Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TrojanProxy:Win32/Wonknod.A Cannot remove


  • This topic is locked This topic is locked
17 replies to this topic

#1 Les Berkley

Les Berkley

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, OH
  • Local time:06:30 AM

Posted 31 January 2018 - 12:12 PM

Hello and Thanks in Advance:

 

My computer is infected with the TrojanProxy:Win32/Wonknod.A and several related items. Malwarebytes and Windows Defender mitigated it to the point where the machine would run. RogueKiller also helped. Booting into Ubuntu from the Avira disc also helped, but I still keep seeing signs of the malware. In Users/Me/AppData/Local, a folder [file: C:\Users\Les\AppData\Local\lsokcpe\vsedxkw.exe] keeps reappearing, even if deleted at boot or from Linux. Some applications may also be affected, but the 'puter will run.

 

Logs below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Les (administrator) on WINNIE (31-01-2018 11:42:08)
Running from C:\Users\Les\Downloads
Loaded Profiles: Les (Available Profiles: Les)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\sndpuhvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ 5 Agent\DeviceSvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
() C:\Windows\SysWOW64\NMSAccessU.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\ScheduleService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Snappy Fax Version 5\sfpagent.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\Bunez5Tray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\DisplayCAL\DisplayCAL-apply-profiles.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(The CefSharp Authors) C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\CefSharp.BrowserSubprocess.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adlice Software) C:\Users\Les\Downloads\RogueKiller_portable64(1).exe
(Microsoft Corporation) C:\Windows\System32\rdrleakdiag.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
() C:\Users\Les\AppData\Local\upbxmvk\upbxmvk.exe
() C:\Users\Les\AppData\Local\lsokcpe\vsedxkw.exe
(FileMaker, Inc.) C:\Program Files (x86)\FileMaker\FileMaker Pro 11 Advanced\FileMaker Pro Advanced.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(John Taylor & Associates) C:\Program Files (x86)\Snappy Fax Version 5\sf5.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
() C:\Users\Les\AppData\Local\upbxmvk\vsoduge.exe
() C:\Users\Les\AppData\Local\upbxmvk\vsoduge.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Snappy Fax Printer virtual printer agent] => C:\Program Files (x86)\Snappy Fax Version 5\sfpagent.exe [116224 2009-10-05] ()
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [anaya] => "C:\Program Files (x86)\Pedestal\understandable.exe"
HKLM\...\Run: [anayapervades] => "C:\Program Files (x86)\palma\purifier.exe"
HKLM\...\Run: [anayaanaya] => "C:\Program Files (x86)\Daoud\understandable.exe"
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2016-06-27] (ABBYY Production LLC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BackupNowEZ5Tray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\Bunez5Tray.exe [1170608 2016-10-09] (NTI Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\PE_C_DEFAULTAPPPOOL\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [EPSON Stylus Photo R2880] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATICXA.EXE [218112 2007-11-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15055848 2017-03-15] (Plex, Inc.)
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [Snappy Fax] => [X]
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [Snappy Fax Version 5] => C:\Program Files (x86)\Snappy Fax Version 5\sf5.exe [59921008 2017-12-20] (John Taylor & Associates)
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\MountPoints2: {0d846cff-3249-11e5-9ac5-806e6f6e6963} - "E:\wubi.exe"
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2017-09-24]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\communiques.lnk [2018-01-22]
ShortcutTarget: communiques.lnk -> C:\Program Files (x86)\Pedestal\understandable.exe (No File)
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\communiquescommuniques.lnk [2018-01-22]
ShortcutTarget: communiquescommuniques.lnk -> C:\Program Files (x86)\palma\purifier.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{6edff3c7-3431-4c66-8f84-5213ba924344}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f5160679-1af9-49bd-9c63-af9559c7fd2b}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{f5160679-1af9-49bd-9c63-af9559c7fd2b}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3451223362-1175936456-4260665253-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3451223362-1175936456-4260665253-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-11-21] (Belarc, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: logkqiok.default-1510861966805
FF ProfilePath: C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805 [2018-01-31]
FF Homepage: Mozilla\Firefox\Profiles\logkqiok.default-1510861966805 -> about:home
FF NetworkProxy: Mozilla\Firefox\Profiles\logkqiok.default-1510861966805 -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\logkqiok.default-1510861966805 -> is enabled.
FF Extension: (Exif Viewer) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\exif_viewer@mozilla.doslash.org.xpi [2018-01-27]
FF Extension: (Fess Google Bookmark Extension) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\GBE@fess16.blogspot.com.xpi [2017-11-16]
FF Extension: (Panel View for Google™ Translate) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\jid0-fbHwsGfb6kJyq2hj65KnbGte3yT@jetpack.xpi [2017-11-20]
FF Extension: (Search by Image on Google) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\{1d6267dd-4b37-459a-84da-a5d2580daa6a}.xpi [2018-01-04]
FF Extension: (__MSG_extensionName__) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\{2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c}.xpi [2018-01-04]
FF Extension: (Print/Print Preview) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\{4e6c9475-6f44-463a-999a-cb7895cc5d04}.xpi [2017-12-02]
FF Extension: (ColorZilla) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-12-15]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultSearchKeyword: Default -> yagbe
CHR Profile: C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default [2018-01-28]
CHR Extension: (Slides) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Sheets) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Bookmarks Menu) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2016-12-17]
CHR Extension: (Google Docs Offline) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Multiple File Downloader) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijodceacahodmjmdmfcobdepogaajbpc [2017-06-06]
CHR Extension: (Yet Another Google Bookmarks Extension) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnejaepfmacfdmhkplckpfdcjgbeode [2016-10-25]
CHR Extension: (Add to Google Bookmarks (context menu)) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\keobkeaihgkidbpfjojklhjjlfjgaejp [2016-12-21]
CHR Extension: (Fair AdBlocker) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-10-23]
CHR Extension: (EXIF Viewer) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbhfeiddhndihdjeganjggkmjapkffm [2016-10-25]
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-15]
CHR Extension: (Chrome Media Router) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-23]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\lchnor <==== ATTENTION (Rootkit!)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-09-24] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-12] ()
R2 NTI Backup Now EZ 5 Agent Device Service; C:\Program Files (x86)\NTI\NTI Backup Now EZ 5 Agent\DeviceSvc.exe [936112 2016-08-12] (NTI Corporation)
R2 NTI Backup Now EZ 5 Scheduler; C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\ScheduleService.exe [102064 2016-10-09] ()
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1982952 2017-03-15] (Plex, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [52832 2017-01-29] (hxxp://libusb-win32.sourceforge.net)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-30] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-01-30] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-01-30] (Malwarebytes)
R1 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-30] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-30] (Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 scsiscan; C:\WINDOWS\system32\DRIVERS\scsiscan.sys [20480 2017-09-29] (Microsoft Corporation)
S3 Spyder3; C:\WINDOWS\System32\drivers\Spyder3.sys [15360 2010-03-30] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-01-30] ()
R1 UimBus; C:\WINDOWS\System32\drivers\uimbus.sys [108856 2017-04-11] (Paragon Software GmbH)
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uimdevim.sys [44848 2017-04-11] (Paragon Software GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-05-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-07] (Zemana Ltd.)
U4 aspnet_state; no ImagePath
R3 behkor; system32\drivers\hkorux.sys [X]
S3 NTIDrvr; System32\Drivers\NTIDrvr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-31 11:42 - 2018-01-31 11:42 - 000026095 _____ C:\Users\Les\Downloads\FRST.txt
2018-01-31 11:42 - 2018-01-31 11:42 - 000000000 ____D C:\FRST
2018-01-31 11:41 - 2018-01-31 11:41 - 002393088 _____ (Farbar) C:\Users\Les\Downloads\FRST64.exe
2018-01-31 00:06 - 2018-01-31 00:06 - 014999000 _____ (Trend Micro Inc.) C:\Users\Les\Downloads\RootkitBusterV5.0-1203x64.exe
2018-01-30 23:40 - 2018-01-30 23:40 - 026917960 _____ (Adlice Software) C:\Users\Les\Downloads\RogueKiller_portable64(1).exe
2018-01-30 20:57 - 2018-01-30 20:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-30 20:54 - 2018-01-30 20:54 - 000142672 ____N C:\WINDOWS\system32\Drivers\wdbruybe.sys
2018-01-30 20:50 - 2018-01-30 20:50 - 000000000 ____D C:\Users\Les\Documents\ProcAlyzer Dumps
2018-01-30 20:48 - 2018-01-30 20:48 - 000000656 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-01-30 20:48 - 2018-01-30 20:48 - 000000628 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-01-30 20:06 - 2018-01-30 23:38 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-01-30 20:00 - 2018-01-30 23:38 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-30 20:00 - 2018-01-30 23:38 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-30 20:00 - 2018-01-30 20:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-01-30 19:58 - 2018-01-30 19:58 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Les\Downloads\spybotsd-2.6.46(1).exe
2018-01-30 19:52 - 2018-01-30 19:52 - 000000000 ____D C:\Users\Les\AppData\Local\lsokcpe
2018-01-30 19:47 - 2018-01-30 19:47 - 000000000 ____D C:\ProgramData\LHService
2018-01-30 19:25 - 2018-01-30 19:25 - 000000000 ____D C:\ProgramData\LockHunter
2018-01-30 19:23 - 2018-01-30 19:23 - 000000000 ____D C:\Users\Les\AppData\Roaming\LockHunter
2018-01-30 19:23 - 2018-01-30 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2018-01-30 19:23 - 2018-01-30 19:23 - 000000000 ____D C:\Program Files\LockHunter
2018-01-30 19:22 - 2018-01-30 19:22 - 003133480 _____ (Crystal Rich Ltd ) C:\Users\Les\Downloads\lockhuntersetup_3-2-3.exe
2018-01-30 17:49 - 2018-01-30 17:49 - 000167034 _____ C:\Users\Les\Downloads\fileassassin-setup-1.06.exe
2018-01-30 17:49 - 2018-01-30 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2018-01-30 17:49 - 2018-01-30 17:49 - 000000000 ____D C:\Program Files (x86)\FileASSASSIN
2018-01-30 15:48 - 2018-01-30 15:48 - 010051352 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex3296.exe
2018-01-30 15:36 - 2018-01-30 15:36 - 000000000 ____D C:\Program Files\VueScan
2018-01-30 15:35 - 2018-01-30 15:35 - 011002984 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(4).exe
2018-01-30 14:03 - 2018-01-30 14:03 - 011002984 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(3).exe
2018-01-30 13:11 - 2018-01-30 20:57 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-30 13:11 - 2018-01-30 20:56 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-30 13:11 - 2018-01-30 20:15 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-30 13:11 - 2018-01-30 13:11 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-30 13:10 - 2018-01-30 13:10 - 081865688 _____ (Malwarebytes ) C:\Users\Les\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3811(1).exe
2018-01-30 13:10 - 2018-01-30 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-30 13:10 - 2018-01-30 13:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-30 13:10 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-30 12:57 - 2018-01-30 12:57 - 081865688 _____ (Malwarebytes ) C:\Users\Les\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3811.exe
2018-01-30 02:37 - 2018-01-30 20:54 - 109838336 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-01-29 12:50 - 2018-01-29 12:56 - 2946746368 _____ C:\Users\Les\Downloads\ProfessionalRetail.img
2018-01-29 10:59 - 2018-01-29 10:59 - 000863696 _____ (Malwarebytes) C:\Users\Les\Downloads\mb-clean-3.1.0.1031.exe
2018-01-29 10:58 - 2018-01-29 10:58 - 081736824 _____ (Malwarebytes ) C:\Users\Les\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3806.exe
2018-01-28 20:54 - 2018-01-30 23:43 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-28 20:53 - 2018-01-28 23:02 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-28 20:51 - 2018-01-28 20:51 - 000269472 _____ C:\Users\Les\Documents\cc_20180128_205119.reg
2018-01-28 20:06 - 2018-01-28 20:06 - 011605440 _____ (SurfRight B.V.) C:\Users\Les\Downloads\hitmanpro_x64(1).exe
2018-01-28 20:06 - 2018-01-28 20:06 - 008206624 _____ (Malwarebytes) C:\Users\Les\Downloads\adwcleaner_7.0.7.0.exe
2018-01-28 16:42 - 2018-01-28 16:43 - 026916424 _____ (Adlice Software) C:\Users\Les\Downloads\RogueKiller_portable64.exe
2018-01-28 16:26 - 2018-01-28 16:27 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Les\Downloads\spybotsd-2.6.46.exe
2018-01-28 16:07 - 2018-01-28 16:07 - 124952848 _____ (Microsoft Corporation) C:\Users\Les\Downloads\msert.exe
2018-01-28 15:43 - 2018-01-28 15:43 - 000000000 ____D C:\Users\Les\Downloads\mbam-chameleon-3.1.33.0
2018-01-27 18:59 - 2018-01-27 18:59 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Les\Downloads\esetonlinescanner_enu(1).exe
2018-01-27 18:03 - 2018-01-30 20:16 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-27 17:49 - 2018-01-27 17:51 - 4250861568 _____ C:\Users\Les\Documents\Windows.iso
2018-01-27 14:37 - 2018-01-27 14:37 - 039611824 _____ (EaseUS ) C:\Users\Les\Downloads\epm_trial(1).exe
2018-01-27 14:20 - 2018-01-27 14:20 - 000000000 ____D C:\Users\Les\Downloads\WinDlg_v1_31
2018-01-27 14:20 - 2018-01-27 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
2018-01-27 14:20 - 2018-01-27 14:20 - 000000000 ____D C:\Program Files (x86)\Western Digital Corporation
2018-01-27 14:19 - 2018-01-27 14:19 - 000619792 _____ C:\Users\Les\Downloads\WinDlg_v1_31.zip
2018-01-25 12:42 - 2018-01-25 12:42 - 018617536 _____ (Microsoft Corporation) C:\Users\Les\Downloads\MediaCreationTool(2).exe
2018-01-25 12:22 - 2018-01-28 11:50 - 000000000 ____D C:\ESD
2018-01-25 12:21 - 2018-01-25 12:21 - 018617536 _____ (Microsoft Corporation) C:\Users\Les\Downloads\MediaCreationTool(1).exe
