Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/GenKryptik.BERF & NRITMSV Trojan variants - Zero day infection?


  • This topic is locked This topic is locked
6 replies to this topic

#1 Arco-

Arco-

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:14 PM

Posted 21 November 2017 - 03:33 AM

Came from a work email .doc attachment (I was expecting a file from the sender.. just not this file)

Contacted the sender, all they said was 'It seems my account was hacked. Please delete.'

Glasswire saw first-time network activity for 'nslookup.exe' to resolver1.opendns.com (208.67.222.222), so I disconnected from everything immediately and had a feeling my day was about to get real bleepty. 

ESET reports the names in the title, MBAM doesn't even see it - 6/60 on virustotal

 

----------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2017
Ran by LT (administrator) on DEEP-THOUGHT (20-11-2017 23:12:37)
Running from C:\
Loaded Profiles: LT (Available Profiles: LT)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Vivaldi\Application\vivaldi.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
() C:\Program Files (x86)\A-PDF Barcode Split Service\ScanSplitService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
() C:\Program Files (x86)\A-PDF Barcode Split Service\ScanSplitMonitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files\Everything\Everything.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Runtime Software) C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-05-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [Fences] => C:\Program Files\Stardock\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2197608 2017-06-06] ()
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9167864 2016-10-31] (Binary Fortress Software)
HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5753296 2017-08-29] (SecureMix LLC)
HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google)
HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{1B65C291-D071-4ADF-A816-05D5327E6A21}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{547F13B1-2E4D-4AE9-B3E4-8FAB56E607AF}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{D0605328-ABAB-46C0-8133-F910C9BB9B38}: [DhcpNameServer] 192.168.1.254 75.153.171.122
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-02] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-02] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
 
