Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searches redirected and pop-ups


  • This topic is locked This topic is locked
4 replies to this topic

#1 RichieP

RichieP

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 20 December 2017 - 04:14 AM

Hi there

 

Hopefully someone can help.

 

I'm using Firefox as my browser. When I do a Google search the results return as normal for about half a second, then get replaced and some very small text at the top says Ads by Free with an X to close.

 

I've runs scans with Zemana, Malwarebytes and Adware Cleaner but still the same.

 

I'm running the Malwarebytes trial and keep getting a pop-up blocked for piet2eix3l.com.

 

Thanks in advance.

 

FRST and Additions logs below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Sony (administrator) on SONY-PC (20-12-2017 08:53:02)
Running from C:\Users\Sony\Downloads
Loaded Profiles: Sony (Available Profiles: Sony)
Platform: Windows 10 Home Version 1607 14393.1944 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
() C:\Program Files (x86)\Livedrive\VSSService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe
(Livedrive Ltd) C:\Program Files (x86)\Livedrive\Livedrive.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Lenovo) C:\Users\Sony\AppData\Local\Apps\2.0\5TB7KOCE.OTX\0WNOKNCY.BXC\lsb...tion_2d7b41b05b24775e_0001.0006_695f2459c271690a\LSB.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-03-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55100016 2015-08-26] (Skype Technologies S.A.)
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Run: [HP OfficeJet 3830 series (NET)] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Run: [Mikogo] => C:\Users\Sony\AppData\Roaming\Mikogo\Mikogo-host.exe [7148872 2015-10-26] (BeamYourScreen GmbH)
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Run: [Amazon Music] => C:\Users\Sony\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-02-01] (Amazon Services LLC)
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098920 2017-11-30] (Electronic Arts)
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Run: [Livedrive] => C:\Program Files (x86)\Livedrive\Livedrive.exe [4257576 2017-09-07] (Livedrive Ltd)
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Run: [Spotify] => C:\Users\Sony\AppData\Roaming\Spotify\Spotify.exe [21025392 2017-11-19] (Spotify Ltd)
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Run: [Spotify Web Helper] => C:\Users\Sony\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-19] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [35910688 2016-03-07] (ooVoo LLC)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL: EldosMountNotificator-cbfs6 - {D04DD2AE-7163-4729-B0B4-1410F14443E3} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs6 - {D04DD2AE-7163-4729-B0B4-1410F14443E3} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk [2017-11-07]
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk [2017-11-07]
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1b11034a-adc8-4476-a8f8-84bba90dbc00}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{db3ea63a-ee87-4e55-b581-5a03c510c625}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f4478eef-8af9-4d24-8d6d-0e77c40d5e57}: [DhcpNameServer] 82.163.143.171