2018-01-25 11:44 - 2018-01-25 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ 5
2018-01-25 11:40 - 2018-01-25 11:40 - 000632064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr80.dll
2018-01-25 11:40 - 2018-01-25 11:40 - 000001869 _____ C:\WINDOWS\SysWOW64\Microsoft.VC80.CRT.manifest
2018-01-25 11:20 - 2018-01-25 11:33 - 158205520 _____ (NTI Corporation) C:\Users\Les\Downloads\NTI_Backup_Now_EZ_5.1.0.33_Retail_Update.exe
2018-01-25 11:04 - 2018-01-25 11:04 - 000000000 ____D C:\ProgramData\NTI
2018-01-25 11:02 - 2018-01-25 11:03 - 000000000 ____D C:\Program Files (x86)\NTI
2018-01-25 11:00 - 2018-01-25 11:00 - 000001024 ___RH C:\Users\Public\Documents\NTIBUNEZ5.dll
2018-01-25 10:59 - 2018-01-25 10:59 - 000000000 ____D C:\ProgramData\FLEXnet
2018-01-25 10:57 - 2018-01-25 10:57 - 145426960 _____ (NTI Corporation) C:\Users\Les\Downloads\NTI_Backup_Now_EZ_5.1.0.33_Upgrade_ESD_Version.exe
2018-01-24 20:06 - 2018-01-24 20:09 - 028458488 _____ (NTI Corporation, Inc.) C:\Users\Les\Downloads\NTI_Boot_Disk_Updater_1.0.2.5.exe
2018-01-24 19:05 - 2018-01-24 19:05 - 000000000 ____D C:\Users\Les\Downloads\SnapAPI_l_s_e
2018-01-24 19:04 - 2018-01-24 19:04 - 002348322 _____ C:\Users\Les\Downloads\SnapAPI_l_s_e.zip
2018-01-24 18:59 - 2018-01-24 18:59 - 039611824 _____ (EaseUS ) C:\Users\Les\Downloads\epm_trial.exe
2018-01-24 17:14 - 2018-01-24 17:14 - 006451688 _____ C:\Users\Les\Downloads\AcronisTrueImage2018_web.exe
2018-01-24 12:35 - 2018-01-24 12:35 - 000000000 ____D C:\Users\Les\Downloads\Silent Witness - Season 1 [DVDRip][XviD] - cOOt
2018-01-24 12:34 - 2018-01-24 12:34 - 000000000 ____D C:\Users\Les\Downloads\Thor Ragnarok (2017) [1080p] [YTS.AG]
2018-01-24 11:46 - 2018-01-25 11:54 - 000003544 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-Winnie-Les
2018-01-24 11:20 - 2018-01-24 11:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\2BrightSparks
2018-01-24 11:12 - 2018-01-24 11:12 - 010999056 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(2).exe
2018-01-23 14:24 - 2018-01-23 14:24 - 000000000 ____D C:\ProgramData\NTIReg
2018-01-23 14:21 - 2018-01-25 11:36 - 000000000 ____D C:\Users\Les\AppData\Local\Downloaded Installations
2018-01-23 14:07 - 2018-01-23 14:07 - 001715771 _____ C:\Users\Les\Documents\wogears[comcast.net]_2018-01-23_14-07.zip
2018-01-23 14:07 - 2018-01-23 14:07 - 000000000 ____D C:\Users\Les\Documents\wogears[comcast.net]_2018-01-23_14-07
2018-01-23 10:59 - 2018-01-23 10:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-01-23 10:58 - 2018-01-23 10:58 - 006625600 _____ (Zemana Ltd. ) C:\Users\Les\Downloads\Zemana.AntiMalware.Setup(2).exe
2018-01-23 10:53 - 2018-01-23 10:53 - 006625600 _____ (Zemana Ltd. ) C:\Users\Les\Downloads\Zemana.AntiMalware.Setup(1).exe
2018-01-23 00:14 - 2018-01-23 00:14 - 000000000 ____D C:\ProgramData\Paragon Software
2018-01-23 00:13 - 2018-01-23 00:13 - 000000000 ____D C:\Users\Les\AppData\Local\Paragon
2018-01-23 00:11 - 2018-01-23 00:11 - 079507800 _____ (Paragon Software GmbH) C:\Users\Les\Downloads\Paragon-700-FRE_WinInstallSNx64_10.2.1_000.exe
2018-01-22 23:29 - 2018-01-28 20:08 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-01-22 23:28 - 2018-01-22 23:28 - 000001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2018.lnk
2018-01-22 21:03 - 2018-01-22 21:09 - 000000000 ____D C:\Users\Les\AppData\Local\{E144D718-C5EC-BBA0-A874-9E488C1C62D0}
2018-01-22 20:09 - 2018-01-22 20:09 - 006705178 _____ C:\Users\Les\Downloads\mbam-chameleon-3.1.33.0.zip
2018-01-22 19:53 - 2018-01-22 19:53 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Les\Downloads\rkill64.exe
2018-01-22 19:52 - 2018-01-24 09:19 - 000000000 ____D C:\Users\Les\AppData\Local\aungrxw
2018-01-22 19:45 - 2018-01-30 18:01 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-22 19:41 - 2018-01-31 11:41 - 000000000 ____D C:\Users\Les\AppData\Local\upbxmvk
2018-01-22 19:37 - 2018-01-30 20:55 - 002888192 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\sndpuhvsvc.exe
2018-01-22 19:14 - 2018-01-22 19:14 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Les\Downloads\rkill.exe
2018-01-22 18:48 - 2018-01-22 18:48 - 000000000 ____D C:\WINDOWS\SysWOW64\rtmbgok
2018-01-22 18:48 - 2018-01-22 18:48 - 000000000 ____D C:\WINDOWS\system32\rtmbgok
2018-01-22 18:48 - 2018-01-22 18:48 - 000000000 ____D C:\Users\Les\AppData\Roaming\et
2018-01-22 18:43 - 2018-01-29 21:04 - 000000000 ____D C:\Program Files (x86)\Pedestal
2018-01-22 18:43 - 2018-01-29 21:04 - 000000000 ____D C:\Program Files (x86)\palma
2018-01-22 18:43 - 2018-01-22 18:44 - 000000000 ____D C:\Program Files (x86)\bridal
2018-01-22 18:43 - 2018-01-22 18:43 - 000000000 ___HD C:\Program Files (x86)\Daoud
2018-01-22 18:43 - 2018-01-22 18:43 - 000000000 ___HD C:\Program Files (x86)\bender
2018-01-22 16:56 - 2018-01-22 16:56 - 000001024 ____H C:\SYSTAG.BIN
2018-01-22 16:44 - 2018-01-22 18:24 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2018-01-22 16:43 - 2018-01-22 17:15 - 000000000 ____D C:\ProgramData\AomeiBR
2018-01-22 16:43 - 2017-09-01 18:12 - 000038320 _____ C:\WINDOWS\system32\amwrtdrv.sys
2018-01-22 16:43 - 2016-12-21 22:54 - 000051120 _____ C:\WINDOWS\system32\ambakdrv.sys
2018-01-22 16:43 - 2016-12-21 22:52 - 000171952 _____ C:\WINDOWS\system32\ammntdrv.sys
2018-01-21 20:39 - 2018-01-21 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortraitPro 17 Trial
2018-01-21 20:39 - 2018-01-21 20:39 - 000000000 ____D C:\Program Files\PortraitPro 17 Trial
2018-01-21 20:37 - 2018-01-21 20:38 - 163561368 _____ (Anthropics Technology Ltd. ) C:\Users\Les\Downloads\PortraitProTrialSetup64.exe
2018-01-20 17:51 - 2018-01-20 17:51 - 002224761 _____ C:\Users\Les\Downloads\AF35-70F28DRM.pdf
2018-01-19 20:02 - 2018-01-19 20:03 - 000000000 ____D C:\Users\Les\Downloads\rcsetup153
2018-01-19 20:02 - 2018-01-19 20:02 - 004007927 _____ C:\Users\Les\Downloads\rcsetup153.zip
2018-01-18 20:42 - 2018-01-19 11:15 - 000000000 ____D C:\Users\Les\Downloads\www.Torrenting.com - A.House.Through.Time.S01E02.XviD-AFG
2018-01-18 20:39 - 2018-01-18 20:39 - 000000000 ____D C:\Users\Les\Downloads\www.Torrenting.com - A.House.Through.Time.S01E02.720p.HEVC.x265-MeGusta
2018-01-18 16:55 - 2018-01-18 16:55 - 000123310 _____ C:\Users\Les\Documents\DreamVacationWeek2.pdf
2018-01-18 16:47 - 2018-01-18 16:47 - 000123896 _____ C:\Users\Les\Documents\DreamVacationWeek.pdf
2018-01-18 13:55 - 2018-01-18 13:55 - 004348233 _____ C:\Users\Les\Downloads\Anthony Trollope - Barsetshire Chronicles 01 to 06 - The Chronicles of Barsetshire (v5.0).mobi
2018-01-18 12:31 - 2018-01-18 12:31 - 000000000 ____D C:\Users\Les\Downloads\Anthony Trollope - The Way We Live Now
2018-01-17 15:31 - 2018-01-17 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riffstation Trial
2018-01-16 20:31 - 2018-01-16 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-01-16 20:31 - 2018-01-16 20:31 - 000000000 ____D C:\Program Files\iPod
2018-01-16 20:30 - 2018-01-16 20:31 - 000000000 ____D C:\Program Files\iTunes
2018-01-16 12:53 - 2018-01-16 12:53 - 010997896 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(1).exe
2018-01-15 20:19 - 2018-01-15 20:19 - 000000000 ____D C:\Users\Les\Downloads\Elvis Presley - From Elvis In Memphis (2015) [24-96 HD FLAC]
2018-01-14 17:25 - 2018-01-29 12:33 - 000000000 ____D C:\Users\Les\Downloads\Camelot S01 Complete Season 1 BluRay 720p x265 HEVC [nate_666]
2018-01-14 16:30 - 2018-01-14 16:30 - 010992080 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496.exe
2018-01-09 19:26 - 2018-01-09 19:26 - 000070249 _____ C:\Users\Les\Documents\https___app.ecwid.pdf
2018-01-06 19:07 - 2018-01-06 19:07 - 000000542 _____ C:\Users\Les\Documents\PO Account.txt
2018-01-06 15:51 - 2018-01-06 15:51 - 000000000 ____D C:\Users\Les\Downloads\Black.Mirror.S01.1080p.AMZN.WEBRip.AAC2.0.HEVC.x265.sharpysword
2018-01-05 10:02 - 2012-10-01 11:02 - 000054784 _____ C:\WINDOWS\system32\sfppm.dll
2018-01-04 09:58 - 2018-01-04 09:58 - 000002852 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-01-04 00:29 - 2018-01-01 12:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-04 00:29 - 2018-01-01 07:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-04 00:29 - 2018-01-01 07:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-04 00:29 - 2018-01-01 07:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-04 00:29 - 2018-01-01 07:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-04 00:29 - 2018-01-01 07:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-04 00:29 - 2018-01-01 07:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-04 00:29 - 2018-01-01 07:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-04 00:29 - 2018-01-01 07:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-04 00:29 - 2018-01-01 07:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-04 00:29 - 2018-01-01 07:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-04 00:29 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-04 00:29 - 2018-01-01 07:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-04 00:29 - 2018-01-01 07:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-04 00:29 - 2018-01-01 07:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-04 00:29 - 2018-01-01 07:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-04 00:29 - 2018-01-01 07:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-04 00:29 - 2018-01-01 07:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-04 00:29 - 2018-01-01 07:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-04 00:29 - 2018-01-01 07:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-04 00:29 - 2018-01-01 07:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-04 00:29 - 2018-01-01 07:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-04 00:29 - 2018-01-01 07:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-04 00:29 - 2018-01-01 07:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-04 00:29 - 2018-01-01 07:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-04 00:29 - 2018-01-01 07:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-04 00:29 - 2018-01-01 07:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-04 00:29 - 2018-01-01 07:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-04 00:29 - 2018-01-01 07:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-04 00:29 - 2018-01-01 07:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-04 00:29 - 2018-01-01 07:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-04 00:29 - 2018-01-01 07:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-04 00:29 - 2018-01-01 07:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-04 00:29 - 2018-01-01 07:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-04 00:29 - 2018-01-01 07:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-04 00:29 - 2018-01-01 07:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-04 00:29 - 2018-01-01 07:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-04 00:29 - 2018-01-01 07:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-04 00:29 - 2018-01-01 07:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-04 00:29 - 2018-01-01 07:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-04 00:29 - 2018-01-01 07:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-04 00:29 - 2018-01-01 07:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-04 00:29 - 2018-01-01 07:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-04 00:29 - 2018-01-01 07:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-04 00:29 - 2018-01-01 07:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-04 00:29 - 2018-01-01 07:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-04 00:29 - 2018-01-01 07:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-04 00:29 - 2018-01-01 07:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-04 00:29 - 2018-01-01 06:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-04 00:29 - 2018-01-01 06:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-04 00:29 - 2018-01-01 06:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-04 00:29 - 2018-01-01 06:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-04 00:29 - 2018-01-01 06:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-04 00:29 - 2018-01-01 06:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-04 00:29 - 2018-01-01 06:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-04 00:29 - 2018-01-01 06:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-04 00:29 - 2018-01-01 06:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-04 00:29 - 2018-01-01 06:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-04 00:29 - 2018-01-01 06:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-04 00:29 - 2018-01-01 06:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-04 00:29 - 2018-01-01 06:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-04 00:29 - 2018-01-01 06:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-04 00:29 - 2018-01-01 06:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-04 00:29 - 2018-01-01 06:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-04 00:29 - 2018-01-01 06:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-04 00:29 - 2018-01-01 06:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-04 00:29 - 2018-01-01 06:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-04 00:29 - 2018-01-01 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-04 00:29 - 2018-01-01 06:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-04 00:29 - 2018-01-01 06:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-04 00:29 - 2018-01-01 06:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-04 00:29 - 2018-01-01 06:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-04 00:29 - 2018-01-01 06:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-04 00:29 - 2018-01-01 06:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-04 00:29 - 2018-01-01 06:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-04 00:29 - 2018-01-01 06:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-04 00:29 - 2018-01-01 06:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-04 00:29 - 2018-01-01 06:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-04 00:29 - 2018-01-01 06:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-04 00:29 - 2018-01-01 06:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-04 00:29 - 2018-01-01 06:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-04 00:29 - 2018-01-01 06:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-04 00:29 - 2018-01-01 06:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-04 00:29 - 2018-01-01 06:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-04 00:29 - 2018-01-01 06:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-04 00:29 - 2018-01-01 06:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-04 00:29 - 2018-01-01 06:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-04 00:29 - 2018-01-01 06:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-04 00:29 - 2018-01-01 06:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-04 00:29 - 2018-01-01 06:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-04 00:29 - 2018-01-01 06:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-04 00:29 - 2018-01-01 06:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-04 