\AppData\Local\{213DAA8E-E7AB-48F3-A361-0BEE563CECBC}
2017-07-01 11:34 - 2017-07-01 11:34 - 000000000 _____ () C:\Users\1\AppData\Local\{6E0E2E39-C2F7-4BE8-8AB6-B03CCA8418AF}
2017-11-13 09:31 - 2017-11-13 09:31 - 000000000 _____ () C:\Users\1\AppData\Local\{AF2E990F-CC2B-4C70-B220-11DF6552AAAF}
2017-07-01 11:32 - 2017-07-01 11:32 - 000000000 _____ () C:\Users\1\AppData\Local\{BAD9059D-D20D-4840-B2FB-9792AFA80903}
2014-06-21 00:30 - 2014-06-21 00:30 - 000000057 _____ () C:\ProgramData\Ament.ini
2016-10-01 20:06 - 2016-10-01 20:06 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-11-11 10:31 - 2017-11-11 10:31 - 064938720 ____N (Kometa LCC) C:\Users\1\AppData\Local\Temp\FC71Pb1zfbxi.exe
2017-06-14 19:39 - 2017-06-14 19:39 - 000739904 _____ (Oracle Corporation) C:\Users\1\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-09-16 08:54 - 2017-09-16 08:54 - 038125328 _____ (Microsoft Corporation) C:\Users\1\AppData\Local\Temp\mpam-f4ffe129.exe
2017-11-11 13:39 - 2017-11-11 20:31 - 000046924 _____ () C:\Users\1\AppData\Local\Temp\tu17p84.exe
2017-11-11 10:24 - 2017-11-11 10:24 - 002643640 _____ () C:\Users\1\AppData\Local\Temp\xJLA1joO8OiO.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-14 10:09
==================== End of FRST.txt ============================

 

 

    Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by 1 (14-11-2017 10:23:05)
Running from C:\Users\1\Desktop
Windows 10 Home Version 1607 14393.1358 (X64) (2016-10-02 04:19:44)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
1 (S-1-5-21-1725315453-2740151350-3882751306-1001 - Administrator - Enabled) => C:\Users\1
Administrator (S-1-5-21-1725315453-2740151350-3882751306-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1725315453-2740151350-3882751306-503 - Limited - Disabled)
Guest (S-1-5-21-1725315453-2740151350-3882751306-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1725315453-2740151350-3882751306-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore) Hidden
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J625DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
cssSlider (HKLM-x32\...\cssSlider_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 38.4.27 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
Flash Slideshow Maker Pro 5.20 (HKLM-x32\...\Flash Slideshow Maker Pro) (Version: 5.20 - Flash-Slideshow-Maker.COM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.12.0.7638 (HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\GoToMeeting) (Version: 8.12.0.7638 - LogMeIn, Inc.)
GoToMeeting 8.12.0.7638 (HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334\...\GoToMeeting) (Version: 8.12.0.7638 - LogMeIn, Inc.)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.37.11 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kobo (HKLM-x32\...\Kobo) (Version: 3.18.0 - Rakuten Kobo Inc.)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.907.1 - Vimicro)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.22 - Lenovo)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.43 - Lenovo)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
mydlink services plugin (HKLM-x32\...\{1A9B665A-5F27-4F71-BF90-22FDFE7A1635}) (Version: 1.0.2.7 - D-Link Corporation)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{6A85286D-BA0F-4318-8C30-AD74A33AAD36}) (Version: 3.51.28 - Oracle Corporation)
MySQL Connector/ODBC 5.2(a) (HKLM-x32\...\{6BAA9A62-1520-4063-A5B4-FFB3D6EC62BB}) (Version: 5.2.4 - Oracle Corporation)
Nitro Pro 8 (HKLM\...\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}) (Version: 8.0.7.3 - Nitro)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.00.0198 - REALTEK Semiconductor Corp.)
Sage 50 Accounting (HKLM-x32\...\{040522E9-CDA8-495B-941D-8B4164A2CE49}) (Version: 24.10.1001 - Sage Software) Hidden
Sage 50 Accounting (HKLM-x32\...\{1585982E-766D-476A-BF0D-5FE4A1C1BE9F}) (Version: 22.00.1001 - Sage Software) Hidden
Sage 50 Accounting (HKLM-x32\...\{3F4F1778-F87C-4B08-BCE6-1BF3E42F26BD}) (Version: 23.00.2001 - Sage Software) Hidden
Sage 50 Accounting (HKLM-x32\...\{B9DBDDE5-ED84-4D53-92BD-DD5BE646BB4B}) (Version: 21.20.1001 - Sage Software) Hidden
Sage 50 Accounting (HKLM-x32\...\InstallShield_{B9DBDDE5-ED84-4D53-92BD-DD5BE646BB4B}) (Version: 21.20.1001 - Sage Software)
Sage 50 Accounting Component (HKLM-x32\...\{17DD6AD4-5F32-4B6B-9323-1F034C818BF5}) (Version: 24.10.10002.1 - Sage Software) Hidden
Sage 50 Accounting Component (HKLM-x32\...\{9D79A79D-B2B1-44F3-8E7A-4E5E2C87B3DF}) (Version: 24.10.10002.1 - Sage Software) Hidden
Sage 50 Accounting Version 2015 (HKLM-x32\...\InstallShield_{1585982E-766D-476A-BF0D-5FE4A1C1BE9F}) (Version: 22.00.1001 - Sage Software)
Sage 50 Accounting Version 2016 (HKLM-x32\...\InstallShield_{3F4F1778-F87C-4B08-BCE6-1BF3E42F26BD}) (Version: 23.00.2001 - Sage Software)
Sage 50 Accounting Version 2017 (HKLM-x32\...\InstallShield_{040522E9-CDA8-495B-941D-8B4164A2CE49}) (Version: 24.10.1001 - Sage Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TurboTax 2014 (HKLM-x32\...\{0B69B187-4F9F-41C2-B850-735D1A323571}) (Version: 1.00.0000 - Intuit Canada)
Unity Web Player (HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
WD Backup (HKLM-x32\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinSCP 5.9.4 (HKLM-x32\...\winscp3_is1) (Version: 5.9.4 - Martin Prikryl)
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version:  - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\1\AppData\Local\GoToMeeting\7297\G2MOutlookAddin64.dll (LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2012-11-18] (Nitro PDF)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0576CC06-1186-4E6C-8C9A-D309CA100F46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {123B1EFF-5577-4EFB-9AD6-2902C2475437} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {2C3B20AC-3D51-4252-AC5F-03E878BD13ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN4152T72W => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {2DF7591C-E635-4567-A676-6D25E08AFC75} - System32\Tasks\G2MUploadTask-S-1-5-21-1725315453-2740151350-3882751306-1001 => C:\Users\1\AppData\Local\GoToMeeting\7638\g2mupload.exe [2017-09-17] (LogMeIn, Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {5F843619-E52C-4F09-BE5D-1F27589A846C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {69CCCCD4-47BA-4B35-93A6-8E41B2F32106} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {876088D4-FD93-4E8B-9F2B-15DAFA867A62} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-15] (Dropbox, Inc.)
Task: {8984EF9E-C264-4452-93F9-393CDEDC8B31} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {8D22576A-B276-4B2C-BD18-6BC74C1021A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {A68FC3CB-5705-47AB-AEAA-B4BA8E404ED7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {AF8C5D69-9C02-4B0E-8120-B27212C6C87C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {BBE35E76-8D54-4D99-B4A4-3414E55639D8} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {C11ABE89-1867-4B7C-8D48-3D918C8BB2FB} - System32\Tasks\HPCeeScheduleFor1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {E60D4ADB-55C9-4044-8EA2-ED98CE4447B5} - System32\Tasks\G2MUpdateTask-S-1-5-21-1725315453-2740151350-3882751306-1001 => C:\Users\1\AppData\Local\GoToMeeting\7638\g2mupdate.exe [2017-09-17] (LogMeIn, Inc.)
Task: {E67C957F-D084-4EAE-8E8F-1E0DB0F0ADE2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {EA5DE9DE-2A7F-451D-9EA9-93E42EE63108} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {EF721C5A-5CED-421A-A995-834EF3BED675} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-15] (Dropbox, Inc.)
Task: {F5C45611-3856-4283-B27E-0D6BEA6D6100} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {F6ABF613-28D7-4F1D-A69C-BB74C73A0922} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1725315453-2740151350-3882751306-1001.job => C:\Users\1\AppData\Local\GoToMeeting\7638\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1725315453-2740151350-3882751306-1001.job => C:\Users\1\AppData\Local\GoToMeeting\7638\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFor1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 03:42 - 2016-07-16 03:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-23 09:25 - 2017-06-03 02:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-08 23:44 - 2017-05-08 23:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-25 18:54 - 2005-04-21 20:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2013-02-03 18:15 - 2013-02-03 18:15 - 000059472 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2017-11-14 09:38 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-14 09:38 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-10-01 21:01 - 2016-10-01 21:01 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-06-03 13:16 - 2017-03-03 22:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-06-03 13:16 - 2017-03-03 22:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-06-03 13:16 - 2017-03-03 22:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-03 13:16 - 2017-03-03 22:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-23 09:25 - 2017-06-03 00:47 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-23 09:25 - 2017-06-03 00:47 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-23 09:25 - 2017-06-03 00:51 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-02-03 18:15 - 2013-02-03 18:15 - 000209488 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2013-02-03 18:14 - 2013-02-03 18:14 - 000172112 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2013-02-03 18:15 - 2013-02-03 18:15 - 000269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2013-02-03 