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-372843650-2073662058-2978590665-1000 -> DefaultScope {11523226-5E1C-4207-B301-12734B81D119} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-372843650-2073662058-2978590665-1000 -> OldSearch URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-372843650-2073662058-2978590665-1000 -> {11523226-5E1C-4207-B301-12734B81D119} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-372843650-2073662058-2978590665-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-372843650-2073662058-2978590665-1000 -> {E74C0F7D-5353-42B8-8032-0A16725D91ED} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-24] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-04-29] (Atheros Commnucations)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-24] (Oracle Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxps://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1464028287418
DPF: HKLM-x32 {7B43048F-DA7A-458F-AF35-D825BDBB6816} hxxp://192.168.1.8/codebase/NetVideoOCX.cab
DPF: HKLM-x32 {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcPreview.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1z2odjol.default-1465202086592-1509397516575
FF ProfilePath: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\1z2odjol.default-1465202086592-1509397516575 [2017-12-20]
FF Extension: (Update Me) - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\1z2odjol.default-1465202086592-1509397516575\Extensions\{c8399f02-02f4-48e3-baea-586564311f95}.xpi [2017-12-16]
FF Extension: (Adblock Plus) - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\1z2odjol.default-1465202086592-1509397516575\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eiciijnoogkgneeokklpgjdaedophjmh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) [File not signed]
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-10-29] (Foxit Software Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1085968 2017-10-09] (Garmin Ltd. or its subsidiaries)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-22] (Realsil Microelectronics Inc.) [File not signed]
R2 LivedriveVSSService; C:\Program Files (x86)\Livedrive\VSSService.exe [24360 2017-09-07] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1385280 2013-12-10] (Microsoft Corp.)
S4 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2017-11-07] (BUFFALO INC.) [File not signed]
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2134848 2017-11-30] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3014472 2017-11-30] (Electronic Arts)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-09] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\WINDOWS\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-07-08] (EldoS Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2013-09-23] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2017-12-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-19] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-19] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-20] (Malwarebytes)
R1 MpKsle4939014; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94DFEBD4-5D1E-4D6C-856A-DA3376972B7A}\MpKsle4939014.sys [58120 2017-12-19] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-04] (Zemana Ltd.)
U4 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-20 08:53 - 2017-12-20 08:55 - 000018668 _____ C:\Users\Sony\Downloads\FRST.txt
2017-12-20 08:52 - 2017-12-20 08:52 - 002392064 _____ (Farbar) C:\Users\Sony\Downloads\FRST64.exe
2017-12-19 21:27 - 2017-12-19 21:28 - 000589088 _____ C:\Users\Sony\Documents\HP Slimline 411-a000na Desktop PC - Desktops at ebuyer.htm
2017-12-19 21:27 - 2017-12-19 21:28 - 000000000 ____D C:\Users\Sony\Documents\HP Slimline 411-a000na Desktop PC - Desktops at ebuyer_files
2017-12-19 21:14 - 2017-12-19 21:14 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-12-19 12:57 - 2017-12-19 22:15 - 008187336 _____ (Malwarebytes) C:\Users\Sony\Downloads\adwcleaner_7.0.5.0.exe
2017-12-19 11:02 - 2017-12-20 08:47 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-19 11:02 - 2017-12-19 22:22 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-19 11:02 - 2017-12-19 11:02 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-19 11:01 - 2017-12-19 22:22 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-19 11:01 - 2017-12-19 11:01 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-19 11:01 - 2017-12-19 11:01 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-19 11:01 - 2017-12-19 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-19 11:01 - 2017-12-19 11:01 - 000000000 ____D C:\ProgramData\MB2Migration
2017-12-19 11:01 - 2017-12-19 11:01 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-19 11:01 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-19 09:18 - 2017-12-19 09:18 - 000311224 _____ (Mozilla) C:\Users\Sony\Downloads\Firefox Installer(1).exe
2017-12-16 19:13 - 2017-12-16 19:13 - 000000000 ____D C:\WINDOWS\Panther
2017-12-16 18:17 - 2017-12-16 18:17 - 000000000 ____D C:\Users\Sony\AppData\Local\UnrealEngine
2017-12-16 18:17 - 2017-12-16 18:17 - 000000000 ____D C:\Users\Sony\AppData\Local\HelloNeighbour
2017-12-16 18:15 - 2017-12-16 18:15 - 000000000 ____D C:\ProgramData\GOG.com
2017-12-16 18:15 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2017-12-16 18:15 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-12-16 18:15 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-12-16 18:15 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-12-16 18:15 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-12-16 18:15 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-12-16 18:15 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-12-16 18:15 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-12-16 18:15 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-12-16 18:15 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2017-12-16 18:15 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2017-12-16 18:15 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-12-16 18:15 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-12-16 18:15 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2017-12-16 18:15 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-12-16 18:15 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-12-16 18:15 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2017-12-16 18:15 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2017-12-16 18:15 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2017-12-16 18:15 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2017-12-16 18:15 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2017-12-16 18:15 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2017-12-16 18:15 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2017-12-16 18:15 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2017-12-16 18:15 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-12-16 18:15 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-12-16 18:15 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2017-12-16 18:15 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2017-12-16 18:15 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2017-12-16 18:15 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2017-12-16 18:15 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2017-12-16 18:15 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2017-12-16 18:15 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2017-12-16 18:15 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2017-12-16 18:15 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2017-12-16 18:15 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2017-12-16 18:15 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2017-12-16 18:15 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2017-12-16 18:15 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2017-12-16 18:15 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2017-12-16 18:15 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-12-16 18:15 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-12-16 18:15 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-12-16 18:15 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-12-16 18:15 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-12-16 18:15 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-12-16 18:15 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-12-16 18:15 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-12-16 18:15 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2017-12-16 18:15 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2017-12-16 18:15 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2017-12-16 18:15 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2017-12-16 18:15 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2017-12-16 18:15 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2017-12-16 18:15 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-12-16 18:15 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-12-16 18:15 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-12-16 18:15 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-12-16 18:15 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-12-16 18:15 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-12-16 18:15 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2017-12-16 18:15 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-12-16 18:15 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-12-16 18:15 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-12-16 18:15 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2017-12-16 18:15 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-12-16 18:15 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-12-16 18:15 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2017-12-16 18:15 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2017-12-16 18:15 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-12-16 18:15 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-12-16 18:15 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2017-12-16 18:15 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2017-12-16 18:15 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-12-16 18:15 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-12-16 18:15 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2017-12-16 18:15 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-12-16 18:15 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2017-12-16 18:15 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-12-16 18:15 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2017-12-16 18:15 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-12-16 