00:29 - 2018-01-01 06:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-04 00:29 - 2018-01-01 06:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-04 00:29 - 2018-01-01 06:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-04 00:29 - 2018-01-01 06:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-04 00:29 - 2018-01-01 06:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-04 00:29 - 2018-01-01 06:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-04 00:29 - 2018-01-01 06:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-04 00:29 - 2018-01-01 06:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-04 00:29 - 2018-01-01 06:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-04 00:29 - 2018-01-01 06:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-04 00:29 - 2018-01-01 06:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-04 00:29 - 2018-01-01 06:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-04 00:29 - 2018-01-01 06:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-04 00:29 - 2018-01-01 06:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-04 00:29 - 2018-01-01 06:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-04 00:28 - 2018-01-01 07:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-04 00:28 - 2018-01-01 07:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-04 00:28 - 2018-01-01 07:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-04 00:28 - 2018-01-01 07:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-04 00:28 - 2018-01-01 07:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-04 00:28 - 2018-01-01 07:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-04 00:28 - 2018-01-01 07:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-04 00:28 - 2018-01-01 07:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-04 00:28 - 2018-01-01 07:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-04 00:28 - 2018-01-01 07:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-04 00:28 - 2018-01-01 07:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-04 00:28 - 2018-01-01 07:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-04 00:28 - 2018-01-01 07:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-04 00:28 - 2018-01-01 07:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-04 00:28 - 2018-01-01 07:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-04 00:28 - 2018-01-01 07:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-04 00:28 - 2018-01-01 07:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-04 00:28 - 2018-01-01 07:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-04 00:28 - 2018-01-01 07:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-04 00:28 - 2018-01-01 07:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-04 00:28 - 2018-01-01 07:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-04 00:28 - 2018-01-01 07:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-04 00:28 - 2018-01-01 07:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-04 00:28 - 2018-01-01 07:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-04 00:28 - 2018-01-01 07:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-04 00:28 - 2018-01-01 07:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-04 00:28 - 2018-01-01 07:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-04 00:28 - 2018-01-01 07:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-04 00:28 - 2018-01-01 07:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-04 00:28 - 2018-01-01 07:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-04 00:28 - 2018-01-01 07:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-04 00:28 - 2018-01-01 07:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-04 00:28 - 2018-01-01 07:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-04 00:28 - 2018-01-01 07:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-04 00:28 - 2018-01-01 06:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-04 00:28 - 2018-01-01 06:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-04 00:28 - 2018-01-01 06:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-04 00:28 - 2018-01-01 06:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-04 00:28 - 2018-01-01 06:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-04 00:28 - 2018-01-01 06:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-04 00:28 - 2018-01-01 06:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-04 00:28 - 2018-01-01 06:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-04 00:28 - 2018-01-01 06:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-04 00:28 - 2018-01-01 06:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-04 00:28 - 2018-01-01 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-04 00:28 - 2018-01-01 06:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-04 00:28 - 2018-01-01 06:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-04 00:28 - 2018-01-01 06:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-04 00:28 - 2018-01-01 06:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-04 00:28 - 2018-01-01 06:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-04 00:28 - 2018-01-01 06:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-04 00:28 - 2018-01-01 06:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-04 00:28 - 2018-01-01 06:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-04 00:28 - 2018-01-01 06:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-04 00:28 - 2018-01-01 06:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-04 00:28 - 2018-01-01 06:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-04 00:28 - 2018-01-01 06:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-04 00:28 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-04 00:28 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-04 00:28 - 2018-01-01 06:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-04 00:28 - 2018-01-01 06:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-04 00:28 - 2018-01-01 06:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-04 00:28 - 2018-01-01 06:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-04 00:28 - 2018-01-01 06:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-04 00:28 - 2018-01-01 06:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-04 00:28 - 2018-01-01 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-04 00:28 - 2018-01-01 06:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-04 00:28 - 2018-01-01 06:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-04 00:28 - 2018-01-01 06:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-04 00:28 - 2018-01-01 06:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-04 00:28 - 2018-01-01 06:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-04 00:28 - 2018-01-01 06:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-04 00:28 - 2018-01-01 06:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-04 00:28 - 2018-01-01 06:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-04 00:28 - 2018-01-01 06:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-04 00:28 - 2018-01-01 06:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-04 00:28 - 2018-01-01 06:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-04 00:28 - 2018-01-01 06:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-04 00:28 - 2018-01-01 06:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-04 00:28 - 2018-01-01 06:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-04 00:28 - 2018-01-01 06:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-04 00:28 - 2018-01-01 06:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-04 00:28 - 2018-01-01 06:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-04 00:28 - 2018-01-01 06:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-04 00:28 - 2018-01-01 06:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-04 00:28 - 2018-01-01 06:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-04 00:28 - 2018-01-01 06:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-31 11:28 - 2015-04-25 16:22 - 000000000 ____D C:\Users\Les\Documents\Outlook Files
2018-01-31 11:10 - 2015-04-25 16:37 - 000000000 ____D C:\Users\Les\AppData\Roaming\PrimoPDF
2018-01-31 11:01 - 2015-04-25 14:22 - 000000917 _____ C:\WINDOWS\LandexRemote.ini
2018-01-31 10:41 - 2017-10-30 10:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-31 10:35 - 2017-10-30 11:26 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3F08E355-1C38-4F89-A231-515F239D9F31}
2018-01-31 09:57 - 2017-10-30 11:02 - 000000000 ____D C:\Users\Les\AppData\Local\Packages
2018-01-31 08:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-31 08:50 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-31 08:50 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-31 02:00 - 2015-04-25 17:25 - 000000000 ____D C:\Users\Les\AppData\Local\Adobe
2018-01-30 23:43 - 2017-05-07 11:56 - 000101530 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-30 22:26 - 2017-11-16 14:53 - 000000000 ____D C:\Users\Les\AppData\LocalLow\Mozilla
2018-01-30 21:55 - 2017-05-07 11:56 - 000069374 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-30 21:03 - 2015-04-25 18:06 - 000000000 ___RD C:\Users\Les\Creative Cloud Files
2018-01-30 21:02 - 2016-06-24 19:28 - 000000000 ____D C:\Users\Les\AppData\Roaming\DisplayCAL
2018-01-30 20:55 - 2017-10-30 11:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-30 20:54 - 2017-09-29 03:45 - 020185088 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-30 20:54 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-30 17:24 - 2017-12-10 08:52 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-30 15:49 - 2015-10-09 12:27 - 000000000 ____D C:\WINDOWS\twain_64
2018-01-30 15:18 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-30 12:58 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-30 11:00 - 2015-05-12 16:30 - 000452388 _____ C:\WINDOWS\system32\SFP
2018-01-30 10:56 - 2015-04-25 15:01 - 000000000 ____D C:\Users\Les\AppData\Local\CrashDumps
2018-01-30 02:37 - 2017-05-06 19:35 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-01-29 23:09 - 2015-04-25 13:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-29 21:04 - 2015-04-26 13:49 - 000000000 ____D C:\Users\Les\Downloads\2BrightSparks.SyncBackPro.7.0.14.0.Multilingual-ZWT [helg420]
2018-01-29 16:56 - 2017-11-16 14:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-29 16:56 - 2015-04-25 13:26 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-29 11:25 - 2017-10-30 11:01 - 000000000 ____D C:\Users\Les
2018-01-28 20:14 - 2017-05-12 11:19 - 000000000 ____D C:\AdwCleaner
2018-01-28 19:52 - 2017-09-09 18:10 - 000000000 ____D C:\Users\Les\Downloads\Photolemur 2.0.4 + Patch [CracksNow]
2018-01-28 12:53 - 2017-10-30 11:27 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2018-01-28 12:53 - 2017-10-30 11:27 - 000001908 _____ C:\WINDOWS\diagerr.xml
2018-01-28 12:45 - 2017-10-30 09:59 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-28 11:23 - 2015-04-27 11:54 - 000000000 ____D C:\Users\Les\AppData\Local\ElevatedDiagnostics
2018-01-27 19:57 - 2015-04-25 15:48 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
2018-01-27 19:54 - 2015-05-07 18:34 - 000000000 ____D C:\Users\Les\AppData\Roaming\vlc
2018-01-27 19:06 - 2017-05-07 00:09 - 000000000 _____ C:\Recovery.txt
2018-01-27 17:59 - 2017-05-05 17:10 - 000000000 ____D C:\WINDOWS\pss
2018-01-25 23:06 - 2017-10-30 11:26 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3451223362-1175936456-4260665253-1000
2018-01-25 23:06 - 2015-07-29 15:53 - 000002397 _____ C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-25 23:06 - 2015-07-29 15:53 - 000000000 ___RD C:\Users\Les\OneDrive
2018-01-25 11:03 - 2015-04-25 13:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-24 13:01 - 2015-04-25 15:20 - 000000000 ____D C:\Users\Les\AppData\Roaming\tixati
2018-01-24 12:55 - 2015-09-27 13:42 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-01-24 12:41 - 2017-06-15 19:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-24 12:41 - 2017-05-19 17:14 - 000000000 ____D C:\Program Files\Paragon Software
2018-01-24 12:24 - 2017-10-05 19:02 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2018-01-24 12:02 - 2010-11-20 22:27 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-23 11:18 - 2017-06-17 22:17 - 000000000 ___HD C:\adobeTemp
2018-01-23 10:59 - 2017-05-07 11:56 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-01-23 00:13 - 2017-05-19 17:15 - 000000000 ____D C:\ProgramData\Paragon
2018-01-22 23:28 - 2015-05-03 10:33 - 000000000 ____D C:\Users\Les\Documents\Adobe
2018-01-22 23:28 - 2015-04-26 10:42 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-01-22 23:28 - 2015-04-25 17:33 - 000000000 ____D C:\Users\Les\AppData\Roaming\Adobe
2018-01-22 19:45 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-22 18:58 - 2015-04-26 13:42 - 000000000 ____D C:\Users\Les\Documents\Book Projects
2018-01-22 16:33 - 2015-04-25 16:37 - 000000000 ____D C:\Users\Les\Documents\Serials
2018-01-20 17:54 - 2016-02-25 19:43 - 000000000 ____D C:\Users\Les\Documents\Manuals
2018-01-19 17:49 - 2017-05-17 09:45 - 000000000 ____D C:\Program Files\CCleaner
2018-01-19 13:14 - 2016-10-13 14:04 - 000000000 ___RD C:\Users\Les\TV Shows
2018-01-18 14:37 - 2015-08-27 17:10 - 000000000 ____D C:\Users\Les\Documents\Calibre Library
2018-01-17 15:31 - 2015-10-01 10:30 - 000000000 ____D C:\Program Files (x86)\Riffstation Trial
2018-01-10 17:55 - 2016-04-11 12:06 - 000000000 ____D C:\Users\Les\Documents\TurboTax
2018-01-10 14:25 - 2015-05-19 11:59 - 000000000 ____D C:\Users\Les\Documents\Custom Office Templates
2018-01-10 06:15 - 2017-10-30 11:00 - 001121358 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-10 05:14 - 2015-04-27 09:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 05:09 - 2017-10-11 13:19 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 05:09 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-10 05:09 - 2015-04-27 09:45 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 05:08 - 2015-04-25 14:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-01-10 05:00 - 2009-07-13 21:34 - 000000478 _____ C:\WINDOWS\win.ini
2018-01-08 19:22 - 2017-10-08 10:40 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-07 19:47 - 2015-04-26 15:15 - 000000000 ____D C:\Users\Les\Downloads\VSO ConvertXtoDVD 5.2.0.13 Final (crack+key) [ChingLiu]
2018-01-06 01:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-05 10:03 - 2016-12-12 11:01 - 000000000 ____D C:\Program Files (x86)\Snappy Fax Version 5
2018-01-05 10:02 - 2016-12-12 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snappy Fax Version 5
2018-01-04 01:10 - 2017-10-30 11:34 - 000000000 ___RD C:\Users\Les\3D Objects
2018-01-04 01:10 - 2015-07-29 15:50 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-04 01:08 - 2017-10-30 10:55 - 000413824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-04 01:04 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-04 00:32 - 2017-09-29 08:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-04 00:31 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-04 00:31 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-02 15:52 - 2015-04-26 12:30 - 000000000 ____D C:\Users\Les\Documents\Faxes