FireFox:
========
FF DefaultProfile: 8i0v79qq.default
FF ProfilePath: C:\Users\LT\AppData\Roaming\Mozilla\Firefox\Profiles\8i0v79qq.default [2017-11-20]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-05-20] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-09-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-02] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @DVR/npmedia,version=3.1.0.5 -> C:\Program Files (x86)\webrec\WEB30\DVR32\3.1.0.5\npmedia.dll [2015-12-17] ()
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.5 -> C:\Program Files (x86)\webrec\WEB30\DVR32\3.1.0.5\npTimeGrid.dll [2015-12-17] (Unauthorized copy)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-08-30] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APDFScanSplitService; C:\Program Files (x86)\A-PDF Barcode Split Service\ScanSplitService.exe [430080 2013-01-04] () [File not signed]
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5103640 2016-10-31] (Binary Fortress Software)
R2 Everything; C:\Program Files\Everything\Everything.exe [2197608 2017-06-06] ()
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4420048 2017-08-29] (SecureMix LLC)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2017-10-01] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803952 2017-11-09] (TeamViewer GmbH)
S3 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com)) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-25] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [779208 2017-10-18] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 7F63B2D66; C:\Windows\System32\drivers\7F63B2D66.sys [478392 2017-09-02] (Kaspersky Lab ZAO)
S3 esihdrv; C:\Users\LT\AppData\Local\Temp\esihdrv.sys [191664 2017-11-20] (ESET) <==== ATTENTION
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-28] (SecureMix LLC)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-11-20] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [14992 2012-08-02] ( )
S3 kvycam_audio_clip; C:\Windows\System32\drivers\kvycam_audio_clip.sys [34016 2016-05-27] (Viktor Kulichkin)
S3 kvycam_driver; C:\Windows\System32\DRIVERS\kvycam_driver.sys [37600 2016-02-26] (Windows ® Win 7 DDK provider)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
S4 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-11-20] (Malwarebytes)
S4 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [115704 2017-10-17] (Wacom Technology, Corp.)
S3 BtAudioBusSrv; System32\Drivers\BtAudioBus.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 DiagTrack; no ImagePath
U4 dmwappushservice; no ImagePath
U4 npcap_wifi; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-20 23:12 - 2017-11-20 23:13 - 000016343 _____ C:\FRST.txt
2017-11-20 23:09 - 2017-11-20 23:12 - 000000000 ____D C:\FRST
2017-11-20 22:35 - 2017-11-20 22:35 - 000001111 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2017-11-20 22:35 - 2017-11-20 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2017-11-20 22:35 - 2017-11-20 22:35 - 000000000 ____D C:\Program Files (x86)\Runtime Software
2017-11-20 22:28 - 2017-11-20 22:28 - 002391552 _____ (Farbar) C:\FRST64.exe
2017-11-20 22:21 - 2017-10-25 09:12 - 002403328 _____ (Farbar) C:\Users\LT\Desktop\FRST64.exe
2017-11-20 13:46 - 2017-11-20 14:07 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-20 10:53 - 2017-11-20 10:53 - 003552049 _____ C:\Users\LT\AppData\Roaming\cached-microdescs
2017-11-20 10:16 - 2017-11-20 20:22 - 000000000 ____D C:\Users\LT\AppData\Roaming\Authmgmt
2017-11-19 09:37 - 2017-11-19 09:37 - 000000000 ____D C:\Users\LT\.memento
2017-11-19 09:37 - 2017-11-19 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memento Database
2017-11-19 09:36 - 2017-11-19 09:37 - 000000000 ____D C:\Program Files\Memento Database
2017-11-17 15:25 - 2017-10-18 00:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-17 15:25 - 2017-10-17 23:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-17 15:25 - 2017-10-17 19:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-17 15:25 - 2017-10-17 19:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-17 15:25 - 2017-10-17 19:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-17 15:25 - 2017-10-17 19:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-17 15:25 - 2017-10-17 19:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-17 15:25 - 2017-10-17 19:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-17 15:25 - 2017-10-17 19:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-17 15:25 - 2017-10-16 16:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-17 15:25 - 2017-10-16 15:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-17 15:25 - 2017-10-16 14:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-17 15:25 - 2017-10-14 01:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-17 15:25 - 2017-10-14 01:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-17 15:25 - 2017-10-14 01:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-17 15:25 - 2017-10-14 01:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-17 15:25 - 2017-10-14 01:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-17 15:25 - 2017-10-14 01:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-17 15:25 - 2017-10-14 01:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-17 15:25 - 2017-10-14 01:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-17 15:25 - 2017-10-14 01:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-17 15:25 - 2017-10-14 01:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-17 15:25 - 2017-10-14 01:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-17 15:25 - 2017-10-14 01:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-17 15:25 - 2017-10-14 01:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-17 15:25 - 2017-10-14 01:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-17 15:25 - 2017-10-14 01:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-17 15:25 - 2017-10-14 01:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-17 15:25 - 2017-10-14 01:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-17 15:25 - 2017-10-14 00:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-17 15:25 - 2017-10-14 00:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-17 15:25 - 2017-10-14 00:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-17 15:25 - 2017-10-14 00:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-17 15:25 - 2017-10-14 00:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-17 15:25 - 2017-10-14 00:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-17 15:25 - 2017-10-14 00:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-17 15:25 - 2017-10-14 00:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-17 15:25 - 2017-10-14 00:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-17 15:25 - 2017-10-14 00:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-17 15:25 - 2017-10-14 00:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-17 15:25 - 2017-10-14 00:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-17 15:25 - 2017-10-14 00:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-17 15:25 - 2017-10-14 00:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-17 15:25 - 2017-10-14 00:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-17 15:25 - 2017-10-14 00:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-17 15:25 - 2017-10-14 00:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-17 15:25 - 2017-10-14 00:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-17 15:25 - 2017-10-14 00:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-17 15:25 - 2017-10-13 23:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-17 15:25 - 2017-10-13 23:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-17 15:25 - 2017-10-13 23:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-17 15:25 - 2017-10-13 23:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-17 15:25 - 2017-10-13 23:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-17 15:25 - 2017-10-13 23:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-17 15:25 - 2017-10-13 23:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-17 15:25 - 2017-10-13 23:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-17 15:25 - 2017-10-13 23:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-17 15:25 - 2017-10-13 23:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-17 15:25 - 2017-10-13 23:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-17 