18:15 - 2013-02-03 18:15 - 000018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2013-02-03 18:15 - 2013-02-03 18:15 - 000018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2013-02-03 18:14 - 2013-02-03 18:14 - 001623632 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2013-02-03 18:14 - 2013-02-03 18:14 - 000030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2017-11-05 09:49 - 2017-11-01 03:58 - 000724288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-11-05 09:49 - 2017-11-01 03:58 - 002002752 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-11-05 09:49 - 2017-11-01 03:57 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-11-05 09:49 - 2017-11-01 03:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-11-05 09:49 - 2017-11-01 03:57 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-11-05 09:49 - 2017-11-01 03:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-11-05 09:49 - 2017-11-01 04:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-11-05 09:49 - 2017-11-01 03:57 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-11-05 09:49 - 2017-11-01 03:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-11-05 09:49 - 2017-11-01 04:01 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-11-05 09:49 - 2017-11-01 03:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-11-05 09:49 - 2017-11-01 04:01 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-11-05 09:49 - 2017-11-01 04:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-11-05 09:49 - 2017-11-01 04:01 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-11-05 09:49 - 2017-11-01 04:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-11-05 09:49 - 2017-11-01 04:01 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-05-25 18:54 - 2009-02-27 15:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-02-03 18:07 - 2012-06-24 18:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 02:42 - 2015-11-11 02:42 - 001045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:0A8E2C33 [133]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\...\experts-exchange.com -> hxxps://www.experts-exchange.com
IE trusted site: HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334\...\experts-exchange.com -> hxxps://www.experts-exchange.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2017-11-11 10:27 - 000001832 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 bratitlamio.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.wizzuniquify.com
127.0.0.1 wizzmonetize.com
127.0.0.1 laserveradedomaina.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734249\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734299\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\1\Documents\Purden Web Page\ski\images\2013_2014 Images\20140223_100326.jpg
HKU\S-1-5-21-1725315453-2740151350-3882751306-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11142017094734334\Control Panel\Desktop\\Wallpaper -> C:\Users\1\Documents\Purden Web Page\ski\images\2013_2014 Images\20140223_100326.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EE62D818-78A5-4AAC-95FE-678B5A32A775}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS6CA1\HPDiagnosticCoreUI.exe
FirewallRules: [{EE3A5F35-7330-4F41-B70F-9800EF881032}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS6CA1\HPDiagnosticCoreUI.exe
FirewallRules: [{53DBC9DE-D858-4D9F-A9BD-5668C2B40696}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{BAD161EA-4F3C-4B93-BADA-1D2A8AE43872}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{0E3C0616-8CB1-4AC7-A4BF-70CBF38D20DF}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS2440\HPDiagnosticCoreUI.exe
FirewallRules: [{5D5A2DD3-5BE2-4447-9B1B-73AC1339D7D5}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS2440\HPDiagnosticCoreUI.exe
FirewallRules: [{A7D842B5-2BC8-4A56-811C-0A09E3A38A0C}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS2300\HPDiagnosticCoreUI.exe
FirewallRules: [{56E7BCDF-6140-425F-80DD-BC91C39FE9EA}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS2300\HPDiagnosticCoreUI.exe
FirewallRules: [{D99168AE-3E97-429D-B394-3578A868390D}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS5C47\HPDiagnosticCoreUI.exe
FirewallRules: [{32D335E2-1A88-4C45-A04C-800F7EF4E663}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS5C47\HPDiagnosticCoreUI.exe
FirewallRules: [{1944057A-39E9-4A70-8E0E-DA4E5DE29EEF}] => (Allow) LPort=1900
FirewallRules: [{89C6244A-A748-47D8-A37D-26CD76B2E2BD}] => (Allow) LPort=2869
FirewallRules: [{81CF2688-D2C9-45CE-B49F-78CC14E18CB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DBF8AB7E-B3E2-4942-AA26-898F109C16AC}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1FEA\HPDiagnosticCoreUI.exe
FirewallRules: [{214E4C2C-11AF-4A5F-BA35-E485A10F92C6}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1FEA\HPDiagnosticCoreUI.exe
FirewallRules: [{3744840A-4AB1-4E28-A8FF-81306B5A7989}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1642\HPDiagnosticCoreUI.exe
FirewallRules: [{8C85621C-3BC4-4F73-AB78-8BE69FA978FE}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1642\HPDiagnosticCoreUI.exe
FirewallRules: [{F5F476F1-6166-477A-89C0-6F2D750D88FF}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1DCD848D-EFC9-4536-B012-32EA62408BE4}] => (Allow) LPort=5357
FirewallRules: [{B67AB40A-781F-45C4-A120-A5D68E81954C}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{BBAE23EA-AF09-4005-8C7D-D71D86405049}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1C23\HPDiagnosticCoreUI.exe
FirewallRules: [{A2F4FD30-8297-4D26-A8F9-A3D5E9BB6351}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1C23\HPDiagnosticCoreUI.exe
FirewallRules: [{7FC22663-8BE8-415F-BB9D-E7202ACCF266}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS184B\HPDiagnosticCoreUI.exe
FirewallRules: [{345BA362-89FA-4B33-B279-43C88FA798A6}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS184B\HPDiagnosticCoreUI.exe
FirewallRules: [{4D384774-502F-4858-B7FB-A41DC9FD6DEA}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1746\HPDiagnosticCoreUI.exe
FirewallRules: [{51F07D23-C4CA-404C-9D1C-0CE6235F6E4B}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1746\HPDiagnosticCoreUI.exe
FirewallRules: [{19C6AC29-D3B3-4C87-A6FA-9C5DB1B43149}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS5254\HPDiagnosticCoreUI.exe
FirewallRules: [{825B2CAB-2263-4CF0-993E-0AAE51616277}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS5254\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{B338A3A4-6FDB-40DF-AB03-AB66F84E03F3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{73A16418-4A43-453F-B403-5B500F554E47}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FD643ED8-1CB4-4CED-9B3E-AB122DFE846C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{BD67AE84-05C3-4B24-B318-11311AD3505F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E0D21D7C-88A3-42D6-8716-7EBA4C0BA8A6}C:\users\1\documents\instantrails2(old)\ruby\bin\ruby.exe] => (Allow) C:\users\1\documents\instantrails2(old)\ruby\bin\ruby.exe
FirewallRules: [TCP Query User{F0846B68-BCBA-4528-A26E-8EE8FCE48A01}C:\users\1\documents\instantrails2(old)\ruby\bin\ruby.exe] => (Allow) C:\users\1\documents\instantrails2(old)\ruby\bin\ruby.exe
FirewallRules: [UDP Query User{005BBD09-4E22-4DF7-81D0-482608711DB1}C:\users\1\documents\instantrails2(old)\apache\apache.exe] => (Allow) C:\users\1\documents\instantrails2(old)\apache\apache.exe
FirewallRules: [TCP Query User{D1BAE156-0789-4EA8-895D-B8801DE01275}C:\users\1\documents\instantrails2(old)\apache\apache.exe] => (Allow) C:\users\1\documents\instantrails2(old)\apache\apache.exe
FirewallRules: [UDP Query User{EB14AC90-7669-4200-AC66-298C41349A55}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{C8231343-7DEA-4F64-8A7E-134FE29854C2}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [{3E026185-A86B-44EC-8E15-1169E4C44DD4}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{0AC70BF4-AF35-4AE2-8D51-FA6B64E5E14A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [UDP Query User{8AE36CAF-C16A-4F27-A022-1FF81FDC0BE8}C:\users\1\documents\instantrails2\ruby\bin\ruby.exe] => (Allow) C:\users\1\documents\instantrails2\ruby\bin\ruby.exe
FirewallRules: [TCP Query User{DB7C38E0-059B-4545-B922-6B10B8D5B332}C:\users\1\documents\instantrails2\ruby\bin\ruby.exe] => (Allow) C:\users\1\documents\instantrails2\ruby\bin\ruby.exe