==================== Files in the root of some directories =======

2015-04-26 15:18 - 2016-01-04 15:54 - 000099384 _____ () C:\Users\Les\AppData\Roaming\inst.exe
2015-04-26 15:18 - 2016-01-04 15:54 - 000007859 _____ () C:\Users\Les\AppData\Roaming\pcouffin.cat
2015-04-26 15:18 - 2016-01-04 15:54 - 000001167 _____ () C:\Users\Les\AppData\Roaming\pcouffin.inf
2015-04-26 15:18 - 2016-01-04 15:54 - 000000055 _____ () C:\Users\Les\AppData\Roaming\pcouffin.log
2015-04-26 15:18 - 2016-01-04 15:54 - 000082816 _____ (VSO Software) C:\Users\Les\AppData\Roaming\pcouffin.sys
2015-09-29 16:30 - 2015-09-29 16:30 - 000000038 ___SH () C:\Users\Les\AppData\Local\56f857505417e3fe0c6362.11790009
2015-05-24 16:27 - 2017-09-30 18:58 - 000001456 _____ () C:\Users\Les\AppData\Local\Adobe Save for Web 13.0 Prefs

Some files in TEMP:
====================
2018-01-27 18:09 - 2018-01-27 18:09 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\1A76.tmp.exe
2018-01-27 17:15 - 2018-01-27 17:15 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\28C8.tmp.exe
2018-01-27 18:15 - 2018-01-27 18:15 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\89B2.tmp.exe
2018-01-27 17:15 - 2018-01-27 17:15 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\DA36.tmp.exe
2018-01-28 20:53 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\dllnt_dump.dll
2018-01-30 12:59 - 2018-01-30 12:57 - 081865688 _____ (Malwarebytes                                                ) C:\Users\Les\AppData\Local\Temp\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3811.exe
2018-01-30 15:17 - 2018-01-30 15:49 - 000087016 _____ () C:\Users\Les\AppData\Local\Temp\vsdel.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\wdbruybe.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-01-29 00:14