15:25 - 2017-10-13 23:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-17 15:25 - 2017-10-13 23:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-17 15:25 - 2017-10-13 23:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-17 15:25 - 2017-10-13 23:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-17 15:25 - 2017-10-13 23:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-17 15:25 - 2017-10-13 23:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-17 15:25 - 2017-10-13 23:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-17 15:25 - 2017-10-13 23:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-17 15:25 - 2017-10-13 23:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-17 15:25 - 2017-10-13 23:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-17 15:25 - 2017-10-13 23:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-17 15:25 - 2017-10-13 23:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-17 15:25 - 2017-10-13 23:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-17 15:25 - 2017-10-13 23:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-17 15:25 - 2017-10-13 23:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-17 15:25 - 2017-10-13 23:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-17 15:25 - 2017-10-13 23:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-17 15:25 - 2017-10-13 23:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-17 15:25 - 2017-10-13 23:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-17 15:25 - 2017-10-11 17:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-17 15:25 - 2017-10-11 17:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-17 15:25 - 2017-10-11 17:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-17 15:25 - 2017-10-11 17:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-17 15:25 - 2017-10-11 17:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-17 15:25 - 2017-10-11 17:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-17 15:25 - 2017-10-11 17:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-17 15:25 - 2017-10-11 17:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-17 15:25 - 2017-10-11 17:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-17 15:25 - 2017-10-11 17:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-17 15:25 - 2017-10-11 17:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-17 15:25 - 2017-10-11 17:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-17 15:25 - 2017-10-11 17:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-17 15:25 - 2017-10-11 17:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-17 15:25 - 2017-10-11 17:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-17 15:25 - 2017-10-11 17:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-17 15:25 - 2017-10-11 17:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-17 15:25 - 2017-10-11 17:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-17 15:25 - 2017-10-11 17:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-17 15:25 - 2017-10-11 17:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-17 15:25 - 2017-09-07 06:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-15 11:53 - 2017-11-15 12:13 - 000020358 _____ C:\Users\LT\Desktop\Wave - Contacts Sample (1).csv
2017-11-14 21:42 - 2017-11-14 21:42 - 000000000 ____D C:\ProgramData\UniqueId
2017-11-13 18:38 - 2017-11-16 20:11 - 000000000 ____D C:\Users\LT\Desktop\Forms and Templates
2017-11-11 17:42 - 2017-11-11 17:42 - 000000000 ___SD C:\Users\LT\Documents\My Data Sources
2017-11-11 16:55 - 2017-11-11 16:55 - 000003236 _____ C:\Windows\System32\Tasks\Process Explorer-DEEP-THOUGHT-LT
2017-11-11 09:50 - 2017-11-11 17:59 - 000000000 ____D C:\Users\LT\AppData\Local\codevba
2017-11-11 09:45 - 2017-11-11 09:50 - 000000000 ____D C:\Users\LT\AppData\Roaming\codevba
2017-11-11 09:45 - 2017-11-11 09:46 - 000000000 ____D C:\Program Files (x86)\Code VBA
2017-11-10 11:19 - 2017-11-10 11:19 - 000000429 _____ C:\Windows\SysWOW64\MoveOut.ini
2017-11-09 19:12 - 2017-11-16 13:44 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-09 17:34 - 2017-11-09 17:41 - 000000000 ___HD C:\ProgramData\CanonIJScan
2017-11-09 17:19 - 2017-11-09 17:19 - 000000000 ___HD C:\Program Files\CanonBJ
2017-11-09 17:19 - 2012-09-21 09:33 - 000321024 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLL.dll
2017-11-09 17:19 - 2012-05-25 09:21 - 000103936 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLU.dll
2017-11-09 17:19 - 2012-05-15 15:58 - 000098048 _____ C:\Windows\SysWOW64\CNC176BD.TBL
2017-11-09 17:19 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2017-11-09 17:08 - 2017-11-09 17:41 - 000000000 ___HD C:\ProgramData\CanonIJMIG
2017-11-09 17:08 - 2017-11-09 17:34 - 000000000 ____D C:\Users\LT\AppData\Roaming\Canon
2017-11-09 17:02 - 2017-11-09 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-11-09 17:02 - 2017-11-09 17:19 - 000000000 ____D C:\Program Files (x86)\Canon
2017-11-09 17:02 - 2017-11-09 17:02 - 000000000 ____D C:\Program Files\Canon
2017-11-09 08:50 - 2017-11-09 08:50 - 000000000 ____D C:\Program Files (x86)\ArdfryImaging
2017-11-09 08:48 - 2017-11-09 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSD Codec by Ardfry Imaging
2017-11-09 08:48 - 2017-11-09 08:48 - 000000000 ____D C:\Viewers
2017-11-09 08:48 - 2017-11-09 08:48 - 000000000 ____D C:\Program Files\ArdfryImaging
2017-11-09 08:23 - 2017-11-09 08:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A-PDF Barcode Split Service
2017-11-09 08:23 - 2017-11-09 08:23 - 000000000 ____D C:\Program Files (x86)\A-PDF Barcode Split Service
2017-11-09 08:23 - 2012-07-09 14:35 - 000102400 _____ (www.metois.com) C:\Windows\SysWOW64\EymBarcodeReader.ocx
2017-11-08 09:50 - 2017-11-08 09:50 - 000060573 _____ C:\Users\LT\Desktop\Shortcut.txt
2017-11-08 09:09 - 2017-11-08 09:09 - 000000000 ____D C:\Users\Public\Documents\Logishrd
2017-11-05 20:58 - 2017-11-06 16:13 - 000000000 ____D C:\Users\LT\AppData\Roaming\Everything
2017-11-05 20:58 - 2017-11-06 16:13 - 000000000 ____D C:\Users\LT\AppData\Local\Everything
2017-11-05 18:25 - 2017-11-05 20:11 - 004325376 _____ C:\Users\LT\Documents\Database3.accdb
2017-11-05 18:24 - 2017-11-05 18:24 - 000344064 _____ C:\Users\LT\Documents\Database2.accdb
2017-11-05 18:23 - 2017-11-05 18:23 - 003637248 _____ C:\Users\LT\Documents\Database.mdb
2017-11-05 18:17 - 2017-11-05 18:23 - 000000000 _____ C:\Users\LT\Documents\Updated
2017-11-05 10:07 - 2017-11-05 10:07 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sy
2017-11-05 09:22 - 2017-11-16 10:23 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-05 09:22 - 2017-11-13 14:20 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-11-05 09:22 - 2017-11-07 16:14 - 000000000 ____D C:\Users\LT\AppData\Roaming\TeamViewer
2017-11-05 09:21 - 2017-11-05 09:21 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-11-02 16:41 - 2017-11-02 16:41 - 000000000 ____D C:\Users\LT\AppData\Local\GHISLER
2017-11-02 16:40 - 2017-11-03 12:51 - 000000000 ____D C:\Users\LT\AppData\Roaming\GHISLER
2017-11-02 15:36 - 2017-11-20 13:23 - 000000000 ____D C:\Program Files\Everything
2017-11-02 07:16 - 2017-11-17 15:26 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-02 07:10 - 2017-09-13 08:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-11-02 07:10 - 2017-09-13 08:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-11-02 07:10 - 2017-09-13 08:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-11-02 07:10 - 2017-09-13 08:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-11-02 07:10 - 2017-09-13 08:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-11-02 07:10 - 2017-09-13 08:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-11-02 07:10 - 2017-09-13 08:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-11-02 07:10 - 2017-09-13 08:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-11-02 07:10 - 2017-09-13 08:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-11-02 07:10 - 2017-09-13 08:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 08:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-11-02 07:10 - 2017-09-13 08:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-11-02 07:10 - 2017-09-13 08:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-11-02 07:10 - 2017-09-13 08:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-11-02 07:10 - 2017-09-13 08:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-11-02 07:10 - 2017-09-13 07:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-11-02 07:10 - 2017-09-13 07:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-11-02 07:10 - 2017-09-13 07:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-11-02 07:10 - 2017-09-13 07:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-11-02 07:10 - 2017-09-13 07:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-11-02 07:10 - 2017-09-13 07:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-11-02 07:10 - 2017-09-13 07:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-11-02 07:10 - 2017-09-13 07:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-11-02 07:10 - 2017-09-13 07:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-11-02 07:10 - 2017-09-13 07:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-11-02 07:10 - 2017-09-13 07:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-11-02 07:10 - 2017-09-13 07:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-11-02 07:10 - 2017-09-13 07:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 07:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 07:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 07:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-11-02 07:10 - 2017-09-13 07:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-11-02 07:10 - 2017-09-08 08:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-11-02 07:10 - 2017-09-08 08:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-11-02 07:10 - 2017-09-08 07:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-11-02 07:10 - 2017-09-08 07:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-11-02 07:10 - 2017-09-07 08:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-11-02 07:10 - 2017-09-07 08:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-11-02 07:10 - 2017-09-07 07:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-11-02 07:10 - 2017-09-07 07:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-11-02 07:10 - 2017-09-07 07:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-11-02 07:10 - 2017-08-19 08:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-11-02 07:10 - 2017-08-19 08:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-11-02 07:10 - 2017-08-19 08:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-11-02 07:10 - 2017-08-19 08:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-11-02 07:10 - 2017-08-19 08:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-11-02 07:10 - 2017-08-19 08:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-11-02 07:10 - 2017-08-19 08:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-11-02 07:10 - 2017-08-19 08:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-11-02 07:10 - 2017-08-19 07:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-11-02 07:10 - 2017-08-19 07:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-11-02 07:10 - 2017-08-14 10:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-11-02 07:10 - 2017-08-14 10:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-11-02 07:10 - 2017-08-14 10:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-11-02 07:10 - 2017-08-13 14:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-10-28 14:44 - 2017-10-28 14:45 - 000000000 ____D C:\Users\LT\Desktop\Sound
2017-10-28 14:13 - 2017-10-28 14:13 - 000000000 ____D C:\Users\LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2
2017-10-25 13:51 - 2017-11-05 07:10 - 000000000 ____D C:\Program Files (x86)\NirSoft
2017-10-25 13:09 - 2017-10-25 13:09 - 000150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TLBINF32.DLL
2017-10-23 13:19 - 2017-10-23 13:34 - 000000000 ____D C:\Users\LT\Documents\TestEx
2017-10-22 14:48 - 2017-10-22 15:05 - 000000000 ____D C:\Users\LT\AppData\Roaming\MuseScore
2017-10-22 14:48 - 2017-10-22 14:48 - 000000000 ____D C:\Users\LT\Documents\MuseScore2
2017-10-21 18:02 - 2017-10-21 18:03 - 000016384 ___SH C:\Users\Public\Thumbs.db
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-20 23:11 - 2017-05-19 09:26 - 000000000 ___RD C:\Users\LT\Google Drive
2017-11-20 22:49 - 2009-07-13 21:45 - 000034528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-20 22:49 - 2009-07-13 21:45 - 000034528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-20 22:48 - 2009-07-13 22:13 - 000785858 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-20 22:48 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-11-20 22:41 - 2017-10-12 08:38 - 000000441 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-11-20 22:41 - 2017-07-29 18:22 - 000000000 ____D C:\Users\LT\AppData\Roaming\WTablet
2017-11-20 22:41 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-20 22:14 - 2017-05-19 09:06 - 000000000 ____D C:\Users\LT
2017-11-20 13:46 - 2017-09-05 10:16 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-11-20 13:46 - 2016-11-04 15:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-20 13:05 - 2017-06-12 18:50 - 000000000 ____D C:\Users\LT\AppData\Local\CrashDumps
2017-11-20 11:27 - 2017-05-19 09:28 - 000000000 ____D C:\Users\LT\AppData\Roaming\KeePass
2017-11-20 11:18 - 2017-05-19 13:16 - 000000000 ____D C:\Users\LT\AppData\LocalLow\Mozilla
2017-11-20 11:18 - 2016-11-04 15:01 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-11-18 10:36 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2017-11-17 17:08 - 2017-09-02 10:45 - 005165224 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-17 15:34 - 2016-11-04 14:16 - 000000000 ____D C:\Windows\system32\MRT
2017-11-17 15:26 - 2016-11-04 14:16 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-17 15:15 - 2017-06-19 09:30 - 000001456 _____ C:\Users\LT\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-11-17 08:46 - 2017-05-20 11:29 - 000000000 ____D C:\Users\LT\AppData\Local\TogglDesktop
2017-11-16 18:21 - 2017-05-04 07:22 - 000000000 ____D C:\Program Files (x86)\Ablebits
2017-11-16 15:48 - 2017-09-03 18:49 - 000000000 ____D C:\Users\LT\Documents\ShareX
2017-11-16 13:44 - 2016-11-02 18:50 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-16 10:42 - 2017-05-03 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-11-15 01:48 - 2017-05-20 18:38 - 000000132 _____ C:\Users\LT\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-11-14 05:35 - 2017-05-03 11:29 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 05:35 - 2017-05-03 11:29 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-12 15:34 - 2017-10-12 08:59 - 000000000 ____D C:\Users\LT\AppData\Local\ElevatedDiagnostics
2017-11-09 17:27 - 2017-05-01 17:54 - 000000000 ____D C:\ProgramData\ABBYY
2017-11-09 17:19 - 2009-07-13 20:20 - 000000000 __RSD C:\Windows\Media
2017-11-09 12:29 - 2017-09-02 10:46 - 000149736 _____ C:\Users\LT\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-08 09:39 - 2016-11-02 17:57 - 000003028 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2017-11-08 08:37 - 2009-07-13 20:20 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-07 16:27 - 2017-07-14 14:53 - 000000000 ____D C:\Users\LT\Documents\Outlook Files
2017-11-07 09:56 - 2017-09-02 10:47 - 000000000 ____D C:\Users\LT\AppData\Local\VirtualStore
2017-11-05 18:27 - 2017-05-22 14:30 - 000000000 ____D C:\Users\LT\AppData\Local\Microsoft Help
2017-11-04 15:46 - 2017-09-03 08:42 - 000000000 ____D C:\Users\LT\AppData\Roaming\vlc
2017-11-03 13:24 - 2017-10-09 08:36 - 000000000 ____D C:\Program Files\Macrium
2017-11-03 13:24 - 2017-10-09 07:21 - 000000000 ____D C:\ProgramData\Macrium
2017-11-02 07:39 - 2017-07-29 15:43 - 000007597 _____ C:\Users\LT\AppData\Local\Resmon.ResmonCfg
2017-11-02 07:32 - 2017-05-19 13:39 - 000000000 ____D C:\Users\LT\AppData\Roaming\Kodi
2017-11-02 07:14 - 2016-11-03 14:52 - 000778472 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-10-31 11:04 - 2017-07-21 14:44 - 000002236 ____H C:\Users\LT\Documents\Default.rdp
2017-10-30 11:36 - 2017-05-20 15:47 - 000000000 ____D C:\Users\LT\AppData\Local\Sublime Text 3
2017-10-30 07:56 - 2017-08-03 13:58 - 000000000 ____D C:\Users\LT\AppData\Roaming\foobar2000
2017-10-28 14:50 - 2017-08-13 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peace
2017-10-28 14:22 - 2017-08-21 17:14 - 000000000 ____D C:\Users\LT\AppData\Local\DisplayFusion
2017-10-28 14:15 - 2017-08-13 11:11 - 000000000 ____D C:\Program Files\EqualizerAPO
2017-10-24 06:30 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2017-10-21 18:01 - 2017-05-20 07:15 - 000000000 ____D C:\Users\LT\Desktop\Backgrounds
 