18:15 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2017-12-16 18:15 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2017-12-16 18:15 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-12-16 18:15 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-12-16 18:15 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2017-12-16 18:15 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-12-16 18:15 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2017-12-16 18:15 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-12-16 18:15 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2017-12-16 18:15 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-12-16 18:15 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2017-12-16 18:15 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-12-16 18:15 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2017-12-16 18:15 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-12-16 18:15 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2017-12-16 18:15 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-12-16 18:15 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2017-12-16 18:15 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-12-16 18:15 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2017-12-16 18:15 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-12-16 18:15 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2017-12-16 18:15 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-12-16 18:15 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2017-12-16 18:15 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-12-16 18:15 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2017-12-16 18:15 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-12-16 18:15 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2017-12-16 18:15 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-12-16 18:15 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2017-12-16 18:15 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-12-16 18:15 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2017-12-16 18:15 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-12-16 18:15 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2017-12-16 18:15 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-12-16 18:15 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2017-12-16 18:15 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-12-16 18:15 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2017-12-16 18:15 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-12-16 18:15 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2017-12-16 18:15 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-12-16 18:15 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-12-16 18:15 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-12-16 18:15 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2017-12-16 18:15 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-12-16 18:15 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2017-12-16 18:15 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-12-16 18:15 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2017-12-16 18:15 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-12-16 18:15 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2017-12-16 18:15 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-12-16 18:15 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2017-12-16 18:15 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2017-12-16 18:15 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-12-16 18:15 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-12-16 18:15 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2017-12-16 18:15 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2017-12-16 18:15 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2017-12-16 18:15 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2017-12-16 18:15 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-12-16 18:15 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-12-16 18:15 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-12-16 18:15 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2017-12-16 18:15 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2017-12-16 18:15 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2017-12-16 18:15 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-12-16 18:15 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-12-16 18:15 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2017-12-16 18:15 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-12-16 18:15 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2017-12-16 18:15 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-12-16 18:15 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2017-12-16 18:14 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-12-16 18:14 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2017-12-16 18:14 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-12-16 18:14 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2017-12-16 18:14 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-12-16 18:14 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2017-12-16 18:14 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-12-16 18:14 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2017-12-16 18:14 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-12-16 18:14 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2017-12-16 18:14 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-12-16 18:14 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2017-12-16 18:14 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-12-16 18:14 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2017-12-16 18:14 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-12-16 18:14 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2017-12-16 18:11 - 2017-12-19 12:58 - 000000000 ____D C:\GOG Games
2017-12-16 18:11 - 2017-12-16 18:11 - 000038345 _____ C:\Users\Sony\Downloads\gog_eula.txt
2017-12-16 18:05 - 2017-12-16 18:11 - 441913968 _____ (GOG.com ) C:\Users\Sony\Downloads\setup_hello_neighbor_demo_pre-alpha_(13261).exe
2017-12-16 00:09 - 2017-12-16 00:24 - 000000000 ____D C:\December 2017
2017-12-13 09:41 - 2017-11-30 09:45 - 000982392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-13 09:41 - 2017-11-30 09:33 - 005688320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-12-13 09:41 - 2017-11-30 09:29 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-13 09:41 - 2017-11-30 09:28 - 007625728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-13 09:41 - 2017-11-30 09:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-12-13 09:41 - 2017-11-30 09:28 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 09:41 - 2017-11-30 09:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 09:41 - 2017-11-30 09:26 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-12-13 09:41 - 2017-11-30 09:25 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2017-12-13 09:41 - 2017-11-30 09:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 09:41 - 2017-11-30 09:25 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 09:41 - 2017-11-30 09:25 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-12-13 09:41 - 2017-11-30 09:25 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 09:41 - 2017-11-30 09:24 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 09:41 - 2017-11-30 09:24 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 09:41 - 2017-11-30 09:24 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-12-13 09:41 - 2017-11-30 09:24 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshext.dll
2017-12-13 09:41 - 2017-11-30 09:23 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-12-13 09:41 - 2017-11-30 09:23 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 09:41 - 2017-11-30 09:22 - 019411968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 09:41 - 2017-11-30 09:22 - 018366976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 09:41 - 2017-11-30 09:22 - 012205056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 09:41 - 2017-11-30 09:21 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-12-13 09:41 - 2017-11-30 09:17 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-12-13 09:41 - 2017-11-30 09:17 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-12-13 09:41 - 2017-11-30 09:16 - 006066688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 09:41 - 2017-11-30 09:16 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 09:41 - 2017-11-30 09:16 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 09:41 - 2017-11-30 09:16 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-12-13 09:41 - 2017-11-30 09:15 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 09:41 - 2017-11-30 09:15 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-12-13 09:41 - 2017-11-30 09:14 - 002028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-12-13 09:41 - 2017-11-30 09:14 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-12-13 09:41 - 2017-11-30 09:14 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 09:41 - 2017-03-04 06:19 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-12-13 09:40 - 2017-11-30 09:23 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-12-13 09:32 - 2017-11-30 07:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-13 09:32 - 2017-11-30 07:42 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-12-13 09:32 - 2017-11-30 07:42 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 09:32 - 2017-11-30 07:41 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 09:32 - 2017-11-30 07:40 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 09:32 - 2017-11-30 07:39 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-12-13 09:32 - 2017-11-30 07:38 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 09:32 - 2017-11-30 07:38 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 09:32 - 2017-11-30 07:37 - 008118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 09:32 - 2017-11-30 07:37 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-12-13 09:32 - 2017-11-30 07:37 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-12-13 09:32 - 2017-11-30 07:37 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 09:32 - 2017-11-30 07:37 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2017-12-13 09:32 - 2017-11-30 07:37 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2017-12-13 09:32 - 2017-11-30 07:37 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshext.dll