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Les (31-01-2018 11:43:33)
Running from C:\Users\Les\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-10-30 16:30:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3451223362-1175936456-4260665253-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3451223362-1175936456-4260665253-503 - Limited - Disabled)
Guest (S-1-5-21-3451223362-1175936456-4260665253-501 - Limited - Disabled)
Les (S-1-5-21-3451223362-1175936456-4260665253-1000 - Administrator - Enabled) => C:\Users\Les
WDAGUtilityAccount (S-1-5-21-3451223362-1175936456-4260665253-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.3 (HKLM-x32\...\{D0CA3944-0FD5-40FF-97A1-FEDFFB5EE31F}) (Version: 4.3.2.2215 - Open Media LLC)
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe GoLive CS2 English (HKLM-x32\...\Adobe GoLive CS2 English) (Version: 8.0 - Adobe Systems)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_1) (Version: 7.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1) (Version: 19.1 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Alien Skin Bokeh 2 (HKLM\...\Alien Skin Bokeh 2) (Version:  - Alien Skin)
Amazon Kindle (HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Ashampoo Burning Studio 16 v.16.0.0 (HKLM-x32\...\{91B33C97-A730-69CE-7A4F-4ADF378BB993}_is1) (Version: 16.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2015 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.3 - Ashampoo GmbH & Co. KG)
Belarc Advisor 8.6 (HKLM-x32\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{C91787D1-574E-4367-A8D2-641532A78A5E}) (Version: 3.8.0 - Kovid Goyal)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Concise Oxford English Dictionary (Eleventh Edition) (HKLM-x32\...\Concise Oxford English Dictionary (Eleventh Edition)) (Version:  - )
Core Temp 1.5.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.5.1 - ALCPU)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DVD Audio Extractor 7.1.2 (HKLM-x32\...\DVD Audio Extractor_is1) (Version:  - Computer Application Studio)
DVD-Audio Solo Standard 4.4 (HKLM-x32\...\DVD-Audio Solo Standard) (Version: 4.4 - Cirlinca, Inc.)
DxO PhotoLab (HKLM\...\{C2CF718C-ABE3-4D77-989D-78F69C9EF7CF}) (Version: 1.0.1 - DxO)
DxO PhotoLab plug-in for Adobe Lightroom (HKLM-x32\...\{91E4E071-DE20-45D9-91A1-F1A3BBD8333A}) (Version: 1.0.38 - DxO Labs)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
File Repair (HKLM-x32\...\File Repair_is1) (Version:  - File Repair)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileMaker Pro 11 Advanced (HKLM-x32\...\{C53BECC0-C579-44F8-A995-E97FACB04DFC}) (Version: 11.0.1.0 - FileMaker, Inc.) Hidden
FileMaker Pro 11 Advanced (HKLM-x32\...\{C53BECC0-C579-44F8-A995-E97FACB04DFC}_FileMaker) (Version: 11.0.1.0 - FileMaker, Inc.)
FoCal (HKLM-x32\...\{5AAD9891-19E8-406F-80DF-A3FCF5D801E2}) (Version: 1.2.0 - Reikan Technology Ltd)
foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski)
Fundy Designer version 1.9.34 (HKLM-x32\...\{2EB6CDD7-506F-4D1A-989A-27DC85A11739}_is1) (Version: 1.9.34 - Fundy Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.129 - Google Inc.) Hidden
Guitar and Bass (HKLM-x32\...\Guitar and Bass_is1) (Version: 1.2.1 - G.F. Software)
HD-Audio Solo Ultra 4.4.2 (HKLM-x32\...\HD-Audio Solo Ultra) (Version: 4.4.2 - Cirlinca, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HL-2240 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Imagenomic Noiseware 5 Plug-in (build 5030) (HKLM\...\ImagenomicNoisewarePlugin) (Version:  - )
Imagenomic Portraiture 2 Plug-in (build 2340) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
Imaging And Configuration Designer (HKLM-x32\...\{0D838979-E7DE-0D33-26B7-18D7127F22D0}) (Version: 10.1.15063.0 - Microsoft) Hidden
Imaging Designer (HKLM-x32\...\{A8474393-2BD3-E8CF-F20F-2A0A18E679E8}) (Version: 10.1.15063.0 - Microsoft) Hidden
Imaging Tools Support (HKLM-x32\...\{4BF95F2D-83DC-10F1-505D-6675F69F2BAC}) (Version: 10.1.15063.0 - Microsoft) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InPixio Photo Focus Demo (HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\{93721FF0-E352-4bb0-999D-11DA6E86EDB8}) (Version: 3.00 - InPixio)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Kits Configuration Installer (HKLM-x32\...\{F571A156-8221-FBC3-A604-4A108DBEC395}) (Version: 10.1.15063.0 - Microsoft) Hidden
KMSnano 22.1 (HKLM\...\KMSnano 22.1_is1) (Version: KMSnano 22.1 - )
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Kolor Autopano Giga 4.0 (HKLM\...\AutopanoGiga4.0) (Version: V4.0.2 - Kolor)
LANDEX Remote (HKLM-x32\...\LANDEX Remote_is1) (Version: 4.1.5 - Optical Storage Solutions, Inc.)
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
MicroSD Card Recovery Pro 2.9.9 (HKLM-x32\...\{2A17969C-E67A-ABAC-7298-8798EA962C49}_is1) (Version: 2.9.9 - LionSea SoftWare)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - )
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Nitro Pro 9 (HKLM\...\{BC8E7DF0-4434-4688-B615-0A3E5FACFC26}) (Version: 9.0.4.5 - Nitro)
NTI Backup Now EZ 5 (HKLM-x32\...\{C2570AA2-476E-4FB7-A901-AC4268A2F721}) (Version: 5.1.0.33 - NTI Corporation) Hidden
NTI Backup Now EZ 5 (HKLM-x32\...\InstallShield_{C2570AA2-476E-4FB7-A901-AC4268A2F721}) (Version: 5.1.0.33 - NTI Corporation)
NTI Backup Now EZ 5 Agent (HKLM-x32\...\{DA422BFF-EF06-4FF8-AF80-ED004822B343}) (Version: 1.0.0.16 - NTI Corporation) Hidden
NTI Backup Now EZ 5 Agent (HKLM-x32\...\InstallShield_{DA422BFF-EF06-4FF8-AF80-ED004822B343}) (Version: 1.0.0.16 - NTI Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paragon Hard Disk Manager™ 15 Premium (HKLM\...\{44DAFF99-9632-4DEA-8737-76DCE9AE2DFA}) (Version: 10.1.25.0 - Paragon Software)
Perfectly Clear Complete 2.2.0 (HKLM-x32\...\Perfectly Clear Complete) (Version: 2.2.0 - Athentech)
Perfectly Clear LightroomPlugin v2 2.0.0.28 (HKLM-x32\...\Perfectly Clear LightroomPlugin v2) (Version: 2.0.0.28 - Athentech)
Perfectly Clear Plugin v2 2.0.0.28 (HKLM-x32\...\Perfectly Clear Plugin v2) (Version: 2.0.0.28 - Athentech)
Piccure+ (HKLM-x32\...\{eb57d388-7f96-4b68-a406-9b68a8351002}) (Version: 2.5.0.62 - Intelligent Imaging Solutions)
Piccure+ Setup x64 (HKLM\...\{6B0A5D8D-59C5-4FC4-984C-E1B1BF2BBFD0}) (Version: 2.5.0.62 - Intelligent Imaging Solutions) Hidden
Piccure+ Setup x86 (HKLM-x32\...\{8D1C5716-0935-40C1-A48B-BB2D93564DFC}) (Version: 2.5.0.62 - Intelligent Imaging Solutions) Hidden
PitchPerfect Musical Instrument Tuner (HKLM-x32\...\PitchPerfect) (Version: 2.12 - NCH Software)
Play MPE Player 5 (HKLM-x32\...\{B818D973-20EF-4830-B642-061AD59B5C53}) (Version: 1.0.0 - Destiny Media Technologies, Inc.)
Plex Media Server (HKLM-x32\...\{6CC7EB42-D3B5-4527-9FCE-C793B91A1DD3}) (Version: 1.4.3495 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{d55f2773-2fc4-4a79-bf44-125c7afff11f}) (Version: 1.4.4.3495 - Plex, Inc.)
Polaroid PolaColor Insight v5.0.0.25.6L (HKLM-x32\...\{428D80B1-17CA-11D5-9EC9-00A0241873EB}) (Version:  - Polaroid Corporation)
PortraitPro 15.4 (HKLM-x32\...\PortraitPro15_is1) (Version: 15.4 - Anthropics Technology Ltd.)
PortraitPro 15.7 (HKLM\...\PortraitPro15_is1) (Version: 15.7 - Anthropics Technology Ltd.)
PortraitPro 15.7.3 (HKLM-x32\...\PortraitPro 15.7.3) (Version: 15.7.3.0 - RePack by SamuRa1)
PortraitPro 17.3 Trial (HKLM\...\com.anthropics.portraitprostdtrial17_is1) (Version: 17.3 - Anthropics Technology Ltd.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.63 - NCH Software)
PT Portrait - Studio Edition 4.1 (HKLM\...\{8E2D6BBF-8372-4B53-B006-E24DCE64753A}_is1) (Version: 4.1 - PHOTO-TOOLBOX.COM)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
RAW FILE CONVERTER EX 2.0 powered by SILKYPIX (HKLM-x32\...\{B648910F-5E28-41D0-9844-70499F278A37}) (Version: 4.2.2.0 - Ichikawa Soft Laboratory)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Riffstation Trial version 1.4 (HKLM-x32\...\{E3C18079-46E4-4A93-AEF4-56B7A9190949}_is1) (Version: 1.4 - Sonic Ladder Ltd)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
SilverFast 8.8.0r10 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.8.0r10 - LaserSoft Imaging AG)
SilverFast Polaroid 6.6.2r5 (HKLM-x32\...\SilverFast Polaroid) (Version:  - LaserSoft Imaging AG)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
SnapAPI (HKLM-x32\...\{D4830EE9-E795-4CCA-AA7A-612A4E565977}) (Version: 3.1.329 - Acronis)
Snappy Fax Version 5 (HKLM-x32\...\{9A0CEF36-483A-4EAE-99B8-0E5767FFD161}_is1) (Version: 5..0 - John Taylor & Associates)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version:  - )
Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version:  - )
Stopping Plex (HKLM-x32\...\{F935BB29-E095-46A3-8936-965397627AA0}) (Version: 1.4.3495 - Plex, Inc.) Hidden
SyncBackPro (HKLM-x32\...\SyncBackPro_is1) (Version: 7.0.14.0 - 2BrightSparks)
TakeOwnershipPro 1.6 (HKLM-x32\...\TakeOwnershipPro_is1) (Version:  - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
Toolkit Documentation (HKLM-x32\...\{4CB72D51-B41D-CB91-4FC9-FF14D691DAC1}) (Version: 10.1.15063.0 - Microsoft) Hidden
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.1 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC)
Topaz ReMask 4 (HKLM-x32\...\Topaz ReMask 4) (Version: 4.0.0 - Topaz Labs, LLC)
Topaz ReMask 5 (HKLM-x32\...\Topaz ReMask 5) (Version: 5.0.0 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs, LLC)
Topaz Studio (HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\{337bc2a3-0442-4fa9-b1ee-243059d52089}) (Version: 1.0.9 - Topaz Labs, LLC)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
UEV Tools on amd64 (HKLM\...\{050DC954-7765-FD9F-4AAB-052F2DA92CE4}) (Version: 10.1.15063.0 - Microsoft) Hidden
Uninstall DisplayCAL (HKLM-x32\...\{4714199A-0D66-4E69-97FF-7B54BFF80B88}_is1) (Version: 3.2.3.0 - Florian Höch)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update EPSON Stylus Photo R2880 icc profile Glossy (HKLM-x32\...\{3947135B-6AD6-4485-B9B1-5DD7B3DE3147}) (Version:  - )
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
User State Migration Tool (HKLM-x32\...\{E78D5281-8B04-1115-4A68-DE12BF47D559}) (Version: 10.1.15063.0 - Microsoft) Hidden
Vertus Fluid Mask 3 3.3.17 (HKLM-x32\...\vertusFluidMask3) (Version: 3.3.17 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.3 - VSO Software)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - Hamrick Software)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{cef137de-cdb9-48e2-babe-301cb8448d7b}) (Version: 10.1.15063.0 - Microsoft Corporation)
Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WPT Redistributables (HKLM-x32\...\{0432AB38-DDDD-CABF-F9E4-53B746BD6EFE}) (Version: 10.1.15063.0 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{78418409-E850-B0E6-5C05-789D0610AEE4}) (Version: 10.1.15063.0 - Microsoft) Hidden
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3451223362-1175936456-4260665253-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4E6619CDDE4F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3451223362-1175936456-4260665253-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-27] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY Production LLC.)
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\9.0\NPShellExtension64.dll [2013-11-12] (Nitro PDF)
ContextMenuHandlers1: [TakeOwnershipMenu] -> {659E506B-0AC2-410E-A94C-A326FF199883} => C:\Program Files (x86)\TakeOwnershipPro\TakeOwnershipPro_x64.dll [2017-08-07] (TODO: <Company name>)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers4: [AutopanoShell.ShellContextMenu] -> {4B4F4C4F-5220-4798-ABF3-EC03F7C8A498} => C:\Program Files\Kolor\Autopano Giga 4.0\AutopanoShell_x64.dll [2014-06-24] (Kolor)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers4: [TakeOwnershipMenu] -> {659E506B-0AC2-410E-A94C-A326FF199883} => C:\Program Files (x86)\TakeOwnershipPro\TakeOwnershipPro_x64.dll [2017-08-07] (TODO: <Company name>)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-27] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY Production LLC.)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CE2A67-35E7-4B3A-A49D-CC026B89FFB2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {03461CC5-A95E-4E37-B59E-F665C6C593A1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {04AEA346-5E80-4715-95A9-A08769703536} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {077DE328-5275-4576-95B0-3318B025F71F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {0AA77B19-B67B-4C02-9F73-CD3C483FBD89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {113E6DA3-DC9A-4197-B1C1-1D8E6F192CA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {1187088E-C837-4DB1-879C-F8F831BD4F72} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {11D425F7-8BF9-405A-9C4B-43AE351CFFF1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {170A4F8B-7EFD-4884-B933-1D8A5EA28D0E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1E377535-2CF8-4333-991E-5E6085BA317E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2338D353-F2F5-4F1A-A65E-EFEE9E5458FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2FBF83C0-AC29-4423-BE12-31D9F8442D55} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {35F12C0A-6D80-4B73-9035-85BCF19476CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {369B2467-79C1-4C30-88A8-1BF849A392CF} - System32\Tasks\Trigger KMS Activation => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()
Task: {391FCA37-53D1-49A3-92C5-9ADFBC07C613} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {3A74DB89-50C4-4931-8DBA-FBAB1C51C8B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3CF8771B-1420-4268-BBB6-D8349A77A5A7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3D358764-3CF9-4697-AB09-9D2175238692} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4997D0D6-A423-46AF-B8B2-353F5D959D22} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4E20CB96-D572-4AAD-ACB7-0C6B64A0E332} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {51871724-0BE8-4DB0-A03A-2F1962ACACC6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {52AF4322-FDC8-46D8-8F49-52D4AAE209BB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {54D1A595-E9F3-4427-BD31-3CA9F9CD0264} - System32\Tasks\AdobeGCInvoker-1.0-Winnie-Les => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {5A762D9C-D743-46DD-BF51-10347AB19DCB} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe
Task: {613F75A8-5D59-4A2E-BFB8-EFF282F0B1DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {61A09969-5673-458A-B0BA-5DD1E3B69CFA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6AE59B17-7367-4B66-85B7-11E036EABD67} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6DD96D19-116B-4A09-8CCB-7A1C59FA0A35} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6F5A8670-F30A-4B39-B8C6-4002B3C2B64A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {78EAAC59-69A1-480F-AC33-3835375F80BE} - System32\Tasks\DisplayCAL Profile Loader Launcher => C:\Program Files (x86)\DisplayCAL\DisplayCAL-apply-profiles-launcher.exe [2017-01-04] ()
Task: {79A06F1F-97A3-4E81-BB44-DB44D586ABF3} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe
Task: {82E9380B-67DA-45B3-B64A-F28835292E25} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {85CC7BCA-A220-42C8-A6BA-2B174576D4B9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8C2DF0D5-F74B-4614-B43A-12CCDC4A1D2E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9033EB99-9E2C-42D7-9455-B75652AC739A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {971831F5-DF5C-4367-A69E-691F0C215589} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9CB903AF-A5F6-4BA0-8A41-0C2B8FD31473} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9E7961E2-6F5C-473F-BAFC-09A46E6A9535} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A484F8A5-40C8-41BC-8F71-C47B7E68B1A3} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A56F7581-0C56-482B-9F69-A32814604414} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AFFB8605-7CC6-4C55-9D64-A50CBD599162} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {B762162F-F4DB-42FA-B4C6-B905B2F3E57E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B7F9E382-D50F-4F61-B54C-BE6BF45725C5} - System32\Tasks\{396BEC7F-C701-4E03-BEA4-D9D0927DF764} => C:\Windows\system32\pcalua.exe -a C:\Users\Les\Downloads\madFlac\InstallFilter.exe -d C:\Users\Les\Downloads\madFlac
Task: {BBE9910C-8E65-45E6-855B-0300E56670D7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BC72752D-974E-4D29-83FB-0CDBC92B6DF4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner64.exe [2017-09-20] (Piriform Ltd)
Task: {C60566A7-50AE-434A-8448-6B17C62EB354} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {C674E973-79D4-49B2-8593-51406A423E7A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CA3DB7CC-A47A-4E5C-B580-6E5EA377A522} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {CC547247-6454-47B7-ADCF-444775311109} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D024A65F-E3F7-4E35-9EF8-6901E1A2EAF5} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D48B9A2A-80C0-456F-A2F5-05F51F0F9E5A} - System32\Tasks\AdobeAAMUpdater-1.0-Winnie-Les => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {DD317FD5-5866-4837-BC52-6DA53C81AB98} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E02994B9-8A06-499C-B35B-CC3B43DC6E06} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E52BC891-3247-49C4-BEE1-CADCDCC23C50} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-01-10] (Microsoft Corporation)
Task: {E755F442-839F-434D-8A83-E7CB3B84394D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0FDF95A-9F47-4F05-A620-70C1854CA9BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F1CB7C3F-51EB-4B80-8B6D-40B7F0C4D226} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2DF2AF3-A04A-4FD5-8743-DA5C5DFE5C41} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {F85F3FA1-14E7-4271-A858-13725121BF64} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FAB1284C-A6A1-42E0-8CAC-52E73EBE5947} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-04-25 14:24 - 2011-02-28 17:37 - 000095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2018-01-05 10:02 - 2012-10-01 11:02 - 000054784 _____ () C:\WINDOWS\System32\sfppm.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-26 13:50 - 2009-01-12 07:15 - 000071096 _____ () C:\Windows\SysWOW64\NMSAccessU.exe