==================== Files in the root of some directories =======
 
2017-07-31 12:43 - 2017-08-03 19:01 - 000000132 _____ () C:\Users\LT\AppData\Roaming\Adobe BMP Format CS6 Prefs
2017-07-25 19:56 - 2017-07-25 19:56 - 000000132 _____ () C:\Users\LT\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2017-05-20 18:38 - 2017-11-15 01:48 - 000000132 _____ () C:\Users\LT\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-11-20 10:53 - 2017-11-20 10:53 - 003552049 _____ () C:\Users\LT\AppData\Roaming\cached-microdescs
2017-07-18 14:23 - 2017-07-18 14:23 - 000000642 _____ () C:\Users\LT\AppData\Roaming\Contact Sheet II.xml
2017-07-18 14:23 - 2017-07-18 14:23 - 000006038 _____ () C:\Users\LT\AppData\Roaming\ContactSheetII.log
2017-06-25 16:04 - 2017-09-23 09:52 - 000007859 _____ () C:\Users\LT\AppData\Roaming\pcouffin.cat
2017-06-25 16:04 - 2017-09-23 09:52 - 000001167 _____ () C:\Users\LT\AppData\Roaming\pcouffin.inf
2017-06-25 16:04 - 2017-09-23 09:52 - 000000055 _____ () C:\Users\LT\AppData\Roaming\pcouffin.log
2017-06-25 16:04 - 2017-09-23 09:52 - 000082816 _____ (VSO Software) C:\Users\LT\AppData\Roaming\pcouffin.sys
2017-06-19 09:30 - 2017-11-17 15:15 - 000001456 _____ () C:\Users\LT\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-11-05 17:46 - 2017-11-05 17:46 - 000000008 ____H () C:\Users\LT\AppData\Local\L8457789160
2017-07-29 21:14 - 2017-07-29 21:14 - 000001531 _____ () C:\Users\LT\AppData\Local\recently-used.xbel
2017-07-29 15:43 - 2017-11-02 07:39 - 000007597 _____ () C:\Users\LT\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-19 00:11
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by LT (20-11-2017 23:14:26)
Running from C:\
Windows 7 Professional Service Pack 1 (X64) (2016-11-03 00:12:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4070443168-3121249311-1701499699-500 - Administrator - Disabled)
LT (S-1-5-21-4070443168-3121249311-1701499699-1003 - Administrator - Enabled) => C:\Users\LT
Guest (S-1-5-21-4070443168-3121249311-1701499699-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ablebits.com Ultimate Suite for Microsoft Excel (HKLM-x32\...\{F2A020E7-840B-4895-9500-FCD14C5D6BEF}) (Version: 16.4.484 - Add-in Express Ltd)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\{642DD84E-9F7B-4699-90A6-8256A4B156F0}) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\{B8ED0CDE-765A-4050-BC45-D7C4B226F73E}) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
A-PDF Barcode Split Service (HKLM-x32\...\A-PDF Barcode Split Service_is1) (Version:  - A-PDF Solution)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
BbeXtreme (HKLM-x32\...\{E15A3E1F-9066-4B1E-B85F-BC89443B2905}) (Version: 12.5.0 - Bluebeam Software) 
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bluebeam Revu x64 12 (HKLM\...\{8F81B206-1111-4EFA-8431-42BB992C5D76}) (Version: 12.5.0 - Bluebeam Software) Hidden
Bluebeam Revu x64 12 (HKLM-x32\...\InstallShield_{8F81B206-1111-4EFA-8431-42BB992C5D76}) (Version: 12.5.0 - Bluebeam Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{F12B37DA-4B58-48B7-9557-F51E9D62C898}) (Version: 3.6.0 - Kovid Goyal)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Code VBA 7.0 (HKLM-x32\...\{20AD3118-D7A2-43C5-940F-DB63C09405D9}) (Version: 7.1.44 - 4TOPS)
CutStudio (HKLM-x32\...\{AB84E88F-89CA-4002-A6F4-422C2C8CB1F8}) (Version:  - )
DisplayFusion 8.1.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 8.1.1.0 - Binary Fortress Software)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.60.000 - Runtime Software)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 10.5.10.0 (HKLM\...\Elantech) (Version: 10.5.10.0 - ELAN Microelectronic Corp.)
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
f.lux (HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\Flux) (Version:  - )
Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}) (Version: 16.0.2.205 - FileMaker, Inc.) Hidden
FileMaker Pro 16 (HKLM-x32\...\{13552F4B-487E-49C0-9DCB-A6A3DC74110C}_FileMaker) (Version: 16.0.2.205 - FileMaker, Inc.)
Firmware Downloader and ZBI Key Manager (HKLM-x32\...\{B6495FE3-4F01-44B8-BD43-F3D3CA053BC5}) (Version: 3.0.1.9 - Zebra Technologies) Hidden
Firmware Downloader and ZBI Key Manager (HKLM-x32\...\Firmware Downloader and ZBI Key Manager) (Version: 3.0.1.9 - Zebra Technologies LLC)
foobar2000 v1.3.16 (HKLM-x32\...\foobar2000) (Version: 1.3.16 - Peter Pawlowski)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.118 - SecureMix LLC)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPL Ghostscript Lite 9.14.17 (HKLM\...\GPL Ghostscript Lite_is1) (Version:  - Free Distribution)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KeePass Password Safe 2.37 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.37 - Dominik Reichl)
K-Lite Codec Pack 13.3.3 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.3.3 - KLCP)
Kodi (HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\Kodi) (Version:  - XBMC-Foundation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Memento Database Desktop version 1.1.0 (HKLM\...\Memento Database Desktop_is1) (Version: 1.1.0 - )
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Thunderbird 52.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-US)) (Version: 52.4.0 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Writer - bioPDF 7.1.0.1082 (HKLM\...\PDF Writer - bioPDF_is1) (Version:  - bioPDF)
Peace (HKLM\...\Peace) (Version: 1.4.3.5 - P.E. Verbeek)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version:  - Photodex Corporation)
ProShow Producer version 9.0.3771 (HKLM-x32\...\{FA5A80C8-503C-4108-BD24-AF546719BF3F}_is1) (Version: 9.0.3771 - Photodex)
PSD Codec by Ardfry Imaging, LLC (32 bit) (HKLM-x32\...\{B622A8BB-C77B-4F03-B512-8B70A6760BD9}) (Version: 1.0.17.0 - Ardfry Imaging, LLC) Hidden
PSD Codec by Ardfry Imaging, LLC (64 bit) (HKLM\...\{72383075-FF31-4B87-BD94-8CFC347A1C19}) (Version: 1.0.17.0 - Ardfry Imaging, LLC) Hidden
PSD CODEC Version 1.7.0.0 (HKLM\...\Ardfry PSD CODEC_is1) (Version: 1.7.0.0 - Ardfry Imaging, LLC)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Roland STIKA DRIVER [SV-12] (HKLM-x32\...\{1DF6ADC4-3691-4FA0-9F25-9276333609CD}) (Version: 1.30.0000 - Roland DG Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.9.1 - ShareX Team)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.88438 - TeamViewer)
Toggl Desktop (HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\TogglDesktop) (Version:  - Toggl)
Virtual Router v1.0 (HKLM-x32\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
Vivaldi (HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\Vivaldi) (Version: 1.9.818.50 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.25-5 - Wacom Technology Corp.)