2017-12-13 09:32 - 2017-11-30 07:36 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-12-13 09:32 - 2017-11-30 07:36 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-12-13 09:32 - 2017-11-30 07:36 - 000761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-12-13 09:32 - 2017-11-30 07:34 - 004739584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 09:32 - 2017-11-30 07:33 - 001013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-12-13 09:32 - 2017-11-30 07:33 - 000583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 09:32 - 2017-11-30 07:32 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 09:32 - 2017-11-30 07:32 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-12-13 09:32 - 2016-09-07 04:56 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-12-13 09:31 - 2017-11-30 08:22 - 007780184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 09:31 - 2017-11-30 08:15 - 001072240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-13 09:31 - 2017-11-30 07:53 - 022571520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 09:31 - 2017-11-30 07:50 - 007219200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-12-13 09:31 - 2017-11-30 07:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 09:31 - 2017-11-30 07:44 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 09:31 - 2017-11-30 07:38 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-13 09:31 - 2017-11-30 07:36 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 09:31 - 2017-11-30 07:36 - 013108224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 09:31 - 2017-11-30 07:36 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-12-13 09:31 - 2017-11-30 07:33 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-12-13 09:31 - 2017-11-30 07:33 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 09:30 - 2017-11-30 08:17 - 000983896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 09:30 - 2017-11-30 08:16 - 001090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 09:30 - 2017-11-30 08:16 - 000947544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-12-13 09:30 - 2017-11-30 08:16 - 000811864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-13 09:30 - 2017-11-30 07:37 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-12-12 20:30 - 2017-12-12 20:32 - 030340640 _____ (Hewlett-Packard Company ) C:\Users\Sony\Downloads\sp63300.exe
2017-12-12 20:30 - 2017-12-12 20:31 - 038301392 _____ (Hewlett-Packard Company ) C:\Users\Sony\Downloads\sp61409.exe
2017-12-12 20:29 - 2017-12-12 20:30 - 034622520 _____ (Hewlett-Packard Company ) C:\Users\Sony\Downloads\sp60642.exe
2017-12-11 13:14 - 2017-12-11 13:17 - 156808131 _____ C:\Users\Sony\Downloads\properly finished H265.mov
2017-12-02 22:48 - 2017-12-02 22:48 - 000002218 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-12-02 22:48 - 2017-12-02 22:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-11-29 17:38 - 2017-11-29 17:38 - 000000000 ____D C:\Users\Sony\Documents\ROBLOX
2017-11-29 17:16 - 2017-11-29 17:40 - 000000000 ____D C:\Users\Sony\AppData\Local\Roblox
2017-11-29 17:16 - 2017-11-29 17:16 - 000822328 _____ (Roblox Corporation) C:\Users\Sony\Downloads\RobloxPlayerLauncher(7).exe
2017-11-29 15:36 - 2017-11-29 15:36 - 000822328 _____ (Roblox Corporation) C:\Users\Sony\Downloads\RobloxPlayerLauncher(6).exe
2017-11-28 21:18 - 2017-11-28 22:03 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-11-28 21:18 - 2017-11-28 21:18 - 000000000 ____D C:\Users\Sony\AppData\Roaming\Fresh
2017-11-28 21:15 - 2017-11-28 21:15 - 000001325 _____ C:\Users\Public\Desktop\Fresh.lnk
2017-11-28 21:13 - 2017-11-28 21:14 - 024214824 _____ (GARMIN Würzburg GmbH) C:\Users\Sony\Downloads\GARMIN_Fresh_setup.exe
2017-11-27 21:36 - 2017-11-18 03:59 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-27 21:36 - 2017-11-18 03:59 - 006672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-27 21:36 - 2017-11-18 03:43 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\socialapis.dll
2017-11-27 21:36 - 2017-11-18 03:42 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2017-11-27 21:36 - 2017-11-18 03:42 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-27 21:36 - 2017-11-18 03:40 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2017-11-27 21:36 - 2017-11-18 03:38 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-27 21:36 - 2017-11-18 03:38 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-11-27 21:36 - 2017-11-18 03:37 - 000854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-11-27 21:36 - 2017-11-18 03:36 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-11-27 21:36 - 2017-11-18 03:34 - 002002944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-27 21:36 - 2017-11-18 03:33 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-11-27 21:36 - 2017-11-18 03:31 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-27 21:36 - 2017-11-18 03:31 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-11-27 21:35 - 2017-11-18 04:03 - 000195936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2017-11-27 21:35 - 2017-11-18 04:01 - 005722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-11-27 21:35 - 2017-11-18 03:42 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-11-27 21:35 - 2017-11-18 03:38 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-11-27 21:35 - 2017-11-18 03:36 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-27 21:35 - 2017-11-18 03:31 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-11-27 21:35 - 2017-11-18 03:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-11-27 21:35 - 2017-03-04 06:13 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-11-27 21:25 - 2017-11-18 04:12 - 008178816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-27 21:24 - 2017-11-18 04:20 - 000219024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-11-27 21:24 - 2017-11-18 04:13 - 000430424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-27 21:24 - 2017-11-18 04:12 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-27 21:24 - 2017-11-18 04:10 - 000453536 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-11-27 21:24 - 2017-11-18 03:43 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-11-27 21:24 - 2017-11-18 03:38 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-11-27 21:24 - 2017-11-18 03:37 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-27 21:24 - 2017-11-18 03:37 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-27 21:24 - 2017-11-18 03:33 - 000296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2017-11-27 21:24 - 2017-11-18 03:33 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-11-27 21:24 - 2017-11-18 03:32 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-11-27 21:24 - 2017-11-18 03:32 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\socialapis.dll
2017-11-27 21:24 - 2017-11-18 03:32 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-27 21:24 - 2017-11-18 03:29 - 002512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-27 21:24 - 2017-11-18 03:29 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-27 21:24 - 2017-11-18 03:28 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-27 21:24 - 2017-11-18 03:28 - 001512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-11-27 21:24 - 2017-11-18 03:28 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-11-27 21:24 - 2017-11-18 03:27 - 003616256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-27 21:24 - 2017-11-18 03:27 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2017-11-27 21:24 - 2017-11-18 03:26 - 002065408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-27 21:24 - 2017-11-07 02:59 - 000449050 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-11-27 21:24 - 2017-03-04 06:10 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-11-27 21:23 - 2017-11-18 04:23 - 000038744 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-11-27 21:23 - 2017-11-18 04:18 - 002254688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-27 21:23 - 2017-11-18 04:16 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-11-27 21:23 - 2017-11-18 04:14 - 002187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-27 21:23 - 2017-11-18 04:14 - 000658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-27 21:23 - 2017-11-18 04:14 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-27 21:23 - 2017-11-18 04:13 - 007213968 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-11-27 21:23 - 2017-11-18 04:13 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-27 21:23 - 2017-11-18 03:35 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-11-27 21:23 - 2017-11-18 03:32 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-27 21:23 - 2017-11-18 03:30 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2017-11-27 21:23 - 2017-11-18 03:29 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-11-27 21:23 - 2017-11-18 03:29 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-27 21:23 - 2017-11-18 03:29 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-11-27 21:23 - 2017-11-18 03:28 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-11-27 21:22 - 2017-11-18 04:11 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-11-27 21:22 - 2017-11-18 04:08 - 000222048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2017-11-27 21:22 - 2017-11-18 03:38 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-11-27 21:22 - 2017-11-18 03:37 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-11-27 21:22 - 2017-11-18 03:35 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-11-27 21:22 - 2017-11-18 03:31 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-27 21:22 - 2017-11-18 03:30 - 002278912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-27 21:22 - 2017-11-18 03:30 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-27 21:22 - 2017-11-18 03:30 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-11-27 21:21 - 2017-11-18 04:13 - 000573792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-11-27 21:21 - 2017-11-18 03:32 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-11-27 21:16 - 2017-11-27 21:16 - 000000019 _____ C:\Users\Sony\Documents\phpinfo.php
2017-11-27 15:30 - 2017-11-27 15:30 - 000822328 _____ (Roblox Corporation) C:\Users\Sony\Downloads\RobloxPlayerLauncher(5).exe
2017-11-26 08:52 - 2017-11-26 08:52 - 000822328 _____ (Roblox Corporation) C:\Users\Sony\Downloads\RobloxPlayerLauncher(4).exe
2017-11-26 08:51 - 2017-11-26 08:51 - 000822328 _____ (Roblox Corporation) C:\Users\Sony\Downloads\RobloxPlayerLauncher(3).exe
2017-11-24 09:23 - 2017-11-24 09:23 - 000092993 _____ C:\Users\Sony\Downloads\o15-ctrremove.diagcab
2017-11-23 22:11 - 2017-11-23 22:13 - 000000000 ____D C:\Trainers
2017-11-22 22:27 - 2017-11-22 22:30 - 000022332 _____ C:\Users\Sony\AppData\Roaming\Comma Separated Values.ADR
2017-11-21 22:14 - 2017-11-21 22:11 - 000009925 _____ C:\default-constants.php