2016-10-09 11:36 - 2016-10-09 11:36 - 000102064 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\ScheduleService.exe
2018-01-30 13:10 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-05-21 13:54 - 2014-08-19 14:12 - 001356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2018-01-04 09:04 - 2018-01-04 09:04 - 000649672 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-12-13 00:49 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 00:49 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2009-10-05 12:39 - 2009-10-05 12:39 - 000116224 _____ () C:\Program Files (x86)\Snappy Fax Version 5\sfpagent.exe
2017-01-29 19:13 - 2017-01-04 15:27 - 000193936 _____ () C:\Program Files (x86)\DisplayCAL\DisplayCAL-apply-profiles.exe
2018-01-04 09:04 - 2018-01-04 09:04 - 035292104 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2018-01-31 08:50 - 2018-01-31 08:50 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 08:50 - 2018-01-31 08:50 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-31 08:50 - 2018-01-31 08:50 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-31 08:50 - 2018-01-31 08:50 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2017-08-29 19:06 - 2012-10-01 11:02 - 000018944 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\sfpui.dll
2017-11-14 13:48 - 2017-10-24 22:18 - 000975872 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2017-11-14 13:47 - 2017-10-24 23:40 - 000269696 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 001357464 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2016-08-12 15:32 - 2016-08-12 15:32 - 000053936 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5 Agent\dispatch.dll
2016-08-12 15:32 - 2016-08-12 15:32 - 000110256 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5 Agent\lib_json.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000068272 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\XMLParser.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000055472 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\SendMsgCallbackDll.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000073392 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\Pehook.DLL
2017-03-15 13:18 - 2017-03-15 13:18 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2015-04-26 10:23 - 2009-02-27 15:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-09-20 02:42 - 2017-09-20 02:42 - 067115616 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000045744 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\NtiPipe.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000299184 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\OnlineClient.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000106160 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\SocialClient.dll
2015-12-18 17:05 - 2015-12-18 17:05 - 000466008 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\sqlite3.dll
2016-05-06 16:55 - 2016-05-06 16:55 - 001003696 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\CefSharp.Core.dll
2016-05-06 16:55 - 2016-05-06 16:55 - 053443248 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\libcef.dll
2017-01-29 19:13 - 2016-06-27 14:20 - 000047616 _____ () C:\Program Files (x86)\DisplayCAL\lib\_socket.pyd
2017-01-29 19:13 - 2016-06-27 14:21 - 001405440 _____ () C:\Program Files (x86)\DisplayCAL\lib\_ssl.pyd
2017-01-29 19:13 - 2016-01-11 21:45 - 000100864 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32api.pyd
2017-01-29 19:13 - 2016-01-11 21:44 - 000110080 _____ () C:\Program Files (x86)\DisplayCAL\lib\pywintypes27.dll
2017-01-29 19:13 - 2016-01-11 21:46 - 000396800 _____ () C:\Program Files (x86)\DisplayCAL\lib\pythoncom27.dll
2017-01-29 19:13 - 2016-01-11 21:48 - 000381952 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32com.shell.shell.pyd
2017-01-29 19:13 - 2016-06-27 14:21 - 001014272 _____ () C:\Program Files (x86)\DisplayCAL\lib\_hashlib.pyd
2017-01-29 19:13 - 2016-06-27 14:20 - 000092672 _____ () C:\Program Files (x86)\DisplayCAL\lib\_ctypes.pyd
2017-01-29 19:13 - 2016-01-11 21:44 - 000119808 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32file.pyd
2017-01-29 19:13 - 2016-06-27 14:20 - 000688128 _____ () C:\Program Files (x86)\DisplayCAL\lib\unicodedata.pyd
2017-01-29 19:13 - 2016-01-11 21:45 - 000036864 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32process.pyd
2017-01-29 19:13 - 2014-11-27 13:09 - 001176576 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._core_.pyd
2017-01-29 19:13 - 2014-11-27 13:09 - 000806400 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._gdi_.pyd
2017-01-29 19:13 - 2014-11-27 13:09 - 000816128 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._windows_.pyd
2017-01-29 19:13 - 2014-11-27 13:09 - 001067008 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._controls_.pyd
2017-01-29 19:13 - 2014-11-27 13:10 - 000733184 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._misc_.pyd
2017-01-29 19:13 - 2014-11-27 13:10 - 000438784 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._grid.pyd
2017-01-29 19:13 - 2014-11-27 13:10 - 000149504 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._xrc.pyd
2017-01-29 19:13 - 2016-06-27 14:20 - 000137728 _____ () C:\Program Files (x86)\DisplayCAL\lib\pyexpat.pyd
2017-01-29 19:13 - 2016-01-11 21:45 - 000167936 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32gui.pyd
2017-01-29 19:13 - 2016-06-27 14:20 - 000011264 _____ () C:\Program Files (x86)\DisplayCAL\lib\select.pyd
2017-01-29 19:13 - 2016-01-11 21:45 - 000045568 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32console.pyd
2017-01-29 19:13 - 2016-01-11 21:45 - 000016384 _____ () C:\Program Files (x86)\DisplayCAL\lib\_winxptheme.pyd
2017-01-29 19:13 - 2014-11-27 13:10 - 000357376 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._html.pyd
2017-01-29 19:13 - 2016-01-11 21:44 - 000018432 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32event.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2016-05-06 16:55 - 2016-05-06 16:55 - 000689328 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\CefSharp.BrowserSubprocess.Core.dll
2016-05-06 16:55 - 2016-05-06 16:55 - 001982640 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\libglesv2.dll
2016-05-06 16:55 - 2016-05-06 16:55 - 000081072 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\libegl.dll
2017-09-06 18:11 - 2017-09-06 18:11 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-09-20 03:04 - 2017-09-20 03:04 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-09-06 18:11 - 2017-09-06 18:11 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-09-12 20:11 - 2017-09-12 20:11 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-09-12 20:10 - 2017-09-12 20:10 - 000117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-09-12 20:11 - 2017-09-12 20:11 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-09-12 20:11 - 2017-09-12 20:11 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-09-20 02:59 - 2017-09-20 02:59 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-09-12 20:11 - 2017-09-12 20:11 - 000098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-09-12 20:11 - 2017-09-12 20:11 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2010-02-04 22:51 - 2010-02-04 22:51 - 000047384 _____ () C:\Program Files (x86)\FileMaker\FileMaker Pro 11 Advanced\XalanMessages_1_11.dll
2010-02-04 22:51 - 2010-02-04 22:51 - 000492824 _____ () C:\Program Files (x86)\FileMaker\FileMaker Pro 11 Advanced\libetpan.dll
2010-02-04 22:51 - 2010-02-04 22:51 - 000065304 _____ () C:\Program Files (x86)\FileMaker\FileMaker Pro 11 Advanced\zlib1.dll
2017-11-30 18:55 - 2017-11-30 18:55 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-12 19:09 - 2013-11-12 19:09 - 001654792 _____ () C:\Program Files (x86)\Nitro\Pro 9\NitroPDFPreviewHandler.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2017-05-07 12:43 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\PE_C_DEFAULTAPPPOOL\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\Control Panel\Desktop\\Wallpaper -> c:\users\les\pictures\jpegs\desktops\eva-green-wallpaper-24.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run: => "anayapervades"
HKLM\...\StartupApproved\Run: => "anayaanaya"
HKLM\...\StartupApproved\Run: => "anaya"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
HKLM\...\StartupApproved\Run32: => "lappattie"
HKLM\...\StartupApproved\Run32: => "laplap"
HKLM\...\StartupApproved\Run32: => "lap"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\StartupFolder: => "communiques.lnk"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pervadesanaya"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pattielap"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pervadespervades"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pervades"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pattiepattie"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pattie"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A9B0B0E2-51B7-4788-9E8D-670F876BE0EA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{29AD5D5C-E455-47D9-8BC4-3A66776CE81A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{D9B21AE9-4857-4FB4-95CB-E5ED0AFCB8E0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{0B13E8FB-E9D5-485A-AABA-83DFD1EDCF9B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5FCEC1C3-0F28-47D5-A08C-ED68A914987A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{F2B90AD0-723B-4010-BBBB-9D9A3EDF8353}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{C071DB5F-4DBA-4223-918F-5EC026565C27}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{9284D8C8-6C9A-4882-834F-658A454A221E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [UDP Query User{B53F15BF-804B-4729-AA41-CF3B1E733A68}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{8D245CF3-A612-4423-A7C6-BDDB53AE4B1A}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{E69724E9-B8D9-439A-8651-266418BEEB87}C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe
FirewallRules: [TCP Query User{7D9418BD-10B2-462C-AD96-7F2581C73CFF}C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe
FirewallRules: [UDP Query User{53535F5F-6387-4EC7-AD46-3AF4821EED2D}C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe
FirewallRules: [TCP Query User{45262CB0-C3EC-40B5-9E45-95AFF45B9206}C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe
FirewallRules: [{1AACFD80-74C6-4F9E-8013-2BFB14C06E9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F8B5E84D-D342-4D28-9953-9792C9507261}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69480D12-BE6D-45AB-9738-6D6E1801FE82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7006063C-5960-4391-899F-F8543A7FB591}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{5E5AEA97-CA51-42C7-84B9-4C14500B59DE}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [TCP Query User{FA54F8B4-50F1-44ED-A339-252A240513B5}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [{FE39D487-DE26-4E71-ADDC-4E89D131448B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{32A28F5C-AB61-431B-911C-54B086A11720}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BFB3A9F4-2B03-46CA-9599-7329B1F4A2D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{48612714-03D8-468B-A976-2B32064316C9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A124F29B-4D7B-48C5-9166-68BE3A1AA634}] => (Allow) LPort=12008
FirewallRules: [{396F3FC8-7E0A-4C43-B565-AFEA1EACE358}] => (Allow) LPort=12007
FirewallRules: [{D7CD111D-541C-475F-9C43-C36FAD24BE52}] => (Allow) LPort=12006
FirewallRules: [{91C620CB-CC12-42B1-9DE2-49CB20EC386D}] => (Allow) LPort=12005
FirewallRules: [{E54B5110-201A-478C-91AD-B0152F0B2109}] => (Allow) LPort=12008
FirewallRules: [{B474AC6A-BDC7-4572-907B-90BCD6E92824}] => (Allow) LPort=12007
FirewallRules: [{98E32B18-D0A9-467F-8C20-81168609F2C3}] => (Allow) LPort=12006
FirewallRules: [{85671827-C9B9-4D1E-A2D2-863A6B650E08}] => (Allow) LPort=12005
FirewallRules: [{0178ACC3-C28B-42EA-861C-6ED4D26BAF8D}] => (Allow) LPort=12008
FirewallRules: [{97B9E869-CC2F-4C2C-82B0-C7412C95BB9D}] => (Allow) LPort=12007
FirewallRules: [{C12C811F-D9FB-4412-A696-ABC647B9A95C}] => (Allow) LPort=12006
FirewallRules: [{22BE410F-25C3-4457-A0AB-75021731E39D}] => (Allow) LPort=12005
FirewallRules: [{FCC31125-F3F3-4795-B1DA-AC8F66C83F53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DEF17E18-50CD-4A78-B181-C0D35A77A237}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1340D0A5-A10A-4E57-97F2-354464519D75}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{E94B4693-1E1F-4BFE-93E4-E66C4F86DCAE}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{AADA175D-773F-498B-AD28-8E80C413D976}] => (Allow) LPort=12005
FirewallRules: [{9F9603F8-B5A0-481E-8AF2-6EB4E21FC3AA}] => (Allow) LPort=12006
FirewallRules: [{884955DF-7121-47DF-B97F-791A5C6F87DD}] => (Allow) LPort=12007
FirewallRules: [{59CD3426-E7DB-483C-AD13-FBF2A15A8CED}] => (Allow) LPort=12008
FirewallRules: [{6EC3FEDF-F7DA-4312-A5FF-12A6D7BDF3DD}] => (Allow) LPort=12005
FirewallRules: [{B2E7948D-B8B0-489B-8FDB-A5E96489EB3F}] => (Allow) LPort=12006
FirewallRules: [{B14C5245-76AB-4D8A-AEF3-286631B51E61}] => (Allow) LPort=12007
FirewallRules: [{46F640BF-DB2E-4FD0-B7E9-E17DDFDAEB2A}] => (Allow) LPort=12008
FirewallRules: [{1475A2BF-C050-4A06-A50A-E360AC06E542}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{44EB9CB1-5971-472A-BFFA-5986FD1EBA03}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{7FB73DB6-84D8-4607-95A4-F548D9664E6E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{66D86257-C822-4435-B1D7-3F96D85BEF1A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A1A315A8-F444-45B7-8E9B-E8DB80B06269}] => (Allow) LPort=12005
FirewallRules: [{62F25A17-ED29-47D9-8AC9-0F6D0B72B636}] => (Allow) LPort=12006
FirewallRules: [{4A1B9047-4F1B-4C86-A099-00DF868690F3}] => (Allow) LPort=12007
FirewallRules: [{C8F134CC-7E18-4F7F-B3B8-24CDE66C1684}] => (Allow) LPort=12008
FirewallRules: [TCP Query User{26282489-D2DB-4D96-B706-504AC2E68B59}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Block) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [UDP Query User{C0899786-E0DC-4EB1-BF1F-59775505865C}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Block) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [{B8182E0C-FF46-4776-AE80-524B228209A0}] => (Block) %ProgramFiles% (x86)\Fundy Designer\Fundy Designer.exe
FirewallRules: [{5E87219D-57B8-40A0-A4E7-E7A8AD2D9DBE}] => (Allow) LPort=12005
FirewallRules: [{4181609C-E689-4950-853E-00B186C639FB}] => (Allow) LPort=12006
FirewallRules: [{6AA32E55-86B2-49F0-A6D0-7855BB296D20}] => (Allow) LPort=12007
FirewallRules: [{204CE4D4-5C96-4D76-A74F-6D00972A8AF0}] => (Allow) LPort=12008
FirewallRules: [{8F5CF143-10B6-442F-85A8-6860B2DDCAB4}] => (Block) %ProgramFiles% (x86)\Athentech\License Manager\AthentechLicenseManager.exe
FirewallRules: [TCP Query User{6E92780F-6C39-4846-A904-14E080E8F0B6}C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe
FirewallRules: [UDP Query User{C61F3676-AA12-4DB9-8B7F-3DC2EA2881D0}C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe
FirewallRules: [{6F561551-92FD-4275-85EA-7EDCF37F30E8}] => (Block) C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe
FirewallRules: [{DF8D2DDA-D3AC-4039-92C2-E9EC75A1F013}] => (Block) C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe
FirewallRules: [{9EEEAF42-2C9D-465E-9676-971BFF2C1E72}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{48CBB6C7-41EE-4DE7-8359-B76166586AC8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{58726946-761B-4737-A180-9B4FDB1A843E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{5A888E51-8BCF-4659-8D60-6C6FA197A4FE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{40AE0314-51D1-4574-9ED7-239FA821292B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{61903BBE-D8AA-4518-9CE4-1E25FFD7EEEF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3889CDFA-0A90-4E25-A424-C1A81E0AAA20}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A73A8BDE-5E91-410C-BDB7-D0A77B3A421E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DE7051DD-D9FA-445A-94DF-390646514BDE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{11B91D47-4BB9-40C1-B8D1-A55937779E31}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EE090BB8-FB94-4CD9-AFC3-791D28C8B022}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FBAB879B-5D8C-4B47-A751-EE3F9B0CB3BC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [TCP Query User{104510E0-C0E2-47E6-9192-0A1A19AC9BFF}C:\users\les\downloads\argyll_v1.9.2\bin\dispwin.exe] => (Allow) C:\users\les\downloads\argyll_v1.9.2\bin\dispwin.exe
FirewallRules: [UDP Query User{4E199D3A-DB4E-4D74-8304-9E96C6945F1C}C:\users\les\downloads\argyll_v1.9.2\bin\dispwin.exe] => (Allow) C:\users\les\downloads\argyll_v1.9.2\bin\dispwin.exe
FirewallRules: [{08DAA427-B34D-4224-98A2-06A11FCAFF7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0936A1F4-7BA4-4E36-ABE9-2E79ACE6A845}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CA5ED653-0E2E-4895-99C7-BCFD62982C0B}] => (Allow) C:\Program Files (x86)\NTI\NTI Backup Now EZ 5 Agent\DeviceSvc.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2018 12:56:20 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (01/31/2018 12:55:59 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (01/30/2018 09:06:16 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (6692,G,0) An attempt to open the file "C:\Users\Les\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/30/2018 07:54:35 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (3816,G,0) An attempt to open the file "C:\Users\Les\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/30/2018 05:25:43 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (6388,G,0) An attempt to open the file "C:\Users\Les\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/30/2018 03:59:00 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (3652,G,0) An attempt to open the file "C:\Users\Les\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/30/2018 03:57:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NitroAssistant.exe version 9.0.4.5 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2380