Windows Journal (HKLM\...\{DDB2B280-7947-42CF-92F6-A96003588F69}) (Version: 10.0.237.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
ZebraDesigner Pro 2 (HKLM-x32\...\{CB75B065-D5DB-4D6D-8B72-36F6C55FE601}) (Version: 2.5.0.9325 - Zebra Technologies Corporation) Hidden
ZebraDesigner Pro 2 (HKLM-x32\...\ZebraDesigner Pro 2) (Version: 2.5.0.9325 - Zebra Technologies Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{0045B4D9-BA8C-3069-8559-866EFAAC2E41}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{03FD2EFF-E668-3B9B-8116-EBC8BE84C99B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{07E2883A-7DD3-354F-A731-B91320F64F09}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{0FCEC664-F780-3AF4-AF67-55F906234790}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{11A1A093-EF58-3778-8BF2-A51259BED415}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{12877337-5FC2-3BC7-935B-681516BB6314}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{1FC22A66-FE7F-35A6-9388-00BCA9D73EA3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{20DE22E0-135C-333A-ADFF-7DCC932CC253}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{26D9CC59-FFE5-36F2-919F-D5BEDABB71A8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{287C39FC-2B1C-3076-936F-C2B0BD08D70E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{2D1482DE-1144-3129-8A4E-2EBF1E0C3CD1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{2D3DC66B-1614-39EF-AE06-30A32BC2DC87}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{2FFDF364-EF38-3916-9CDB-3E2DE5AC7DC3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{300216E5-D02D-3B66-BD6D-3BE785ADB217}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{31F7619D-F1EF-30A5-BF69-8854E4FB067E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{321D4458-053A-3E6A-BAFA-C1F789C4153D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{3D617CE6-C7CF-4B1D-86B4-BF8C8C530210}\InprocServer32 -> C:\Program Files (x86)\Ablebits\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{3DC8D899-5909-34E2-8A76-13E718968495}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{43BA05C6-983D-3935-8E0D-0FFD96A26BE4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{488E398F-7846-3D35-B4ED-1C4DC5D67AA8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{4F02CEAC-0647-3A4F-BEFA-C6B150A480F7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{4FC22687-8B8F-322B-9B46-1F577D781EA1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{51177181-08ED-3D2C-B38E-2394C70160AA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{54ACD037-3855-3542-BBB9-A8965D7303EC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{56A936DE-8A07-32F5-BB00-E19FF7131FF3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{5715FBBA-BC61-3D39-BBD7-52B76F03313C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{5823CA10-6302-33FB-83F7-F1B6328C192F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{5ADCB1B8-27E4-3E19-BB1F-CBB1B0550D7F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{5BFAB51E-41AD-3D59-BF5A-91BEF3B4E4C4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{625CBB1D-2D57-34D8-939B-2275C0988447}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{63BDDF6C-C557-3096-B598-3037A19C4FE3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{6599765C-9878-3CF0-80C6-D2D138390AE5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{67038E65-0574-3CC6-94C0-58638350873A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{6A80A88B-8001-3015-AE16-2A5F29AC87B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{6BE0C6A4-2E70-341A-AD1B-795CFA32135F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{6FD58A90-A24C-38A2-A23F-FE56D71FD92D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{7254EF86-4DB6-34DF-B306-7F8047079464}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{79280FD0-7017-3F54-9844-1073B710C63D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{7AC6AF8A-B2E0-31BA-B859-4FB2E66ECFCC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{7C12DF8F-DA41-33E2-84E1-294661D3A7E6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{81705503-007F-3CA8-BB65-579B86791E69}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{8670DE5A-CF8D-3BCA-A913-983BF9CB4971}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{88C7C9D0-9FE0-3EC8-85AA-2BC76F6597E7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{900363DB-A42F-3E75-A921-74ED66763760}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{9C6FA6EC-6F73-348D-BC74-A09F7C94F7AC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{A7438874-7DA0-326B-96C0-63C449862C18}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{A93BAA34-0843-3DE3-9F5A-FF249E41C885}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{A9AE6EB5-DFF4-3988-9500-453775F5B3E2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{AFB6E014-63BA-35F6-B11D-395F5FB71D1F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{B0474813-C7CA-365C-8E96-002D9AE85937}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{B4806774-0413-33D2-BA4D-E963C3B3EBA9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{B8F9AA9C-776E-3F96-A693-151F9BD803B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{BAAFD54E-3E00-37C0-9A86-A6482A732769}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{BDCCF4A5-DFC1-3F84-AB98-651F6D77F159}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{BE6C206B-6AD0-33D4-A408-35B9EFE262E6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{BE71CB61-AD24-30EB-9945-0F9EB76EF53C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{C496C6DC-4063-3053-818A-6B944CB796C1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{C6614F8B-EEBA-383D-8E01-D930D3C98650}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{C6767C2E-5B93-3563-8B4E-D5AA281DECA1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{C73A9005-C966-34C2-95A7-5DBF43E18572}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{CA027201-87F5-3F1F-B5D6-7A24C1E30A9D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{CC66D6CF-4B79-38C7-8D00-F00A758BEDEA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{D1DDAEC2-A75B-3E15-AE90-4743065AC9D3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{D59753C8-4694-3FDF-A243-4F1A81B98537}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{D63AE62B-67CD-31B4-9C39-2326F05FB4F8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{D88F7D12-10D2-3C5D-96E2-06CCB6530134}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{D8EF93AE-8D53-31BC-8FF5-A25A2B4C4E6A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{D93BFA3C-F751-31A7-829C-9D61A97AD5C3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{D97EF3DF-48DF-3BF6-9E67-8A02F1542179}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{DAF07FB7-5F64-35A9-8040-47B5ACA24E03}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{DBE95724-C5BD-31F0-BEA4-