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-20 08:55 - 2016-06-07 08:05 - 000069908 _____ C:\WINDOWS\ZAM.krnl.trace
2017-12-20 08:55 - 2016-06-07 08:05 - 000039708 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-12-20 08:53 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-20 08:53 - 2016-06-06 20:52 - 000000000 ____D C:\FRST
2017-12-20 08:52 - 2016-07-16 11:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-20 08:45 - 2017-07-11 20:23 - 000000000 ____D C:\LisaOutlook
2017-12-20 08:45 - 2016-11-18 22:28 - 000000000 ____D C:\Users\Sony\AppData\LocalLow\Mozilla
2017-12-20 08:45 - 2016-09-19 17:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-20 08:45 - 2015-10-06 13:13 - 000000000 ____D C:\Users\Sony\Documents\Outlook Files
2017-12-19 23:09 - 2016-09-19 17:35 - 000000000 ____D C:\Users\Sony
2017-12-19 22:20 - 2016-09-19 17:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-19 22:20 - 2016-07-16 06:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-12-19 22:16 - 2016-02-20 13:42 - 000000000 ____D C:\AdwCleaner
2017-12-19 21:41 - 2016-07-16 11:45 - 000000000 ____D C:\WINDOWS\INF
2017-12-19 12:40 - 2015-02-14 18:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-19 11:01 - 2016-02-20 14:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-19 11:01 - 2016-02-20 14:45 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-12-19 09:19 - 2017-10-03 12:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-19 09:18 - 2015-02-14 18:04 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-19 09:18 - 2015-02-14 18:04 - 000000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-18 18:02 - 2015-02-20 19:58 - 000000000 ____D C:\Users\Sony\AppData\Local\CrashDumps
2017-12-17 08:35 - 2017-02-26 17:22 - 000000000 ____D C:\ProgramData\Origin
2017-12-17 08:34 - 2017-02-26 17:28 - 000000000 ____D C:\Users\Sony\AppData\Roaming\Origin
2017-12-15 23:19 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-15 22:15 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\rescache
2017-12-14 22:41 - 2015-03-21 22:35 - 000000000 ____D C:\Users\Sony\AppData\Local\Spotify
2017-12-14 22:37 - 2015-03-21 22:34 - 000000000 ____D C:\Users\Sony\AppData\Roaming\Spotify
2017-12-14 17:08 - 2017-06-20 09:48 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-13 14:16 - 2016-07-16 11:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-13 14:00 - 2015-02-14 18:17 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-12-13 13:53 - 2015-02-14 13:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 13:49 - 2017-10-11 12:35 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 13:49 - 2015-02-14 13:44 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-11 13:21 - 2015-02-14 18:04 - 000000000 ____D C:\Users\Sony\AppData\Roaming\vlc
2017-12-08 22:50 - 2015-07-13 16:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-08 08:56 - 2017-09-29 18:59 - 000000000 ____D C:\Program Files\rempl
2017-12-06 18:40 - 2017-11-04 19:34 - 000001428 _____ C:\Users\Sony\Desktop\Roblox Player.lnk
2017-12-06 18:40 - 2017-11-04 19:33 - 000001243 _____ C:\Users\Sony\Desktop\Roblox Studio.lnk
2017-12-06 18:40 - 2017-11-04 19:33 - 000000000 ____D C:\Users\Sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-12-06 10:56 - 2017-09-29 15:18 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-05 19:04 - 2009-07-14 02:34 - 000000478 _____ C:\WINDOWS\win.ini
2017-12-02 22:48 - 2016-06-29 10:57 - 000000000 ____D C:\ProgramData\Foxit Software
2017-12-02 01:06 - 2017-07-17 22:17 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-02 01:06 - 2017-07-17 22:17 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-30 21:14 - 2017-10-12 09:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 21:13 - 2017-10-12 09:02 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-30 15:03 - 2017-02-26 17:25 - 000000000 ____D C:\Program Files (x86)\Origin
2017-11-29 18:03 - 2015-08-25 16:25 - 000000000 ____D C:\Users\Sony\AppData\Local\Packages
2017-11-29 17:34 - 2017-11-04 19:33 - 000000252 _____ C:\Users\Sony\AppData\LocalLow\rbxcsettings.rbx
2017-11-29 17:31 - 2015-09-04 16:55 - 000000000 ____D C:\Users\Sony\AppData\Roaming\Skype
2017-11-28 21:15 - 2017-10-11 09:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-11-28 21:14 - 2015-08-14 13:25 - 000000000 ____D C:\Program Files (x86)\Garmin
2017-11-28 19:29 - 2015-08-25 16:26 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-28 19:28 - 2016-09-19 17:28 - 000413344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-28 19:26 - 2016-07-16 11:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-28 19:26 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-27 21:35 - 2016-05-15 19:17 - 000000000 ____D C:\Users\Sony\AppData\Roaming\FileZilla
2017-11-24 12:37 - 2015-02-14 18:05 - 000000000 ____D C:\ProgramData\Oracle
2017-11-24 12:33 - 2015-02-14 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-24 12:33 - 2015-02-14 18:05 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-24 12:31 - 2015-02-14 18:06 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-11-24 09:02 - 2016-09-15 10:07 - 000000000 ___HD C:\Users\Sony\Downloads\[MilfSoup] Jewels Jade
2017-11-23 09:08 - 2017-11-17 10:19 - 000000000 ____D C:\MPH
2017-11-21 22:11 - 2017-05-22 08:27 - 000000000 ____D C:\Frewer
2017-11-21 09:20 - 2010-11-21 03:27 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2017-11-22 22:27 - 2017-11-22 22:30 - 000022332 _____ () C:\Users\Sony\AppData\Roaming\Comma Separated Values.ADR
2017-09-21 09:08 - 2017-09-21 09:08 - 000011486 _____ () C:\Users\Sony\AppData\Roaming\Comma Separated Values.TSK
2016-01-14 18:49 - 2016-01-16 08:49 - 000000098 _____ () C:\Users\Sony\AppData\Roaming\WB.CFG
2016-10-07 11:43 - 2017-11-01 15:52 - 000009728 _____ () C:\Users\Sony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2017-12-02 22:46 - 2017-08-21 17:01 - 003700288 _____ (Foxit Corporation) C:\Users\Sony\AppData\Local\Temp\FoxitUpdater.exe
2017-11-24 12:30 - 2017-11-24 12:30 - 001856576 _____ (Oracle Corporation) C:\Users\Sony\AppData\Local\Temp\jre-8u151-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-10 21:32