FirewallRules: [UDP Query User{371A0F1B-2E65-4A01-A8B8-765717DF9D92}C:\users\1\documents\instantrails2\apache\apache.exe] => (Allow) C:\users\1\documents\instantrails2\apache\apache.exe
FirewallRules: [TCP Query User{4F7DDC34-DA1C-455E-9073-9F9D0B0B8D78}C:\users\1\documents\instantrails2\apache\apache.exe] => (Allow) C:\users\1\documents\instantrails2\apache\apache.exe
FirewallRules: [{E0E9B62B-B282-48BE-A4B6-9B375D40888B}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [{59B6E4B6-D6FB-4757-8AE4-4BD9815DC07A}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [{31BD5C0B-9D51-4DEB-A94A-5C360BC26E00}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{8C63DC20-B63E-49C1-9770-E8DF5A8D4E3A}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{7E1B1531-7CF6-4283-84CB-12E558C6F5CC}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{A05DB88F-2A0C-4254-85BB-969BDCC1517E}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{99793999-3DF6-4467-B8E4-C93495BEE068}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS022C\HPDiagnosticCoreUI.exe
FirewallRules: [{4B339B3C-B92E-4603-B104-83427C20AA55}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS022C\HPDiagnosticCoreUI.exe
FirewallRules: [{998481A9-6456-4A97-894C-C0D090262997}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7838\HPDiagnosticCoreUI.exe
FirewallRules: [{C65296E8-4B9C-43E1-9859-F5B5EA1B50F8}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7838\HPDiagnosticCoreUI.exe
FirewallRules: [{82B03C11-CD65-40FE-8B33-7FBA2110FE66}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS26AD\HPDiagnosticCoreUI.exe
FirewallRules: [{6939B36C-E463-4D9F-AE44-453704534C36}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS26AD\HPDiagnosticCoreUI.exe
FirewallRules: [{F4459EBB-6CA8-42AD-B68F-5EBC983A380C}] => (Allow) C:\Users\1\Downloads\flashcardmaker_setup-67034840.exe
FirewallRules: [{5403BC59-5D35-44B0-911B-AD1194BF7C8C}] => (Allow) C:\Users\1\Downloads\flashcardmaker_setup-67034840.exe
FirewallRules: [{DD30BB1F-E8FC-4CE9-A7A2-FAE6FE764B64}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7211\HPDiagnosticCoreUI.exe
FirewallRules: [{AD0DD608-9D19-46F3-BB52-830AC2E9789F}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7211\HPDiagnosticCoreUI.exe
FirewallRules: [{6A2455BA-34B5-4BD1-9509-C066FF7FC789}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS75CE\HPDiagnosticCoreUI.exe
FirewallRules: [{D59EF725-33B3-4CD6-9E12-D60E8BD65D35}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS75CE\HPDiagnosticCoreUI.exe
FirewallRules: [{A650C126-BA98-4E8E-929D-1E7C0E4778C4}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1BE4\HPDiagnosticCoreUI.exe
FirewallRules: [{FBFBBF7F-5449-4880-A3CA-B16D0C1E71D3}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS1BE4\HPDiagnosticCoreUI.exe
FirewallRules: [{44ABFB95-39B4-4CF4-9621-49522938E782}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7B38\HPDiagnosticCoreUI.exe
FirewallRules: [{201CF4FB-DDA8-4F0D-A63C-8558C3CCFE00}] => (Allow) C:\Users\1\AppData\Local\Temp\7zS7B38\HPDiagnosticCoreUI.exe
FirewallRules: [{52979F53-C415-40F1-9FFA-18EDCE0AE126}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{3CEBD08D-4511-41EA-A0DD-4E60A1478A15}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{E91D53B7-03F4-4488-A863-F7A2EE5F7F65}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{29973ED4-1E8E-4AB5-8DE5-A8B8FDD5CC52}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{BBF24589-C14B-4E8F-8BC9-648E563BDC27}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [{2E16E90A-231E-4B63-B299-CED9EB1A8019}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [TCP Query User{0E3FDA6B-14A9-4E45-B551-F934E600E97D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{B207ECDD-13C9-454E-A3AB-25AA775C3F05}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{0B5CEE51-E3FC-427F-AE89-AEF65BEC7659}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{C6724735-07F6-482F-91AF-5C1E0649F397}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{2D151198-D180-4569-A046-A8B894A5AEF6}] => (Allow) LPort=54925
FirewallRules: [{D90900B2-6F89-4597-B3F0-B811B52D1912}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A8E3F6F-AE78-47CA-B964-2AF2682DC5BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B13B927D-F7A5-4CCB-9347-190C2605455D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{71D990A8-805E-4D60-AFEE-D2121916F992}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E9C2FE68-C9C8-44B4-A32F-2FB68972166A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3DAF6BC6-C102-419C-A9E5-AC13CAE2EDF9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C376DA41-FED1-4037-BA5E-30F1FF986D5A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{3C73F4C7-A5EE-497C-B52B-FFFA9041F4E1}] => (Allow) C:\Users\1\AppData\Local\yc\Application\yc.exe
==================== Restore Points =========================
13-11-2017 12:41:20 Malwarebytes Anti-Rootkit Restore Point
13-11-2017 16:35:38 Restore Point Created by FRST
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (11/14/2017 10:18:47 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR
DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 183
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  dataLength is invalid.
Participant:  TCPU [1]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
Error: (11/14/2017 09:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/14/2017 09:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/14/2017 09:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/14/2017 09:48:45 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR
DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 183
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  dataLength is invalid.
Participant:  TCPU [1]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
Error: (11/14/2017 09:47:31 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR
DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 183
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  dataLength is invalid.
Participant:  TCPU [1]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
Error: (11/14/2017 09:27:47 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
Error: (11/14/2017 09:25:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/14/2017 09:25:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/14/2017 09:25:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (11/14/2017 10:09:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/14/2017 09:50:41 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (11/14/2017 09:48:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/14/2017 09:47:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/14/2017 09:47:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/14/2017 09:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/14/2017 09:47:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.
Error: (11/14/2017 09:47:05 AM) (Source: DCOM) (EventID: 10010) (User: IDEA-PC)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (11/14/2017 09:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/14/2017 09:28:08 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
  Date: 2017-11-14 09:38:31.132
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-11-10 20:49:24.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-09-21 10:08:17.890
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-08-07 07:42:58.387
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-08-03 20:30:33.216
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-22 16:54:10.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-06 11:52:12.290
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-01 15:59:05.390
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-01 12:15:05.874
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-06-23 14:53:45.878
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 61%
Total physical RAM: 3975.27 MB
Available physical RAM: 1538.97 MB
Total Virtual: 7175.27 MB
Available Virtual: 4458.02 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:101.99 GB) (Free:13.18 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: A9DC68D2)
Partition: GPT.
==================== End of Addition.txt ============================