F871CE7EBE09}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{DFC09CFC-05C7-3032-9033-FA9C3B5D4EE9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{E1D71666-5D26-32D6-B552-C11AB4C7A0C4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{E2DCF7AF-22C1-3B6E-BAD7-77A858AFE1D9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{E3F6F520-9CF0-39B6-A4AA-C7CE23385DD2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{E6AC0222-1899-3EBA-A0F6-C680DD21F749}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{E962C5AF-7877-3EFA-89DF-E5FEEC1E0862}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{EDBA4B67-A29D-342F-8E45-26A74F758AF4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{F024FA55-9770-32A7-AADA-52B73794E898}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{F2D6B43E-6C7E-3318-9CAA-F1D5BB747F17}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{F62A453E-6CCB-34F3-A32A-357D9575BBE8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{F948488C-EEA6-3FA1-A188-3C5FF02F646D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{F9618249-0285-32D0-BA62-0EEE7E97333E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{F9E5A74D-8E71-37D3-BECE-9169C49DF54E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{FAD484FA-DEE7-346D-8FF9-AEBCA34660BE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{FCA5262F-51F3-3BA6-B3E4-92C5839EF36B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003_Classes\CLSID\{FE490DC0-ECB2-30F3-B1E3-8EF12DEA835B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-18] ()
ContextMenuHandlers1: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files\Stardock\FencesMenu64.dll [2013-11-26] (Stardock)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers4: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files\Stardock\FencesMenu64.dll [2013-11-26] (Stardock)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers5: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files\Stardock\FencesMenu64.dll [2013-11-26] (Stardock)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Intel Corporation)
ContextMenuHandlers6: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files\Stardock\FencesMenu64.dll [2013-11-26] (Stardock)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3E047A5E-E65E-4411-B798-2F5EFCE6F52C} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe
Task: {3F940C0F-F2D9-46DB-96A7-2D382C3304BF} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
Task: {52EFD9CE-4E74-462C-8019-8975720C43EF} - System32\Tasks\Process Explorer-DEEP-THOUGHT-LT => C:\USERS\LT\DESKTOP\PROGRAMS\SYSINTERNALS\PROCESSEXPLORER\PROCEXP.EXE [2017-05-01] (Sysinternals - www.sysinternals.com)
Task: {5F8A2351-BF79-4AF6-968B-E86387BFAF5E} - System32\Tasks\AdobeAAMUpdater-1.0-Wombat-PC-Wombat => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {634D4635-65AB-4C48-B474-698FBC16E257} - \eM Client Database Backup (S-1-5-21-4070443168-3121249311-1701499699-1003) -> No File <==== ATTENTION
Task: {8094901D-1EEA-4098-8378-7E137C57343E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-03] (Google Inc.)
Task: {82702E00-A039-4116-A86A-F12E919961AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-03] (Google Inc.)
Task: {9F814E5E-7233-4BA1-A0AD-EE5B099F237D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-10-05] (Adobe Systems Incorporated)
Task: {9FECC67C-65C0-43F5-A9DC-995D43F63E42} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
Task: {A2FE6169-C0DE-4D51-B72E-082079996045} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B140FD3E-7B32-45DD-A527-B715A1A223D7} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {F96CF04D-1DBC-48A5-A856-1D28AD7C8D8B} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-07-07] ()
Task: {FF1466D2-AED3-4316-A8BD-88A49F6C43BB} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-06-18 14:44 - 2017-06-18 14:44 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-11-09 08:23 - 2013-01-04 18:08 - 000430080 _____ () C:\Program Files (x86)\A-PDF Barcode Split Service\ScanSplitService.exe
2017-11-09 08:23 - 2013-01-04 18:08 - 003926016 _____ () C:\Program Files (x86)\A-PDF Barcode Split Service\ScanSplitMonitor.exe
2012-02-22 14:18 - 2012-02-22 14:18 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-11-02 15:36 - 2017-06-06 18:42 - 002197608 _____ () C:\Program Files\Everything\Everything.exe
2016-11-03 21:38 - 2011-12-16 10:02 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2017-08-30 20:08 - 2017-10-01 23:15 - 000186760 _____ () C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
2017-07-29 18:20 - 2017-10-18 10:35 - 001658312 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-07-19 12:55 - 2017-07-19 12:55 - 000665088 _____ () C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2015-11-22 13:05 - 2015-11-22 13:05 - 001530880 _____ () C:\Program Files\EqualizerAPO\libsndfile-1.dll
2017-07-08 03:52 - 2017-07-08 03:52 - 002983917 _____ () C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2017-08-29 08:54 - 2017-08-29 08:54 - 000178128 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2016-11-03 21:37 - 2011-12-16 09:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\7F63B2D66.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\7F63B2D66.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\w32time => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WUAUSERV => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-11-20 13:28 - 2017-11-20 13:28 - 000000834 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\LT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: BlueSoleilCS => 2
MSCONFIG\Services: BsHelpCS => 3
MSCONFIG\Services: hvasrv => 2
MSCONFIG\Services: KVYcamService => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: ProductAgentService => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: ZAMSvc => 2
MSCONFIG\startupfolder: C:^Users^LT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fences.lnk => C:\Windows\pss\Fences.lnk.Startup
MSCONFIG\startupfolder: C:^Users^LT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShareX.lnk => C:\Windows\pss\ShareX.lnk.Startup
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
MSCONFIG\startupreg: f.lux => "C:\Users\LT\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass\KeePass.exe" --preload
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{51637CEE-BE76-43D4-B2A4-BD6D8A8EF0CF}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{255AF41A-7477-401B-A92D-DB0279ADCFF2}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{E507BE65-5FE1-488B-B3CE-0FC201D34054}] => (Block) c:\program files (x86)\eset\eset online scanner\onlinecmdlinescanner.exe
FirewallRules: [{4E083CFA-CDC5-4A4D-95A1-984F53E1991D}] => (Block) c:\program files (x86)\eset\eset online scanner\onlinecmdlinescanner.exe
 