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Sony (20-12-2017 08:59:11)
Running from C:\Users\Sony\Downloads
Windows 10 Home Version 1607 14393.1944 (X64) (2016-09-19 18:11:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-372843650-2073662058-2978590665-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-372843650-2073662058-2978590665-503 - Limited - Disabled)
Guest (S-1-5-21-372843650-2073662058-2978590665-501 - Limited - Disabled)
Sony (S-1-5-21-372843650-2073662058-2978590665-1000 - Administrator - Enabled) => C:\Users\Sony

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Amazon Music (HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Amazon Amazon Music) (Version: 5.3.5.1704 - Amazon Services LLC)
AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version:  - )
ANT Drivers Installer x64 (HKLM\...\{B9218A36-7AD3-4046-8D77-31F51DC0D795}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
BitTorrent (HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.100 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.92 - Buffalo Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Elevated Installer (HKLM-x32\...\{B85F70BE-A5A3-48A2-A790-AF6001F026E0}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
FileZilla Client 3.27.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
Fresh 3.5.1 (HKLM-x32\...\Fresh) (Version: 3.5.1 - GARMIN)
Garmin Express (HKLM-x32\...\{5b328687-2baf-4fb6-b6c7-c49fb4840cba}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5F4164CE-621E-4AFD-BBFE-1BBE2299710E}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{4E9533AB-7743-4B73-A5D2-42207E159E11}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP OfficeJet 3830 series Basic Device Software (HKLM\...\{644380A4-11D0-48CB-AAB8-CCB6BD072784}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.41 - Irfan Skiljan)
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
K-Lite Mega Codec Pack 8.4.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.4.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Service Bridge (HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\dda9ca0b023f4c56) (Version: 1.6.3.2 - Lenovo)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.2 - Hermann Schinagl)
Livedrive (HKLM\...\{4B0D364A-2561-43DE-8F6E-E5337E05DEBA}) (Version: 4.5.0.73 - Livedrive Internet Limited)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Azure Active Directory Module for Windows PowerShell (HKLM\...\{581D5E88-A626-403D-94A2-B53C01E5896F}) (Version: 1.1.166.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{D8AB93B0-6FBF-44A0-971F-C0669B5AE6DD}) (Version: 7.250.4556.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mikogo (HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Mikogo) (Version: 5.3.1 - BeamYourScreen GmbH)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-GB)) (Version: 57.0.2 - Mozilla)
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.7.1001 - ooVoo LLC.)
ooVoo Teoma Search App (HKLM-x32\...\{4F564F2D-5447-006A-76A7-A758B70C2D01}) (Version: 12.45.1.1323 - APN, LLC)
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.11002 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Roblox Player for Sony (HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Studio for Sony (HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
Scratch 2 Offline Editor (HKLM-x32\...\{0C26944B-94CF-F315-D5E3-2E7186A3CCF9}) (Version: 255.0.4 - Massachusetts Institute of Technology) Hidden
Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 456.0.4 - Massachusetts Institute of Technology)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
SmartViewer (HKLM-x32\...\{5A5A8B70-F3B7-4C14-8812-6675101CBEB7}) (Version: 4.9.1.6 - Hanwha Techwin Co., Ltd.)
SmartViewer (HKLM-x32\...\{7D8896D9-0180-440B-806C-C44E7B8BFB21}) (Version: 4.9.1.6 - Hanwha Techwin Co., Ltd.) Hidden
SmartViewer3.0 (HKLM-x32\...\{263B6CCF-ABE3-4B29-97C9-69A99B3DF161}) (Version: 3.05.014 - Samsung Techwin Co., Ltd.) Hidden
SmartViewer3.0 (HKLM-x32\...\{FB363C84-C5BA-4CC0-9DFF-29D8CA0A771A}) (Version: 3.05.014 - Samsung Techwin Co., Ltd.) Hidden
Spotify (HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\Spotify) (Version: 1.0.67.582.g19436fa3 - Spotify AB)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.36.104.1020 - Electronic Arts Inc.)
Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version:  - File Recovery Ltd.)
Update for Skype for Business 2015 (KB4011284) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0CFCD910-8950-4626-80EB-AA0B64A186E8}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011284) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0CFCD910-8950-4626-80EB-AA0B64A186E8}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011284) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0CFCD910-8950-4626-80EB-AA0B64A186E8}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.4.0 - Azureus Software, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Atheros Communications Inc. (athr) Net  (10/28/2010 9.1.0.334) (HKLM\...\03B2A371154C218E490E8E8611239434758B577B) (Version: 10/28/2010 9.1.0.334 - Atheros Communications Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Realtek (RTL8167) Net  (01/26/2011 7.040.0126.2011) (HKLM\...\63812D0D7BEF8B8C3ED280E01D1A599B1D9595F3) (Version: 01/26/2011 7.040.0126.2011 - Realtek)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {6FD6D59E-7C03-4A83-BED6-250C5E2DFF94} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-07-08] (EldoS Corporation)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Livedrive\Extensions.dll [2017-09-07] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Livedrive\Extensions.dll [2017-09-07] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Livedrive\Extensions.dll [2017-09-07] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Livedrive\Extensions.dll [2017-09-07] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {6FD6D59E-7C03-4A83-BED6-250C5E2DFF94} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-07-08] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-06-20] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ContextMenuHandlers1: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Livedrive\Extensions.dll [2017-09-07] (Livedrive Internet Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Livedrive\Extensions.dll [2017-09-07] (Livedrive Internet Ltd)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-06-20] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03BABDC9-9354-4803-946E-673FC77DFF12} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {08586705-5672-4F29-B4F2-CBAD83ECC163} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-12-13] (Microsoft Corporation)
Task: {09688526-A0E8-48BC-A3FE-E203C248B139} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B73B38A-4A37-4829-9DDD-8CFB2FF8C10C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {10395B01-B98A-414A-89F7-D11165BB3607} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-18] (Adobe Systems Incorporated)
Task: {1499372B-6964-46AE-8530-0D40FB4F6DBF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {14C0B367-8024-4A7D-BCB6-F8B68290C679} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2687B723-7B5D-4426-BD4D-AC14DAF51C2E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {2A441641-D2A1-49D7-A8C8-B41BBBE3F96C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2CBF82E6-141A-4FB0-A127-C305B1043E48} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {2FA547BD-9517-43B9-BAAC-030144AA7DFA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-10-09] ()
Task: {34FD13AB-087A-404E-83F6-D8A8A471444A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {39F7E574-FAF0-498C-B353-8AD8BB484C73} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4449912D-C94D-41B9-AB52-A915C04257E2} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {474E9B15-0288-4916-9B3B-D6D6117DA5EA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {49230FBB-C3FE-49D1-87AC-E0E6AA2F1CC3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {51180587-FD54-41F9-A17A-F8C6CC6BED89} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D83B48D-7DFA-40E1-881A-2B299206392F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {610F61AF-DA06-4B11-8F0B-2AB5E7933F38} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {68A72475-BC9D-4716-8BF9-4509B8C2E2CE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {6C0F6464-B5CD-4D5F-AC68-598F0247AC4F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {6C52092A-DFA1-4DC9-8770-BDD7E5D006A2} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {7074EE72-D2FC-4E4B-8B7F-2F86DFF1A1C5} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-372843650-2073662058-2978590665-1000 => "C:\WINDOWS\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {726A0D74-C3B5-4A66-97B0-3F15EAD3A36B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {743A2309-5856-46E8-8CA5-1135BD185762} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7D98CE6D-4B16-4D8E-AB28-DA13C2F5877F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83C2AB55-3DFC-4DA4-BD94-16EB352A4B05} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87B01368-2467-49AA-97CD-4118AC91C8C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {88C10257-33F2-47A4-B8C7-CD70FEC4CDC2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8C3738F6-5292-4C36-B3D8-C1FAB5B2F18B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {92621D73-F35A-4F39-87B4-4497B877E275} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA58FFC3-4742-4109-9368-DE7BC052EEAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {ADC25557-4003-430C-9DA8-A0E71126AF62} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BC507A6D-7308-4932-A39C-9032E33482F0} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C393A923-C22D-4139-92A4-0CFFC9767EAF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6CA4AE6-A48A-4EBD-AAF5-1B184DA0E099} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C6E6D7CD-F60B-4C84-B050-633A5EAC8C9A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {CE07BEC3-0B71-41FB-9643-02E9BBECF691} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D2C0629F-2D45-46F9-8FFA-3F45C366A150} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {D85594C8-2627-4F3B-8090-8B4A6DE89CA3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D9C58ADF-1FFB-48E2-943F-9D02CAD50AA6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EA47D743-07A0-48CC-B467-C6621E86F731} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EA61634E-22B9-499A-9828-0A0F19EBA8EC} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {EF20B76B-8B08-4BEE-8FEF-1E86865A9990} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {F7E33BCA-4F11-4C35-A226-7C245F547D51} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FA942ECB-BA11-4E65-A4FA-9FA53B268B08} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-13 21:19 - 2017-09-07 06:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-04-16 06:52 - 2014-04-16 06:52 - 000034304 _____ () C:\WINDOWS\System32\ssd4clm.dll
2017-09-07 09:44 - 2017-09-07 09:44 - 000024360 _____ () C:\Program Files (x86)\Livedrive\VSSService.exe
2017-09-07 09:38 - 2017-09-07 09:38 - 000378880 _____ () C:\Program Files (x86)\Livedrive\VSSHelper.dll