Start Time: 01d39a0c82418ae4

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Nitro\Pro 9\NitroAssistant.exe

Report Id: a77d7b2f-0067-48cc-8544-f93c9b1f0237

Faulting package full name:

Faulting package-relative application ID:

Error: (01/30/2018 02:59:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vuescan.exe version 9.6.6.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 30e4

Start Time: 01d39a01ada2fe94

Termination Time: 4294967295

Application Path: C:\Program Files\VueScan\vuescan.exe

Report Id: 57a5e05f-e561-4b1a-9b8d-dbc0e1ec7a8d

Faulting package full name:

Faulting package-relative application ID:

Error: (01/30/2018 02:42:41 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL W3SVC. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (01/30/2018 02:42:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (01/31/2018 10:56:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/31/2018 10:56:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/31/2018 10:56:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/31/2018 10:56:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/31/2018 10:56:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/31/2018 10:56:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/31/2018 10:56:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/31/2018 10:56:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/31/2018 10:56:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/31/2018 10:56:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


CodeIntegrity:
===================================
  Date: 2018-01-31 11:29:30.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-31 11:29:30.650
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-31 11:23:46.155
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-31 11:23:46.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-31 11:12:54.818
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-31 11:12:54.816
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-31 10:57:46.408
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-31 10:57:46.406
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-31 10:42:04.424
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-31 10:42:04.423
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: AMD A10-5700 APU with Radeon™ HD Graphics
Percentage of memory in use: 51%
Total physical RAM: 12252.09 MB
Available physical RAM: 5906.24 MB
Total Virtual: 17884.09 MB
Available Virtual: 10498.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.48 GB) (Free:751.56 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive n: (Samsung HDD) (Fixed) (Total:931.51 GB) (Free:30.2 GB) NTFS
Drive o: (TOSHIBA EXT) (Fixed) (Total:1862.92 GB) (Free:866.86 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 31 January 2018 - 01:51 PM

Hi Les Berkley :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Copy/paste the following inside the text area:
    Start::
    CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
    CMD: bcdedit.exe /set {default} recoveryenabled yes
    End::
    
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Les Berkley

Les Berkley
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, OH
  • Local time:06:30 AM

Posted 31 January 2018 - 02:06 PM

Aura:

 

Thank you. Ran FRST as requested. Log follows.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Les (31-01-2018 14:05:16) Run:1
Running from C:\Users\Les\Downloads
Loaded Profiles: Les (Available Profiles: Les)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes

*****************


========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


==== End of Fixlog 14:05:18 ====



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 31 January 2018 - 03:32 PM

For the next part, you'll need to download the FRST executable a clean computer, and move them on your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shutdown, or in the Windows RE. Otherwise, the infection will mess with the files on the USB and you'll have to restart.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • Another computer (clean of infection)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system from a clean computer:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Boot in the Recovery Environment
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  • Once in the Windows RE, plug the USB Flash Drive in the computer
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Les Berkley

Les Berkley
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, OH
  • Local time:06:30 AM

Posted 31 January 2018 - 10:56 PM

Success. Log attached.

 

Windows Defender quarantined the following on reboot.

 

Trojan:Win32/Detrahere.B!dr

 

file: C:\Users\Les\AppData\Local\Temp\1a87.tmp.vir

 