   Shortcut.txt

 

 

Users shortcut scan result (x64) Version: 12-11-2017 03
Ran by 1 (14-11-2017 10:23:42)
Running from C:\Users\1\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

Shortcut: C:\Users\1\Videos\Barney Movies\Barney & Friends - Now I Know My ABC's (2004)UniversalFreedom.avi.lnk -> C:\Users\1\Desktop\Cheyannes Videos\Movies\Barney & Friends - Now I Know My ABC's (2004)UniversalFreedom.avi (No File)
Shortcut: C:\Users\1\Videos\Barney Movies\Barney - Lets Go To The Farm DVDRip Xvid ResourceRG Kids Release Reidy.avi.lnk -> C:\Users\1\Documents\LimeWire\Saved\Barney - Lets Go To The Farm DVDRip Xvid ResourceRG Kids Release Reidy\Barney - Lets Go To The Farm DVDRip Xvid ResourceRG Kids Release Reidy.avi (No File)
Shortcut: C:\Users\1\Music\Windows8_OS © - Shortcut.lnk -> C:\ ()
Shortcut: C:\Users\1\Links\Desktop.lnk -> C:\Users\1\Desktop ()
Shortcut: C:\Users\1\Links\Downloads.lnk -> C:\Users\1\Downloads ()
Shortcut: C:\Users\1\Links\Dropbox.lnk -> C:\Users\1\Dropbox ()
Shortcut: C:\Users\1\Links\OneDrive.lnk -> C:\Users\1\OneDrive ()
Shortcut: C:\Users\1\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\1\Documents\Downloads - Shortcut.lnk -> C:\Users\1\Downloads ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\FM PDF To Word.lnk -> C:\Program Files (x86)\FM Software Studio\FM PDF To Word Converter Pro\FM PDF To Word Pro.exe (No File)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Free PDF To Word.lnk -> C:\Program Files (x86)\FM Software Studio\Free PDF To Word Converter\Free PDF To Word Converter.exe (No File)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\3D Home Architect Design Suite Deluxe 8.lnk -> C:\Program Files (x86)\3D Home Architect\Design Suite Deluxe 8\Bin\3DHDS80.exe (CADSOFT)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (No File)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Flash Slideshow Maker Professional.lnk -> C:\Program Files (x86)\Flash Slideshow Maker Professional\fssmpro.exe ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Kobo.lnk -> C:\Program Files (x86)\Kobo\Kobo.exe ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Michaela.psafe3 - Shortcut.lnk -> C:\Users\1\Documents\My Safes\Michaela.psafe3 ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk -> C:\Program Files\Vuze\Azureus.exe (No File)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\InstantRails Manager.lnk -> C:\Users\1\Documents\InstantRails2\InstantRails.exe (InstantRails)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office FrontPage.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ZinioLLC.Zinio_0q6dqzpp40p2e\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Microsoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ParrotSA.AR.FreeFlight_5w198hbdrfdwt\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsScan_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsReadingList_8wekyb3d8bbwe\Microsoft.WindowsReadingList.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\CompanionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Reader_8wekyb3d8bbwe\Microsoft.Reader.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsDefaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingHealthAndFitness_8wekyb3d8bbwe\AppexHealthAndFitness.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AppexFoodAndDrink.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_bq6yxensn79aw\McAfeeCentral.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\king.com.CandyCrushSaga_kgqvnymyfvs32\App.lnk -> CandyCrushSodaSaga
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\GoPro.GoProChannel_1h9vz9xjm6b8c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Evernote.Evernote_q4d96b2w5wcc2\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ENFEEL.Birzzle_x6zre6nb2hma6\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\eBayInc.eBay_1618n3s9xq8tw\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\E046963F.LenovoSupport_k1h2ywk1493x8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\E046963F.LenovoCompanion_k1h2ywk1493x8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ConceptofIslam.ILoveMath_2dtm287phm2tt\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AFF540DC.FLVMediaPlayer_v7353qx4kg3sa\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AD2F1837.HPPrinterControl_v10z8vjag6ke6\AD2F1837.HPPrinterControl.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\9E2F88E3.Twitter_wgeqdkkx372wm\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\Desktop\Videos - Shortcut.lnk -> C:\Users\1\Videos ()
Shortcut: C:\Users\1\Desktop\WD Drive\WD Drive Utilities.lnk -> C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilities.exe (Western Digital Technologies, Inc.)
Shortcut: C:\Users\1\Desktop\WD Drive\WD Security.lnk -> C:\Program Files (x86)\Western Digital\WD Security\WDSecurity.exe (Western Digital Technologies, Inc.)
Shortcut: C:\Users\1\Desktop\Shortcuts\3D Home Architect Design Suite Deluxe 8.lnk -> C:\Program Files (x86)\3D Home Architect\Design Suite Deluxe 8\Bin\3DHDS80.exe (CADSOFT)
Shortcut: C:\Users\1\Desktop\Shortcuts\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\1\Desktop\Shortcuts\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (No File)
Shortcut: C:\Users\1\Desktop\Shortcuts\Flash Slideshow Maker Professional.lnk -> C:\Program Files (x86)\Flash Slideshow Maker Professional\fssmpro.exe ()
Shortcut: C:\Users\1\Desktop\Shortcuts\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\1\Desktop\Shortcuts\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\Users\1\Desktop\Shortcuts\Kobo.lnk -> C:\Program Files (x86)\Kobo\Kobo.exe ()
Shortcut: C:\Users\1\Desktop\Shortcuts\Michaela.psafe3 - Shortcut.lnk -> C:\Users\1\Documents\My Safes\Michaela.psafe3 ()
Shortcut: C:\Users\1\Desktop\Shortcuts\Sage 50 Pro Accounting .lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting\Sage50Accounting.exe (Sage)
Shortcut: C:\Users\1\Desktop\Shortcuts\Sage 50 Pro Accounting Version 2016.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2016\Sage50Accounting.exe (Sage)
Shortcut: C:\Users\1\Desktop\Shortcuts\Shop for Supplies - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\hpqDTSS.exe (Hewlett-Packard Development Company, LP)
Shortcut: C:\Users\1\Desktop\Shortcuts\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\1\Desktop\Shortcuts\TurboTax Canada 2014.lnk -> C:\Program Files (x86)\TurboTax 2014\tt2014.exe (Intuit Canada ULC)
Shortcut: C:\Users\1\Desktop\Easter\OneDrive - Shortcut.lnk -> C:\Users\1\OneDrive ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\1\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe\Password Safe Help.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.chm ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe\Password Safe Uninstall.lnk -> C:\Program Files (x86)\Password Safe\Uninstall.exe ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe\Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\1\Dropbox ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\InstantRails Manager.lnk -> C:\Users\1\Documents\InstantRails2\InstantRails.exe (InstantRails)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office FrontPage.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\FRONTPG.EXE (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ZinioLLC.Zinio_0q6dqzpp40p2e\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Microsoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ParrotSA.AR.FreeFlight_5w198hbdrfdwt\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsScan_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsReadingList_8wekyb3d8bbwe\Microsoft.WindowsReadingList.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\CompanionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Reader_8wekyb3d8bbwe\Microsoft.Reader.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsDefaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingHealthAndFitness_8wekyb3d8bbwe\AppexHealthAndFitness.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AppexFoodAndDrink.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_bq6yxensn79aw\McAfeeCentral.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\king.com.CandyCrushSaga_kgqvnymyfvs32\App.lnk -> CandyCrushSodaSaga
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\GoPro.GoProChannel_1h9vz9xjm6b8c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\Evernote.Evernote_q4d96b2w5wcc2\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ENFEEL.Birzzle_x6zre6nb2hma6\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\eBayInc.eBay_1618n3s9xq8tw\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\E046963F.LenovoSupport_k1h2ywk1493x8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\E046963F.LenovoCompanion_k1h2ywk1493x8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\ConceptofIslam.ILoveMath_2dtm287phm2tt\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AFF540DC.FLVMediaPlayer_v7353qx4kg3sa\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AD2F1837.HPPrinterControl_v10z8vjag6ke6\AD2F1837.HPPrinterControl.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8\App.lnk -> Tile and icon assets
Shortcut: C:\Users\1\AppData\Local\Microsoft\Windows\Application Shortcuts\9E2F88E3.Twitter_wgeqdkkx372wm\App.lnk -> Tile and icon assets
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\1\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\1\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\1\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\1\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\1\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\1 ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk -> C:\Windows\Installer\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}\amazonicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{52D87F32-70E4-4348-8148-C0B9F35B1314}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk -> C:\Windows\Installer\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}\Professional.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOW Slider\Get Business Edition!.lnk -> C:\Program Files (x86)\WOW Slider\buy.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOW Slider\Home Page.lnk -> C:\Program Files (x86)\WOW Slider\help.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOW Slider\Uninstall.lnk -> C:\Program Files (x86)\WOW Slider\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOW Slider\WOW Slider.lnk -> C:\Program Files (x86)\WOW Slider\WOWSlider.exe (WOWSlider.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD SmartWare\WD Quick View.lnk -> C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD Apps\WD Drive Utilities.lnk -> C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilities.exe (Western Digital Technologies, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD Apps\WD Security.lnk -> C:\Program Files (x86)\Western Digital\WD Security\WDSecurity.exe (Western Digital Technologies, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax\TurboTax Canada 2014.lnk -> C:\Program Files (x86)\TurboTax 2014\tt2014.exe (Intuit Canada ULC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype for desktop.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2017\Company File Check & Repair.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\dbverifier\Sage_SA_DBVerifier.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2017\Microsoft Office Documents.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\Sage_SA_custrep.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2017\Sage 50 Pro Accounting Version 2017.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\Sage50Accounting.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2016\Company File Check & Repair.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2016\dbverifier\Sage_SA_DBVerifier.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2016\Microsoft Office Documents.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2016\Sage_SA_custrep.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2016\Sage 50 Pro Accounting Version 2016.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2016\Sage50Accounting.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2015\Company File Check & Repair.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2015\dbverifier\Sage_SA_DBVerifier.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2015\Microsoft Office Documents.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2015\Sage_SA_custrep.exe (Sage Software Canada, Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2015\Sage 50 Pro Accounting Version 2015.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2015\Sage50Accounting.exe (Sage)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneKey Recovery\OneKey Recovery.lnk -> C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe (CyberLink)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office FrontPage 2003.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Office Anytime Upgrade.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\promo.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\UserGuide.lnk -> C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe (Lenovo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\YouCam\Lenovo YouCam.lnk -> C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\MotionControl\Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Transition\Lenovo Transition.lnk -> C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe (Lenovo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo\Kobo.lnk -> C:\Program Files (x86)\Kobo\Kobo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Graphics and Media Control Panel.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Slideshow Maker Professional\Flash Slideshow Maker Professional.lnk -> C:\Program Files (x86)\Flash Slideshow Maker Professional\fssmpro.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Slideshow Maker Professional\Uninstall.lnk -> C:\Program Files (x86)\Flash Slideshow Maker Professional\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Slideshow Maker Professional\Website.lnk -> C:\Program Files (x86)\Flash Slideshow Maker Professional\Flash Slideshow Maker Pro.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cssSlider\cssSlider.lnk -> C:\Program Files (x86)\cssSlider\cssSlider.exe (cssSlider.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cssSlider\Home Page.lnk -> C:\Program Files (x86)\cssSlider\help.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cssSlider\Uninstall.lnk -> C:\Program Files (x86)\cssSlider\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant\SAII\SmartAudio.lnk -> C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\Brother Utilities.lnk -> C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe (Brother Industories, Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft® Windows® Operating System)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Home Architect\Design Suite Deluxe 8.lnk -> C:\Program Files (x86)\3D Home Architect\Design Suite Deluxe 8\Bin\3DHDS80.exe (CADSOFT)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software\Absolute Data Protect.lnk -> C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe (Absolute Software)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Brother Utilities.lnk -> C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe (Brother Industories, Ltd.)
Shortcut: C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk -> C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe ()
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Sage 50 Pro Accounting Version 2017.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\Sage50Accounting.exe (Sage)
Shortcut: C:\Users\Public\Desktop\WinSCP.lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl)
Shortcut: C:\Users\Public\Desktop\WOW Slider.lnk -> C:\Program Files (x86)\WOW Slider\WOWSlider.exe (WOWSlider.com)

ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc.) -> /p 2
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\1\Desktop\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc.) -> /p 2
ShortcutWithArgument: C:\Users\1\Desktop\WD Drive\WD Backup.lnk -> C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe (Western Digital Technologies, Inc.) -> -launchbackupdefault
ShortcutWithArgument: C:\Users\1\Desktop\Shortcuts\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Windows\SendTo\WinSCP (for upload).lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl) -> /upload
ShortcutWithArgument: C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\1\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD Backup\WD Backup.lnk -> C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe (Western Digital Technologies, Inc.) -> -launchbackupdefault
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2017\Sage 50 Connection Manager.lnk -> C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage) -> ShowDlgOnly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2017\Sage 50 Troubleshooter.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2017\TST\Sage_SA_TST.exe (Sage) -> en
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2016\Sage 50 Connection Manager.lnk -> C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage) -> ShowDlgOnly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2016\Sage 50 Troubleshooter.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2016\TST\Sage_SA_TST.exe (Sage) -> en
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2015\Sage 50 Connection Manager.lnk -> C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage) -> ShowDlgOnly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage 50 Pro Accounting Version 2015\Sage 50 Troubleshooter.lnk -> C:\Program Files (x86)\Sage 50 Pro Accounting Version 2015\TST\Sage_SA_TST.exe (Sage) -> en
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk -> C:\Windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () ->  /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\YouCam\Lenovo YouCam Mirror.lnk -> C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) -> /m
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center\Intel AppUp(SM) center.lnk -> C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe (Intel Corporation) -> --domain F0399437-FD0C-4A48-B101-F0314A6172E4
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc.) -> /p 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP ENVY 4500 series\HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HP ENVY 4500 series.exe (Hewlett-Packard Development Company, LP) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HP ENVY 4500 series.exe (Hewlett-Packard Development Company, LP) -> -Start UDCDevicePage
ShortcutWithArgument: C:\Users\Public\Desktop\WD Backup.lnk -> C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe (Western Digital Technologies, Inc.) -> -launchbackupdefault