==================== Restore Points =========================
 
26-09-2017 20:32:51 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
26-09-2017 20:33:21 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
19-10-2017 15:32:49 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
19-10-2017 15:33:13 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
22-10-2017 14:47:31 Installed MuseScore 2
25-10-2017 13:25:26 Windows Update
31-10-2017 11:31:11 Windows Update
02-11-2017 07:10:43 Windows Update
09-11-2017 08:48:53 Installed PSD Codec by Ardfry Imaging, LLC (64 bit)
09-11-2017 08:49:42 Installed PSD Codec by Ardfry Imaging, LLC (32 bit)
11-11-2017 09:45:04 Installed Code VBA 7.0
12-11-2017 23:10:41 Windows Update
17-11-2017 09:36:19 Windows Update
17-11-2017 15:25:49 Windows Update
20-11-2017 06:21:57 Windows Update
20-11-2017 10:27:07 Revo Uninstaller Pro's restore point - WinZip 22.0
20-11-2017 10:27:45 Removed WinZip 22.0.
 
==================== Faulty Device Manager Devices =============
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/20/2017 10:41:52 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/20/2017 10:41:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\LT\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_2b180b30457f196c.manifest.
 
Error: (11/20/2017 10:22:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\LT\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_2b180b30457f196c.manifest.
 
Error: (11/20/2017 09:33:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\LT\Desktop\B&S\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_2b180b30457f196c.manifest.
 
Error: (11/20/2017 09:12:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
System errors:
=============
Error: (11/20/2017 10:42:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/20/2017 09:13:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (11/20/2017 09:11:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (11/20/2017 09:11:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (11/20/2017 09:11:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (11/20/2017 09:11:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (11/20/2017 09:11:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (11/20/2017 09:11:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (11/20/2017 09:11:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (11/20/2017 09:11:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-23 12:22:23.566
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-23 12:22:23.488
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-13 12:12:45.860
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-13 12:12:45.730
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-13 12:12:07.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 11723.68 MB
Available physical RAM: 9285.73 MB
Total Virtual: 23445.54 MB
Available Virtual: 21013.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:484.55 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive h: () (Fixed) (Total:931.41 GB) (Free:817.44 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 21 November 2017 - 09:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
S3 BtAudioBusSrv; System32\Drivers\BtAudioBus.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 DiagTrack; no ImagePath
U4 dmwappushservice; no ImagePath
U4 npcap_wifi; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys
Task: {634D4635-65AB-4C48-B474-698FBC16E257} - \eM Client Database Backup (S-1-5-21-4070443168-3121249311-1701499699-1003) -> No File <==== ATTENTION
Task: {B140FD3E-7B32-45DD-A527-B715A1A223D7} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {FF1466D2-AED3-4316-A8BD-88A49F6C43BB} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
===

Please post the log and let me know of any issues with this computer.

#3 Arco-

Arco-
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:14 PM

Posted 21 November 2017 - 01:12 PM

Hello,

Java is now uninstalled and disabled in browsers.

I ran your the Fixlist, should I have enabled my adapters first?

 

 

---------------------------

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by LT (21-11-2017 10:58:08) Run:1
Running from C:\
Loaded Profiles: LT (Available Profiles: LT)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-4070443168-3121249311-1701499699-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
S3 BtAudioBusSrv; System32\Drivers\BtAudioBus.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 DiagTrack; no ImagePath
U4 dmwappushservice; no ImagePath
U4 npcap_wifi; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys
Task: {634D4635-65AB-4C48-B474-698FBC16E257} - \eM Client Database Backup (S-1-5-21-4070443168-3121249311-1701499699-1003) -> No File <==== ATTENTION
Task: {B140FD3E-7B32-45DD-A527-B715A1A223D7} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {FF1466D2-AED3-4316-A8BD-88A49F6C43BB} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-4070443168-3121249311-1701499699-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully
HKLM\Software\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found. 
HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin => key removed successfully
HKLM\System\CurrentControlSet\Services\BtAudioBusSrv => key removed successfully
BtAudioBusSrv => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\DiagTrack => key removed successfully
DiagTrack => service removed successfully
HKLM\System\CurrentControlSet\Services\dmwappushservice => key removed successfully
dmwappushservice => service removed successfully
HKLM\System\CurrentControlSet\Services\npcap_wifi => key removed successfully
npcap_wifi => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully
ZAM_Guard => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{634D4635-65AB-4C48-B474-698FBC16E257} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{634D4635-65AB-4C48-B474-698FBC16E257} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eM Client Database Backup (S-1-5-21-4070443168-3121249311-1701499699-1003) => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B140FD3E-7B32-45DD-A527-B715A1A223D7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B140FD3E-7B32-45DD-A527-B715A1A223D7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FF1466D2-AED3-4316-A8BD-88A49F6C43BB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF1466D2-AED3-4316-A8BD-88A49F6C43BB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => key removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
The operation failed as no adapter is in the state permissible for 
this operation.
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
The operation failed as no adapter is in the state permissible for 
this operation.
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
Reseting Interface, OK!
Reseting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 222873921 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2669 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 16674 B
LocalService => 80111 B
NetworkService => 160626 B
LT => 44142054 B
 
RecycleBin => 0 B
EmptyTemp: => 254.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 

==== End of Fixlog 10:59:02 ==== 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 21 November 2017 - 01:30 PM



Hi,

I ran your the Fixlist, should I have enabled my adapters first?

Which adapters?

How is the computer running now?

#5 Arco-

Arco-
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:14 PM

Posted 21 November 2017 - 02:53 PM

Which adapters?

 

My LAN & wireless adapters.

I disabled them yesterday once I saw there was a network connection to France.

 

How is the computer running now?

 

Well it wasn't ever really running badly (as in not slow, at least not anything noticeable)

Its the new network connections that scare me - there is information on my computer that should not be accessible to anyone who isn't part of the organization I'm with



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 22 November 2017 - 07:41 AM

Just to make sure all is clean, run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 28 November 2017 - 09:12 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users