2017-12-19 11:01 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-19 11:01 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2004-09-30 18:15 - 2004-09-30 18:15 - 000192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2016-09-20 02:21 - 2016-09-20 02:21 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 17:43 - 2017-03-04 06:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-16 17:40 - 2017-03-04 06:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 17:40 - 2017-03-04 06:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 17:40 - 2017-03-04 06:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-12-13 09:30 - 2017-11-30 07:32 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-12-13 09:30 - 2017-11-30 07:32 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-12-13 09:30 - 2017-11-30 07:34 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-12-13 09:57 - 2017-12-13 09:57 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-13 09:57 - 2017-12-13 09:57 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-13 09:57 - 2017-12-13 09:57 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-13 09:57 - 2017-12-13 09:57 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
2015-10-13 15:10 - 2015-10-13 15:10 - 001428648 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2017-08-14 16:05 - 2017-08-14 16:05 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-12-20 08:51 - 2017-12-20 08:52 - 034532864 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_36.36.12003.0_x64__8wekyb3d8bbwe\XboxApp.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-10-09 15:12 - 2017-10-09 15:12 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-372843650-2073662058-2978590665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sony\Pictures\2014-04\IMG_0425.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Atheros Bt&Wlan Coex Agent => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: FoxitReaderService => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NasPmService => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: ZAMSvc => 2
MSCONFIG\startupreg: Apoint => %ProgramFiles%\Apoint\Apoint.exe
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: EEDSpeedLauncher => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Sony\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Sony\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\StartupFolder: => "NAS Scheduler.lnk"
HKLM\...\StartupApproved\StartupFolder: => "BUFFALO NAS Navigator2.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "Apoint"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\StartupApproved\Run: => "Mikogo"
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\StartupApproved\Run: => "EEDSpeedLauncher"
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-372843650-2073662058-2978590665-1000\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{14863758-39BC-4BD6-BCD7-87067F675126}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{6E41DD2A-FA76-4067-950C-D58C8073E2AB}] => (Allow) LPort=5357
FirewallRules: [{D080995D-E08E-479F-A3DF-287F18EF621E}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{FDA4833F-732F-456C-A671-B81821813B58}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{97A8BDA8-3E02-4A05-B6F0-C938E88033BE}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe
FirewallRules: [{E01B244E-D85A-453E-A1AF-62AE8410CAEC}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{D3782315-0A36-4028-821F-735ACADEA2CF}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{E63D2144-4BC7-4CB2-A06C-1967E3BB621C}] => (Allow) C:\Users\Sony\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2069D0F1-DDB7-4FE4-8124-D16E6A11F79E}] => (Allow) C:\Users\Sony\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A1A1A959-678C-441F-A23C-E54B9F532B23}] => (Allow) C:\Users\Sony\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{115EDEA1-99DC-4401-8E0C-B98B94646F8D}] => (Allow) C:\Users\Sony\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{682ADE92-2BFD-4D91-93B1-734E72D72290}] => (Allow) C:\Users\Sony\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BFDCA1F8-A8C8-4AE0-B9CD-DB3E4EEB23D8}] => (Allow) C:\Users\Sony\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{601B3E23-3669-4239-87FB-2F72493ECAA6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{86981A0E-4D17-4AE9-904D-738D097C5C84}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A53868A3-0EA2-4B60-B68A-8A3E3C3BC730}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B560B56F-E0AB-4D9B-AE74-14E25D6E4C08}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EB6A1C63-C486-483F-BF0E-A9A1992E0CFA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EAD5A8D7-2091-451B-8CC1-36EAE2C5ECE5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{BD4F49BD-4DDD-44D1-BCB9-34362A868825}C:\users\sony\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sony\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{36345F37-FFB3-424C-8CA7-868063B3681E}C:\users\sony\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sony\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{AC82EA53-9D27-4317-BAB7-79605465156E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{AD6A95BE-DA31-48D9-8F06-0B699F8DD7FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{807E5394-11C0-4188-B029-DB5949B57028}] => (Allow) LPort=1900
FirewallRules: [{D5B735F7-6EB2-4329-863C-4DFBC6FA0B86}] => (Allow) LPort=2869
FirewallRules: [{D6D1B47E-56A1-486C-B11F-C364A7E9A715}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9900CFE1-74FD-4A39-B5C3-4B8BA764D02C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CA5DF504-C0AA-44B6-BB4F-39B5B1532525}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A4BD2CEA-066C-49F9-95FC-EF4FE7FC9E40}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{021AB0C2-462C-4B4F-9306-0553588CAE7D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{832D9806-E891-4389-9FB0-DDB07F20F75B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DEB98E3-A69D-4B0B-ACC2-D3CC4FD12174}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6BDF5E27-2212-4DF5-844B-8FE8D6655F8F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A3913237-D25B-477D-AC8B-65B7B89B2DDB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB0BB713-F057-4165-A6D5-7EA83000B5FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{020F00C4-7453-4FAA-B0D7-0A86C92F385A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DD8D2B4B-7AA0-414B-8BE0-86E70AD83358}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADBFA5C6-C96B-4824-B84B-472861D423DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4F4574E9-BD3E-4C91-8E96-F8B99081297F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3A5246D9-8E76-4B82-97EF-2633B4EBC710}] => (Allow) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
FirewallRules: [{F28C07C8-4FB1-4B95-A422-36999A754566}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{2B1BE1D6-29F6-49C8-8B56-F5649B2979B3}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{4AABB9B2-AA82-43A3-A8B0-9BC252732C08}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{1194B9A2-63FD-49E7-87B9-CA856BF480D5}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [TCP Query User{CF3CC15C-B87A-4D55-821F-4F99F69CE5F4}C:\program files (x86)\samsung\smartviewer3.0\bin\smartviewermain.exe] => (Allow) C:\program files (x86)\samsung\smartviewer3.0\bin\smartviewermain.exe
FirewallRules: [UDP Query User{F2C4FFE8-F101-48C7-A4D9-5C3857C2C289}C:\program files (x86)\samsung\smartviewer3.0\bin\smartviewermain.exe] => (Allow) C:\program files (x86)\samsung\smartviewer3.0\bin\smartviewermain.exe
FirewallRules: [TCP Query User{57E89786-F09B-4319-B002-1748EA80DCDB}C:\program files (x86)\samsung\smartviewer3.0\bin\smartviewermain.exe] => (Allow) C:\program files (x86)\samsung\smartviewer3.0\bin\smartviewermain.exe
FirewallRules: [UDP Query User{9DAAF714-64F0-49D2-A515-0345A4862E8C}C:\program files (x86)\samsung\smartviewer3.0\bin\smartviewermain.exe] => (Allow) C:\program files (x86)\samsung\smartviewer3.0\bin\smartviewermain.exe
FirewallRules: [TCP Query User{6784CF12-8A0C-45A9-9F4A-91F48F8856B0}C:\users\sony\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\sony\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{0FBA6E6B-5FB7-4B79-B531-16008334AB4A}C:\users\sony\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\sony\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{DE8A52DA-DBBD-4411-9AE1-DA4847D2C861}C:\users\sony\appdata\roaming\bittorrent\updates\7.9.9_43296.exe] => (Allow) C:\users\sony\appdata\roaming\bittorrent\updates\7.9.9_43296.exe
FirewallRules: [UDP Query User{2C747431-AE84-4001-BC69-EF072EC04105}C:\users\sony\appdata\roaming\bittorrent\updates\7.9.9_43296.exe] => (Allow) C:\users\sony\appdata\roaming\bittorrent\updates\7.9.9_43296.exe
FirewallRules: [{F560022F-471A-4537-BAEB-A351B56B140D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AA312ABB-3D44-4EAD-94A8-72EE080CE8AA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7C92CBAE-ADFB-4EC4-9051-347131B9AC8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C8EFEB80-36C8-4B4C-A3FB-726790AA3CAF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8D95A8ED-1B90-4AB6-857D-83B83EB08F3E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0B82437F-771E-439C-9B31-C875280BF054}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B5A6954D-3EB0-4F14-9227-4F1A5C0C4ADB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D7A29731-E7C0-45B7-B3FB-AA835AF476CB}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{A0FF1DA4-CB61-40E4-876C-E4D2D217C3D2}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{27BD6639-A20D-4D39-82B5-FF58B9E4622A}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{1D77BB7B-7FD1-49A9-8E96-C4FFC70834A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E07FC735-9804-4BF1-B9B5-B9EF1413DA19}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A233C40F-EE71-4273-904C-6C9E8FADCAAF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7F0C0900-B9D6-49B2-AFF4-88697A6D9486}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B5E83D86-1384-4A41-841B-B8544BAE42F0}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{6821C9BD-1662-4F39-ABD5-08AD8FA2E9F1}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{0F7ADFCC-D3E6-4295-80CD-97A5B1904AB5}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{96F8E709-6939-4BB8-A4F9-F7FF6D639805}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{64A5F683-7F77-4245-BFE9-9F755EF732C3}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{C3FC4887-070D-4A39-9C6D-279D724B9591}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{013D06B8-1F12-4997-908F-188C17547BBC}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{45BEFFC7-805E-4738-A6F9-207D26107B5D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [TCP Query User{D79DB436-06A8-4E7A-AAE4-17C557EC3D7E}C:\gog games\hello neighbor demo\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Allow) C:\gog games\hello neighbor demo\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe
FirewallRules: [UDP Query User{963E22B6-6E6E-471E-A8F5-C81DB35D4C56}C:\gog games\hello neighbor demo\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Allow) C:\gog games\hello neighbor demo\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2017 10:25:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3fff3bc1-1d18-4bc6-88a8-0c2f2eaf07db}