InternetURL: C:\Users\1\OneDrive\Documents\Michaela's Notebook.url -> URL: hxxps://onedrive.live.com/redir.aspx?cid=21237385f829bced&resid=21237385F829BCED!4655&type=3
InternetURL: C:\Users\1\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\1\Favorites\powderking.com  Home.url -> URL: hxxp://www.powderking.com/
InternetURL: C:\Users\1\Favorites\Sandwich Event Planner--Ellen's Kitchen.url -> URL: hxxp://www.ellenskitchen.com/bigpots/plan/sandwich100.html
InternetURL: C:\Users\1\Favorites\Tabor Mountain Ski Resort.url -> URL: hxxp://www.tabormountain.com/index.php?limit=3
InternetURL: C:\Users\1\Favorites\▶ I Can Only Imagine (with lyrics) - MercyMe - YouTube.url -> URL: hxxps://www.youtube.com/watch?v=0xwzItqYmII
InternetURL: C:\Users\1\Favorites\Links\Activities.url -> URL: hxxps://www.mec.ca/en/search/?text=leather+telemark+boots#/activities
InternetURL: C:\Users\1\Favorites\Links\Blakebuchanan's Buysell - Pinkbike.url -> BASEURL: hxxps://www.pinkbike.com/u/Blakebuchanan/buysell/watchlist/ URL: hxxps://www.pinkbike.com/u/Blakebuchanan/buysell/watchlist/
InternetURL: C:\Users\1\Favorites\Links\Google.url -> BASEURL: hxxps://www.google.ca/?gfe_rd=cr&dcr=0&ei=F47mWf7IH-fe8AfW97_oBg&gws_rd=ssl URL: hxxps://www.google.ca/?gfe_rd=cr&dcr=0&ei=F47mWf7IH-fe8AfW97_oBg&gws_rd=ssl
InternetURL: C:\Users\1\Favorites\Links\Log In.url -> URL: hxxps://www.paypal.com/ca/cgi-bin/webscr?cmd=_login-run
InternetURL: C:\Users\1\Favorites\Links\powderking.com  Home.url -> URL: hxxp://www.powderking.com/
InternetURL: C:\Users\1\Favorites\Links\Purden Ski Village - British Columbia, Canada.url -> URL: hxxp://www.purden.com/ski/wintersetup.htm
InternetURL: C:\Users\1\Favorites\Links\purdenlake.everfocusddns.com.url -> BASEURL: hxxp://209.52.70.143:70/login.html?1600 URL: hxxp://209.52.70.143:70/login.html?1600
InternetURL: C:\Users\1\Favorites\Links\purdenski.everfocusddns.com.url -> BASEURL: hxxp://209.52.70.146:90/login.html?1600 URL: hxxp://209.52.70.146:90/login.html?1600
InternetURL: C:\Users\1\Favorites\Links\Tabor Mountain Ski Resort.url -> URL: hxxp://www.tabormountain.com/index.php?limit=3
InternetURL: C:\Users\1\Favorites\Links\Troll Resort  Your Skiing and Outdoor Family Fun Destination.url -> URL: hxxp://trollresort.com/
InternetURL: C:\Users\1\Favorites\Links\YouTube to mp3 Converter.url -> URL: hxxp://www.youtube-mp3.org/
InternetURL: C:\Users\1\Favorites\Links\YouTube.url -> URL: hxxps://www.youtube.com/?gl=CA
InternetURL: C:\Users\1\Favorites\Lenovo\Lenovo Support.url -> URL: hxxp://support.lenovo.com/
InternetURL: C:\Users\1\Favorites\Lenovo\Lenovo.url -> URL: hxxp://www.lenovo.com/
InternetURL: C:\Users\1\Favorites\HP\Accessories.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\eBay.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\Everyday Printing & Computing.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\HP Creative Studio.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\HP Shopping.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpshop&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\Snapfish.url -> URL: hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_ca
InternetURL: C:\Users\1\Favorites\HP\Software and Driver Downloads.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Favorites\HP\WildTangent Games for HP.url -> URL: hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_ca&bd=all&c=134
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Lake Cameras.website -> URL: hxxp://10.10.61.229:70/login.html?1600
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\OpenCampground.url -> BASEURL: hxxp://localhost:3000/?%2F=reservation URL: hxxp://localhost:3000/?%2F=reservation
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Prince George, BC - 7 Day Forecast - Environment Canada (2).url -> URL: hxxps://weather.gc.ca/city/pages/bc-79_metric_e.html
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Coughs - And How to Treat Them » Homeopathy Plus.url -> URL: hxxp://homeopathyplus.com.au/coughs-and-how-to-treat-them/
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\EasyWeb.url -> URL: hxxps://easyweb.td.com/waw/idp/login.htm?execution=e1s1
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\Desktop\Shortcuts\Integris Credit Union - Online Banking (2).url -> URL: hxxps://my.integriscu.ca/
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\4_04_six_tips_convo_skills.url -> URL: hxxp://www.autismoutreach.ca/sites/default/files/4_04_six_tips_convo_skills.pdf
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\Google.url -> URL: hxxps://www.google.ca/
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\The Son-Rise Program Blog.url -> URL: hxxp://blog.autismtreatmentcenter.org/
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\YouTube.url -> URL: hxxps://www.youtube.com/?gl=CA
InternetURL: C:\Users\1\Documents\My Files\Restore\Users\1\AppData\Local\Microsoft\Internet Explorer\Pinned Sites\Digital Video Recorder.website -> URL: hxxp://10.10.61.229:70/login.html?1600
InternetURL: C:\Users\1\Documents\My Files\Paul\Court Lists\Breach\Criminal Law Firm  Criminal Defence Lawyer  Bolton Hatcher Dance, Vancouver.url -> URL: hxxp://www.bhd-law.com/
InternetURL: C:\Users\1\Desktop\Everfocus DDNS.url -> URL: hxxp://everfocusddns.com/main/index.php
InternetURL: C:\Users\1\Desktop\OpenCampground.url -> BASEURL: hxxp://localhost:3000/?%2F=reservation URL: hxxp://localhost:3000/?%2F=reservation
InternetURL: C:\Users\1\Desktop\Part V - Standard 507 - Flight Authority and Certificate of Noise Compliance - Transport Canada.url -> URL: hxxp://www.tc.gc.ca/eng/civilaviation/regserv/cars/part5-standards-standard507-1953.htm
InternetURL: C:\Users\1\Desktop\Part V - Standard 571 - Maintenance - Transport Canada.url -> URL: hxxp://www.tc.gc.ca/eng/civilaviation/regserv/cars/part5-standards-standard571-1971.htm
InternetURL: C:\Users\1\Desktop\Prince George, BC - 7 Day Forecast - Environment Canada (2).url -> URL: hxxps://weather.gc.ca/city/pages/bc-79_metric_e.html
InternetURL: C:\Users\1\Desktop\Weather Radar - Prince George, BC - Environment Canada.url -> URL: hxxps://weather.gc.ca/radar/index_e.html?id=XPG
InternetURL: C:\Users\1\Desktop\Shortcuts\Coughs - And How to Treat Them » Homeopathy Plus.url -> URL: hxxp://homeopathyplus.com.au/coughs-and-how-to-treat-them/
InternetURL: C:\Users\1\Desktop\Shortcuts\EasyWeb.url -> URL: hxxps://easyweb.td.com/waw/idp/login.htm?execution=e1s1
InternetURL: C:\Users\1\Desktop\Shortcuts\Integris Credit Union - Online Banking (2).url -> URL: hxxps://my.integriscu.ca/
InternetURL: C:\Users\1\Desktop\Shortcuts\RBC Royal Bank - Sign In to Online Banking.url -> URL: hxxps://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH&_ga=1.222070161.866738058.1405805191
InternetURL: C:\Users\1\Desktop\Shortcuts\T_Court of Appeal.url -> URL: hxxps://www.google.ca/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwjy1OjLwuPQAhVU2GMKHXHFBigQFggcMAA&url=http%3A%2F%2Fwww.courts.gov.bc.ca%2FCourt_of_Appeal%2F&usg=AFQjCNFlzH0d8xFmyoi0OeqHf0fY4wa4iQ&sig2=zG_tkCCWk2Hnb86_k5R9oA
InternetURL: C:\Users\1\Desktop\Shortcuts\u_Adult Court Lists Daily(Provincial) - Criminal Court Lists - Court Services - Ministry of Justice.url -> URL: hxxp://www.ag.gov.bc.ca/courts/court-lists/criminal/DAPCindex.html
InternetURL: C:\Users\1\Desktop\Shortcuts\v_Completed Adult Court Lists (Provincial) - Criminal Court Lists - Court Services - Ministry of Justice.url -> URL: hxxp://www.ag.gov.bc.ca/courts/court-lists/criminal/DACCPindex.html
InternetURL: C:\Users\1\Desktop\Shortcuts\w_CSO - Search Traffic-Criminal By Participant Name.url -> URL: hxxps://justice.gov.bc.ca/cso/esearch/criminal/partySearchNew.do
InternetURL: C:\Users\1\Desktop\Shortcuts\x_Completed Adult Court Lists (Supreme) - Criminal Court Lists - Court Services - Ministry of Justice (2).url -> URL: hxxp://www.ag.gov.bc.ca/courts/court-lists/criminal/DACCSindex.html
InternetURL: C:\Users\1\Desktop\Shortcuts\y_Supreme Court - Hearing Lists.url -> URL: hxxp://www.courts.gov.bc.ca/supreme_court/hearing_list/index.aspx
InternetURL: C:\Users\1\Desktop\Shortcuts\z_Adult Court Lists Daily (Supreme).url -> URL: hxxp://www.ag.gov.bc.ca/courts/court-lists/criminal/DASCindex.html
InternetURL: C:\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\4_04_six_tips_convo_skills.url -> URL: hxxp://www.autismoutreach.ca/sites/default/files/4_04_six_tips_convo_skills.pdf
InternetURL: C:\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\Google.url -> URL: hxxps://www.google.ca/
InternetURL: C:\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\The Son-Rise Program Blog.url -> URL: hxxp://blog.autismtreatmentcenter.org/
InternetURL: C:\Users\1\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\YouTube.url -> URL: hxxps://www.youtube.com/?gl=CA
InternetURL: C:\Users\1\AppData\Local\Microsoft\Internet Explorer\Pinned Sites\Digital Video Recorder.website -> URL: hxxp://10.10.61.229:70/login.html?1600
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL ->
InternetURL: C:\Users\Default\Favorites\Lenovo\Lenovo Support.url -> URL: hxxp://support.lenovo.com/
InternetURL: C:\Users\Default\Favorites\Lenovo\Lenovo.url -> URL: hxxp://www.lenovo.com/
InternetURL: C:\Users\Default\Favorites\Amazon\Amazon.com.url -> URL: hxxp://www.amazon.com/ref=bit_lnv_fav?tag=lenovo-abb-bm-us-ie-20
InternetURL: C:\Users\Default\Favorites\Amazon\AmazonBrowserBar.url -> URL: hxxp://www.amazon.com/gp/bit/amazonbrowserbar/ref=bit_lnv_fav?tag=lenovo-abb-bm-us-ie-20
==================== End of Shortcut.txt =============================