Error: (12/19/2017 10:24:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3fff3bc1-1d18-4bc6-88a8-0c2f2eaf07db}

Error: (12/19/2017 10:22:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3fff3bc1-1d18-4bc6-88a8-0c2f2eaf07db}

Error: (12/19/2017 09:48:58 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected

Error: (12/19/2017 09:48:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {841e66f4-d326-486d-8be6-36eac5e1af62}

Error: (12/19/2017 09:47:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {841e66f4-d326-486d-8be6-36eac5e1af62}

Error: (12/19/2017 08:50:00 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected

Error: (12/19/2017 08:44:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {841e66f4-d326-486d-8be6-36eac5e1af62}

Error: (12/19/2017 08:43:47 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {841e66f4-d326-486d-8be6-36eac5e1af62}

Error: (12/19/2017 05:26:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {841e66f4-d326-486d-8be6-36eac5e1af62}


System errors:
=============
Error: (12/20/2017 09:01:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (12/20/2017 08:46:25 AM) (Source: DCOM) (EventID: 10010) (User: Sony-PC)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (12/19/2017 11:14:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (12/19/2017 10:23:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (12/19/2017 10:21:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/19/2017 10:21:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/19/2017 10:21:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (12/19/2017 10:19:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Garmin Device Interaction Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/19/2017 10:19:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Online Services Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/19/2017 10:19:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-12-17 21:04:34.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-15 22:04:55.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-14 23:09:04.487
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-11 18:26:27.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-09 15:17:11.920
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-09 15:17:11.919
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-09 15:17:11.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-09 15:17:11.884
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-07 14:29:25.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-04 11:27:26.235
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 74%
Total physical RAM: 4043.86 MB
Available physical RAM: 1016.77 MB
Total Virtual: 5643.86 MB
Available Virtual: 1987.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:44.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 68770A43)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 20 December 2017 - 10:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <==== ATTENTION
FF Extension: (Update Me) - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\1z2odjol.default-1465202086592-1509397516575\Extensions\{c8399f02-02f4-48e3-baea-586564311f95}.xpi [2017-12-16]
CHR HKLM-x32\...\Chrome\Extension: [eiciijnoogkgneeokklpgjdaedophjmh] - hxxps://clients2.google.com/service/update2/crx
U4 aspnet_state; no ImagePath
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {0B73B38A-4A37-4829-9DDD-8CFB2FF8C10C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2A441641-D2A1-49D7-A8C8-B41BBBE3F96C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {726A0D74-C3B5-4A66-97B0-3F15EAD3A36B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {743A2309-5856-46E8-8CA5-1135BD185762} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {87B01368-2467-49AA-97CD-4118AC91C8C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {92621D73-F35A-4F39-87B4-4497B877E275} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C6E6D7CD-F60B-4C84-B050-633A5EAC8C9A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {CE07BEC3-0B71-41FB-9643-02E9BBECF691} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D9C58ADF-1FFB-48E2-943F-9D02CAD50AA6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EA47D743-07A0-48CC-B467-C6621E86F731} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F7E33BCA-4F11-4C35-A226-7C245F547D51} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FA942ECB-BA11-4E65-A4FA-9FA53B268B08} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
FirewallRules: [{3A5246D9-8E76-4B82-97EF-2633B4EBC710}] => (Allow) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\AskPartnerNetwork
C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\1z2odjol.default-1465202086592-1509397516575\Extensions\{c8399f02-02f4-48e3-baea-586564311f95}.xpi

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)

Pleasepost the log and let me know what problem persists with this computer.

===

p.s.

I'm running the Malwarebytes trial and keep getting a pop-up blocked for piet2eix3l.com


Malwarebytes is probably protecting and informing you.

Stop the Notificatiins.
https://support.malwarebytes.com/docs/DOC-1207

#3 RichieP

RichieP
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 20 December 2017 - 05:26 PM

Thanks for that. It seems much better now. I just thought I'd mention the Malwarebytes pop-up to give you as much info as possible.

 

Here's the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Sony (20-12-2017 21:26:18) Run:1
Running from C:\Users\Sony\Downloads
Loaded Profiles: Sony (Available Profiles: Sony)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <==== ATTENTION
FF Extension: (Update Me) - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\1z2odjol.default-1465202086592-1509397516575\Extensions\{c8399f02-02f4-48e3-baea-586564311f95}.xpi [2017-12-16]
CHR HKLM-x32\...\Chrome\Extension: [eiciijnoogkgneeokklpgjdaedophjmh] - hxxps://clients2.google.com/service/update2/crx
U4 aspnet_state; no ImagePath
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {0B73B38A-4A37-4829-9DDD-8CFB2FF8C10C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2A441641-D2A1-49D7-A8C8-B41BBBE3F96C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {726A0D74-C3B5-4A66-97B0-3F15EAD3A36B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {743A2309-5856-46E8-8CA5-1135BD185762} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {87B01368-2467-49AA-97CD-4118AC91C8C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {92621D73-F35A-4F39-87B4-4497B877E275} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C6E6D7CD-F60B-4C84-B050-633A5EAC8C9A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {CE07BEC3-0B71-41FB-9643-02E9BBECF691} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D9C58ADF-1FFB-48E2-943F-9D02CAD50AA6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EA47D743-07A0-48CC-B467-C6621E86F731} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F7E33BCA-4F11-4C35-A226-7C245F547D51} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FA942ECB-BA11-4E65-A4FA-9FA53B268B08} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
FirewallRules: [{3A5246D9-8E76-4B82-97EF-2633B4EBC710}] => (Allow) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\AskPartnerNetwork
C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\1z2odjol.default-1465202086592-1509397516575\Extensions\{c8399f02-02f4-48e3-baea-586564311f95}.xpi

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\1z2odjol.default-1465202086592-1509397516575\Extensions\{c8399f02-02f4-48e3-baea-586564311f95}.xpi => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eiciijnoogkgneeokklpgjdaedophjmh" => removed successfully
"HKLM\System\CurrentControlSet\Services\aspnet_state" => removed successfully
aspnet_state => service removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B73B38A-4A37-4829-9DDD-8CFB2FF8C10C} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B73B38A-4A37-4829-9DDD-8CFB2FF8C10C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A441641-D2A1-49D7-A8C8-B41BBBE3F96C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A441641-D2A1-49D7-A8C8-B41BBBE3F96C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{726A0D74-C3B5-4A66-97B0-3F15EAD3A36B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{726A0D74-C3B5-4A66-97B0-3F15EAD3A36B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{743A2309-5856-46E8-8CA5-1135BD185762}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{743A2309-5856-46E8-8CA5-1135BD185762}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87B01368-2467-49AA-97CD-4118AC91C8C4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87B01368-2467-49AA-97CD-4118AC91C8C4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92621D73-F35A-4F39-87B4-4497B877E275}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92621D73-F35A-4F39-87B4-4497B877E275}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6E6D7CD-F60B-4C84-B050-633A5EAC8C9A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6E6D7CD-F60B-4C84-B050-633A5EAC8C9A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE07BEC3-0B71-41FB-9643-02E9BBECF691}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE07BEC3-0B71-41FB-9643-02E9BBECF691}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9C58ADF-1FFB-48E2-943F-9D02CAD50AA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9C58ADF-1FFB-48E2-943F-9D02CAD50AA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA47D743-07A0-48CC-B467-C6621E86F731}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA47D743-07A0-48CC-B467-C6621E86F731}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7E33BCA-4F11-4C35-A226-7C245F547D51}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7E33BCA-4F11-4C35-A226-7C245F547D51}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA942ECB-BA11-4E65-A4FA-9FA53B268B08}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA942ECB-BA11-4E65-A4FA-9FA53B268B08}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A5246D9-8E76-4B82-97EF-2633B4EBC710} => value removed successfully
"C:\Program Files (x86)\AskPartnerNetwork" => not found.
"C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\1z2odjol.default-1465202086592-1509397516575\Extensions\{c8399f02-02f4-48e3-baea-586564311f95}.xpi" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 59747044 B
Java, Flash, Steam htmlcache => 271169 B
Windows/system/drivers => 156792293 B
Edge => 273871288 B
Chrome => 0 B
Firefox => 386239475 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6144 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 21264 B
NetworkService => 59778 B
Sony => 2031218904 B
DefaultAppPool => 6144 B

RecycleBin => 26218277789 B
EmptyTemp: => 27.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:09:22 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 21 December 2017 - 08:01 AM

Hi,

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#5 RichieP

RichieP
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 21 December 2017 - 05:18 PM

Thanks for your help.

 

Much appreciated.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users