#14 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 14 November 2017 - 01:53 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
Start::
CreateRestorePoint:
CloseProcesses:
Tcpip\..\Interfaces\{2806c88b-8472-4577-8e3a-a8bd4ab5e7c5}: [NameServer] 35.177.46.238,46.101.28.31,82.202.226.203
End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.

---

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


Can you tell me how your computer is running now and if there are any remaining malware related problems.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Emvie

Emvie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 14 November 2017 - 07:34 PM

1. Fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by 1 (14-11-2017 12:30:21) Run:2
Running from C:\Users\1\Desktop
Loaded Profiles: 1 &  (Available Profiles: 1)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Tcpip\..\Interfaces\{2806c88b-8472-4577-8e3a-a8bd4ab5e7c5}: [NameServer] 35.177.46.238,46.101.28.31,82.202.226.203
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2806c88b-8472-4577-8e3a-a8bd4ab5e7c5}\\NameServer => value removed successfully

The system needed a reboot.
==== End of Fixlog 12:30:32 ====

 

2.  Did a scan with ESET Online Scanner.  Started the scan then left my computer.  When returned my daughter went to my computer before I noticed and closed the scanner, so I don't know what the results of that scan were.  The scan must have completed because no one was in the house after I started the scan.  Anyhow, when I noticed that my daughter had closed the program, I opened and ran the scan again.  This scan says "No threats found" so there is no 'list of threats' option to export.  There are, however, items in Quarantine (40) but it doesn't allow me to copy and paste these items to show you.  Please advise if I should delete quarantined files.

 

3.  How is the computer running?  It seems to be running well.  No pop-ups in Edge, IE, or Chrome.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users