file: C:\Users\Les\AppData\Local\Temp\2946.tmp.vir

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by SYSTEM on MININT-H86J3HS (31-01-2018 22:37:10)
Running from o:\
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [0 ] (Realtek Semiconductor)
HKLM\...\Run: [Snappy Fax Printer virtual printer agent] => C:\Program Files (x86)\Snappy Fax Version 5\sfpagent.exe [116224 2009-10-05] ()
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [anaya] => "C:\Program Files (x86)\Pedestal\understandable.exe"
HKLM\...\Run: [anayapervades] => "C:\Program Files (x86)\palma\purifier.exe"
HKLM\...\Run: [anayaanaya] => "C:\Program Files (x86)\Daoud\understandable.exe"
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2016-06-27] (ABBYY Production LLC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BackupNowEZ5Tray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\Bunez5Tray.exe [1170608 2016-10-09] (NTI Corporation)
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Les\...\Run: [EPSON Stylus Photo R2880] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATICXA.EXE [218112 2007-11-16] (SEIKO EPSON CORPORATION)
HKU\Les\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Les\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15055848 2017-03-15] (Plex, Inc.)
HKU\Les\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-19] (Piriform Ltd)
HKU\Les\...\Run: [Snappy Fax] => [X]
HKU\Les\...\Run: [Snappy Fax Version 5] => C:\Program Files (x86)\Snappy Fax Version 5\sf5.exe [59921008 2017-12-20] (John Taylor & Associates)
HKU\Les\...\RunOnce: [Application Restart #0] => C:\Windows\System32\Taskmgr.exe [1312504 2017-09-29] (Microsoft Corporation)
HKU\Les\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE [19177648 2017-12-12] (Microsoft Corporation)
HKU\Les\...\RunOnce: [Application Restart #2] => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [368640 2017-09-29] (Microsoft Corporation)
HKU\Les\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-19] (Adobe Systems Incorporated)
HKU\Les\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE [1931936 2017-12-12] (Microsoft Corporation)
HKU\Les\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2382432 2017-09-19] (Adobe Systems Incorporated)
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2017-09-24]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\communiques.lnk [2018-01-22]
ShortcutTarget: communiques.lnk -> C:\Program Files (x86)\Pedestal\understandable.exe (No File)
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\communiquescommuniques.lnk [2018-01-22]
ShortcutTarget: communiquescommuniques.lnk -> C:\Program Files (x86)\palma\purifier.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\lchnor" => removed successfully
C:\Windows\System32\drivers\wdbhloru.sys => moved successfully
C:\Users\Les\AppData\Local\lsokcpe\vsedxkw.exe => moved successfully
C:\Users\Les\AppData\Local\Temp\vsdel.exe => moved successfully
C:\Users\Les\AppData\Local\upbxmvk\upbxmvk.exe => moved successfully
C:\Users\Les\AppData\Local\upbxmvk\vsoduge.exe => moved successfully
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-09-24] (Adobe Systems)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-19] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
S2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-12] ()
S2 NTI Backup Now EZ 5 Agent Device Service; C:\Program Files (x86)\NTI\NTI Backup Now EZ 5 Agent\DeviceSvc.exe [936112 2016-08-12] (NTI Corporation)
S2 NTI Backup Now EZ 5 Scheduler; C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\ScheduleService.exe [102064 2016-10-09] ()
S2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1982952 2017-03-15] (Plex, Inc.)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [52832 2017-01-29] (hxxp://libusb-win32.sourceforge.net)
S0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-30] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-01-30] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-01-30] (Malwarebytes)
S1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-30] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-01-30] (Malwarebytes)
S0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 scsiscan; C:\Windows\system32\DRIVERS\scsiscan.sys [20480 2017-09-29] (Microsoft Corporation)
S3 Spyder3; C:\Windows\System32\drivers\Spyder3.sys [15360 2010-03-30] ()
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-01-30] ()
S1 UimBus; C:\Windows\System32\drivers\uimbus.sys [108856 2017-04-11] (Paragon Software GmbH)
S1 Uim_DEVIM; C:\Windows\System32\drivers\uimdevim.sys [44848 2017-04-11] (Paragon Software GmbH)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
S1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-05-07] (Zemana Ltd.)
S1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-07] (Zemana Ltd.)
S4 aspnet_state; no ImagePath
S3 NTIDrvr; System32\Drivers\NTIDrvr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-31 11:05 - 2018-01-31 11:05 - 000000757 _____ C:\Users\Les\Downloads\Fixlog.txt
2018-01-31 08:43 - 2018-01-31 08:44 - 000075671 _____ C:\Users\Les\Downloads\Addition.txt
2018-01-31 08:42 - 2018-01-31 11:05 - 000000000 ____D C:\FRST
2018-01-31 08:42 - 2018-01-31 08:44 - 000086262 _____ C:\Users\Les\Downloads\FRST.txt
2018-01-31 08:41 - 2018-01-31 08:41 - 002393088 _____ (Farbar) C:\Users\Les\Downloads\FRST64.exe
2018-01-30 21:06 - 2018-01-30 21:06 - 014999000 _____ (Trend Micro Inc.) C:\Users\Les\Downloads\RootkitBusterV5.0-1203x64.exe
2018-01-30 20:40 - 2018-01-30 20:40 - 026917960 _____ (Adlice Software) C:\Users\Les\Downloads\RogueKiller_portable64(1).exe
2018-01-30 17:57 - 2018-01-30 17:57 - 000000000 ____D C:\Windows\System32\Drivers\wd
2018-01-30 17:50 - 2018-01-30 17:50 - 000000000 ____D C:\Users\Les\Documents\ProcAlyzer Dumps
2018-01-30 17:48 - 2018-01-30 17:48 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-01-30 17:48 - 2018-01-30 17:48 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-01-30 17:06 - 2018-01-30 20:38 - 000000085 _____ C:\Windows\wininit.ini
2018-01-30 17:00 - 2018-01-30 20:38 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-30 17:00 - 2018-01-30 20:38 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-30 17:00 - 2018-01-30 17:00 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-01-30 16:58 - 2018-01-30 16:58 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Les\Downloads\spybotsd-2.6.46(1).exe
2018-01-30 16:52 - 2018-01-31 22:37 - 000000000 ____D C:\Users\Les\AppData\Local\lsokcpe
2018-01-30 16:47 - 2018-01-30 16:47 - 000000000 ____D C:\ProgramData\LHService
2018-01-30 16:25 - 2018-01-30 16:25 - 000000000 ____D C:\ProgramData\LockHunter
2018-01-30 16:23 - 2018-01-30 16:23 - 000000000 ____D C:\Users\Les\AppData\Roaming\LockHunter
2018-01-30 16:23 - 2018-01-30 16:23 - 000000000 ____D C:\Program Files\LockHunter
2018-01-30 16:22 - 2018-01-30 16:22 - 003133480 _____ (Crystal Rich Ltd ) C:\Users\Les\Downloads\lockhuntersetup_3-2-3.exe
2018-01-30 14:49 - 2018-01-30 14:49 - 000167034 _____ C:\Users\Les\Downloads\fileassassin-setup-1.06.exe
2018-01-30 14:49 - 2018-01-30 14:49 - 000000000 ____D C:\Program Files (x86)\FileASSASSIN
2018-01-30 12:48 - 2018-01-30 12:48 - 010051352 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex3296.exe
2018-01-30 12:36 - 2018-01-30 12:36 - 000000000 ____D C:\Program Files\VueScan
2018-01-30 12:35 - 2018-01-30 12:35 - 011002984 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(4).exe
2018-01-30 11:03 - 2018-01-30 11:03 - 011002984 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(3).exe
2018-01-30 10:11 - 2018-01-30 17:57 - 000046008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-01-30 10:11 - 2018-01-30 17:56 - 000110016 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2018-01-30 10:11 - 2018-01-30 17:15 - 000253880 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-01-30 10:11 - 2018-01-30 10:11 - 000193968 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-01-30 10:10 - 2018-01-30 10:10 - 081865688 _____ (Malwarebytes ) C:\Users\Les\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3811(1).exe
2018-01-30 10:10 - 2018-01-30 10:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-30 10:10 - 2017-11-29 06:11 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-01-30 09:57 - 2018-01-30 09:57 - 081865688 _____ (Malwarebytes ) C:\Users\Les\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3811.exe
2018-01-29 23:37 - 2018-01-31 19:29 - 109838336 _____ C:\Windows\System32\config\SOFTWARE
2018-01-29 09:50 - 2018-01-29 09:56 - 2946746368 _____ C:\Users\Les\Downloads\ProfessionalRetail.img
2018-01-29 07:59 - 2018-01-29 07:59 - 000863696 _____ (Malwarebytes) C:\Users\Les\Downloads\mb-clean-3.1.0.1031.exe
2018-01-29 07:58 - 2018-01-29 07:58 - 081736824 _____ (Malwarebytes ) C:\Users\Les\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3806.exe
2018-01-28 17:54 - 2018-01-30 20:43 - 000028272 _____ C:\Windows\System32\Drivers\TrueSight.sys
2018-01-28 17:53 - 2018-01-28 20:02 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-28 17:51 - 2018-01-28 17:51 - 000269472 _____ C:\Users\Les\Documents\cc_20180128_205119.reg
2018-01-28 17:06 - 2018-01-28 17:06 - 011605440 _____ (SurfRight B.V.) C:\Users\Les\Downloads\hitmanpro_x64(1).exe
2018-01-28 17:06 - 2018-01-28 17:06 - 008206624 _____ (Malwarebytes) C:\Users\Les\Downloads\adwcleaner_7.0.7.0.exe
2018-01-28 13:42 - 2018-01-28 13:43 - 026916424 _____ (Adlice Software) C:\Users\Les\Downloads\RogueKiller_portable64.exe
2018-01-28 13:26 - 2018-01-28 13:27 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Les\Downloads\spybotsd-2.6.46.exe
2018-01-28 13:07 - 2018-01-28 13:07 - 124952848 _____ (Microsoft Corporation) C:\Users\Les\Downloads\msert.exe
2018-01-28 12:43 - 2018-01-28 12:43 - 000000000 ____D C:\Users\Les\Downloads\mbam-chameleon-3.1.33.0
2018-01-27 15:59 - 2018-01-27 15:59 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Les\Downloads\esetonlinescanner_enu(1).exe
2018-01-27 15:03 - 2018-01-30 17:16 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-27 14:49 - 2018-01-27 14:51 - 4250861568 _____ C:\Users\Les\Documents\Windows.iso
2018-01-27 11:37 - 2018-01-27 11:37 - 039611824 _____ (EaseUS ) C:\Users\Les\Downloads\epm_trial(1).exe
2018-01-27 11:20 - 2018-01-27 11:20 - 000000000 ____D C:\Users\Les\Downloads\WinDlg_v1_31
2018-01-27 11:20 - 2018-01-27 11:20 - 000000000 ____D C:\Program Files (x86)\Western Digital Corporation
2018-01-27 11:19 - 2018-01-27 11:19 - 000619792 _____ C:\Users\Les\Downloads\WinDlg_v1_31.zip
2018-01-25 09:42 - 2018-01-25 09:42 - 018617536 _____ (Microsoft Corporation) C:\Users\Les\Downloads\MediaCreationTool(2).exe
2018-01-25 09:22 - 2018-01-28 08:50 - 000000000 ____D C:\ESD
2018-01-25 09:21 - 2018-01-25 09:21 - 018617536 _____ (Microsoft Corporation) C:\Users\Les\Downloads\MediaCreationTool(1).exe
2018-01-25 08:40 - 2018-01-25 08:40 - 000632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2018-01-25 08:40 - 2018-01-25 08:40 - 000001869 _____ C:\Windows\SysWOW64\Microsoft.VC80.CRT.manifest
2018-01-25 08:20 - 2018-01-25 08:33 - 158205520 _____ (NTI Corporation) C:\Users\Les\Downloads\NTI_Backup_Now_EZ_5.1.0.33_Retail_Update.exe
2018-01-25 08:04 - 2018-01-25 08:04 - 000000000 ____D C:\ProgramData\NTI
2018-01-25 08:02 - 2018-01-25 08:03 - 000000000 ____D C:\Program Files (x86)\NTI
2018-01-25 08:00 - 2018-01-25 08:00 - 000001024 ___RH C:\Users\Public\Documents\NTIBUNEZ5.dll
2018-01-25 07:59 - 2018-01-25 07:59 - 000000000 ____D C:\ProgramData\FLEXnet
2018-01-25 07:57 - 2018-01-25 07:57 - 145426960 _____ (NTI Corporation) C:\Users\Les\Downloads\NTI_Backup_Now_EZ_5.1.0.33_Upgrade_ESD_Version.exe
2018-01-24 17:06 - 2018-01-24 17:09 - 028458488 _____ (NTI Corporation, Inc.) C:\Users\Les\Downloads\NTI_Boot_Disk_Updater_1.0.2.5.exe
2018-01-24 16:05 - 2018-01-24 16:05 - 000000000 ____D C:\Users\Les\Downloads\SnapAPI_l_s_e
2018-01-24 16:04 - 2018-01-24 16:04 - 002348322 _____ C:\Users\Les\Downloads\SnapAPI_l_s_e.zip
2018-01-24 15:59 - 2018-01-24 15:59 - 039611824 _____ (EaseUS ) C:\Users\Les\Downloads\epm_trial.exe
2018-01-24 14:14 - 2018-01-24 14:14 - 006451688 _____ C:\Users\Les\Downloads\AcronisTrueImage2018_web.exe
2018-01-24 09:35 - 2018-01-24 09:35 - 000000000 ____D C:\Users\Les\Downloads\Silent Witness - Season 1 [DVDRip][XviD] - cOOt
2018-01-24 09:34 - 2018-01-24 09:34 - 000000000 ____D C:\Users\Les\Downloads\Thor Ragnarok (2017) [1080p] [YTS.AG]
2018-01-24 08:46 - 2018-01-25 08:54 - 000003544 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Winnie-Les
2018-01-24 08:20 - 2018-01-24 08:20 - 000000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2018-01-24 08:12 - 2018-01-24 08:12 - 010999056 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(2).exe
2018-01-23 11:24 - 2018-01-23 11:24 - 000000000 ____D C:\ProgramData\NTIReg
2018-01-23 11:21 - 2018-01-25 08:36 - 000000000 ____D C:\Users\Les\AppData\Local\Downloaded Installations
2018-01-23 11:07 - 2018-01-23 11:07 - 001715771 _____ C:\Users\Les\Documents\wogears[comcast.net]_2018-01-23_14-07.zip
2018-01-23 11:07 - 2018-01-23 11:07 - 000000000 ____D C:\Users\Les\Documents\wogears[comcast.net]_2018-01-23_14-07
2018-01-23 07:58 - 2018-01-23 07:58 - 006625600 _____ (Zemana Ltd. ) C:\Users\Les\Downloads\Zemana.AntiMalware.Setup(2).exe
2018-01-23 07:53 - 2018-01-23 07:53 - 006625600 _____ (Zemana Ltd. ) C:\Users\Les\Downloads\Zemana.AntiMalware.Setup(1).exe
2018-01-22 21:14 - 2018-01-22 21:14 - 000000000 ____D C:\ProgramData\Paragon Software
2018-01-22 21:13 - 2018-01-22 21:13 - 000000000 ____D C:\Users\Les\AppData\Local\Paragon
2018-01-22 21:11 - 2018-01-22 21:11 - 079507800 _____ (Paragon Software GmbH) C:\Users\Les\Downloads\Paragon-700-FRE_WinInstallSNx64_10.2.1_000.exe
2018-01-22 20:29 - 2018-01-28 17:08 - 000055232 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2018-01-22 18:03 - 2018-01-22 18:09 - 000000000 ____D C:\Users\Les\AppData\Local\{E144D718-C5EC-BBA0-A874-9E488C1C62D0}
2018-01-22 17:09 - 2018-01-22 17:09 - 006705178 _____ C:\Users\Les\Downloads\mbam-chameleon-3.1.33.0.zip
2018-01-22 16:53 - 2018-01-22 16:53 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Les\Downloads\rkill64.exe
2018-01-22 16:52 - 2018-01-24 06:19 - 000000000 ____D C:\Users\Les\AppData\Local\aungrxw
2018-01-22 16:45 - 2018-01-30 15:01 - 000000000 ____D C:\Windows\Minidump
2018-01-22 16:41 - 2018-01-31 22:37 - 000000000 ____D C:\Users\Les\AppData\Local\upbxmvk
2018-01-22 16:37 - 2018-01-30 17:55 - 002888192 _____ C:\Windows\System32\sndpuhvsvc.exe
2018-01-22 16:14 - 2018-01-22 16:14 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Les\Downloads\rkill.exe
2018-01-22 15:48 - 2018-01-22 15:48 - 000000000 ____D C:\Windows\SysWOW64\rtmbgok
2018-01-22 15:48 - 2018-01-22 15:48 - 000000000 ____D C:\Windows\System32\rtmbgok
2018-01-22 15:48 - 2018-01-22 15:48 - 000000000 ____D C:\Users\Les\AppData\Roaming\et
2018-01-22 15:43 - 2018-01-29 18:04 - 000000000 ____D C:\Program Files (x86)\Pedestal
2018-01-22 15:43 - 2018-01-29 18:04 - 000000000 ____D C:\Program Files (x86)\palma
2018-01-22 15:43 - 2018-01-22 15:44 - 000000000 ____D C:\Program Files (x86)\bridal
2018-01-22 15:43 - 2018-01-22 15:43 - 000000000 ___HD C:\Program Files (x86)\Daoud
2018-01-22 15:43 - 2018-01-22 15:43 - 000000000 ___HD C:\Program Files (x86)\bender
2018-01-22 13:56 - 2018-01-22 13:56 - 000001024 ____H C:\SYSTAG.BIN
2018-01-22 13:44 - 2018-01-22 15:24 - 000000082 _____ C:\Windows\SysWOW64\winsevr.dat
2018-01-22 13:43 - 2018-01-22 14:15 - 000000000 ____D C:\ProgramData\AomeiBR
2018-01-22 13:43 - 2017-09-01 15:12 - 000038320 _____ C:\Windows\System32\amwrtdrv.sys
2018-01-22 13:43 - 2016-12-21 19:54 - 000051120 _____ C:\Windows\System32\ambakdrv.sys
2018-01-22 13:43 - 2016-12-21 19:52 - 000171952 _____ C:\Windows\System32\ammntdrv.sys
2018-01-21 17:39 - 2018-01-21 17:39 - 000000000 ____D C:\Program Files\PortraitPro 17 Trial
2018-01-21 17:37 - 2018-01-21 17:38 - 163561368 _____ (Anthropics Technology Ltd. ) C:\Users\Les\Downloads\PortraitProTrialSetup64.exe
2018-01-20 14:51 - 2018-01-20 14:51 - 002224761 _____ C:\Users\Les\Downloads\AF35-70F28DRM.pdf
2018-01-19 17:02 - 2018-01-19 17:03 - 000000000 ____D C:\Users\Les\Downloads\rcsetup153
2018-01-19 17:02 - 2018-01-19 17:02 - 004007927 _____ C:\Users\Les\Downloads\rcsetup153.zip
2018-01-18 17:42 - 2018-01-19 08:15 - 000000000 ____D C:\Users\Les\Downloads\www.Torrenting.com - A.House.Through.Time.S01E02.XviD-AFG
2018-01-18 17:39 - 2018-01-18 17:39 - 000000000 ____D C:\Users\Les\Downloads\www.Torrenting.com - A.House.Through.Time.S01E02.720p.HEVC.x265-MeGusta
2018-01-18 13:55 - 2018-01-18 13:55 - 000123310 _____ C:\Users\Les\Documents\DreamVacationWeek2.pdf
2018-01-18 13:47 - 2018-01-18 13:47 - 000123896 _____ C:\Users\Les\Documents\DreamVacationWeek.pdf
2018-01-18 10:55 - 2018-01-18 10:55 - 004348233 _____ C:\Users\Les\Downloads\Anthony Trollope - Barsetshire Chronicles 01 to 06 - The Chronicles of Barsetshire (v5.0).mobi
2018-01-18 09:31 - 2018-01-18 09:31 - 000000000 ____D C:\Users\Les\Downloads\Anthony Trollope - The Way We Live Now
2018-01-16 17:31 - 2018-01-16 17:31 - 000000000 ____D C:\Program Files\iPod
2018-01-16 17:30 - 2018-01-16 17:31 - 000000000 ____D C:\Program Files\iTunes
2018-01-16 09:53 - 2018-01-16 09:53 - 010997896 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(1).exe
2018-01-15 17:19 - 2018-01-15 17:19 - 000000000 ____D C:\Users\Les\Downloads\Elvis Presley - From Elvis In Memphis (2015) [24-96 HD FLAC]
2018-01-14 14:25 - 2018-01-29 09:33 - 000000000 ____D C:\Users\Les\Downloads\Camelot S01 Complete Season 1 BluRay 720p x265 HEVC [nate_666]
2018-01-14 13:30 - 2018-01-14 13:30 - 010992080 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496.exe
2018-01-09 16:26 - 2018-01-09 16:26 - 000070249 _____ C:\Users\Les\Documents\https___app.ecwid.pdf
2018-01-06 16:07 - 2018-01-06 16:07 - 000000542 _____ C:\Users\Les\Documents\PO Account.txt
2018-01-06 12:51 - 2018-01-06 12:51 - 000000000 ____D C:\Users\Les\Downloads\Black.Mirror.S01.1080p.AMZN.WEBRip.AAC2.0.HEVC.x265.sharpysword
2018-01-05 07:02 - 2012-10-01 08:02 - 000054784 _____ C:\Windows\System32\sfppm.dll
2018-01-04 06:58 - 2018-01-04 06:58 - 000002852 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-01-03 21:29 - 2018-01-01 09:15 - 000956416 _____ (Microsoft Corporation) C:\Windows\System32\Spectrum.exe
2018-01-03 21:29 - 2018-01-01 04:53 - 001090984 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2018-01-03 21:29 - 2018-01-01 04:51 - 001414784 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2018-01-03 21:29 - 2018-01-01 04:51 - 001209240 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2018-01-03 21:29 - 2018-01-01 04:51 - 001055128 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2018-01-03 21:29 - 2018-01-01 04:51 - 000059800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bam.sys
2018-01-03 21:29 - 2018-01-01 04:50 - 005905752 _____ (Microsoft Corporation) C:\Windows\System32\StartTileData.dll
2018-01-03 21:29 - 2018-01-01 04:50 - 000780464 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
2018-01-03 21:29 - 2018-01-01 04:49 - 008605080 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-01-03 21:29 - 2018-01-01 04:49 - 000319352 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2018-01-03 21:29 - 2018-01-01 04:48 - 007831760 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2018-01-03 21:29 - 2018-01-01 04:48 - 001954048 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2018-01-03 21:29 - 2018-01-01 04:48 - 000382360 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2018-01-03 21:29 - 2018-01-01 04:47 - 000082840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2018-01-03 21:29 - 2018-01-01 04:46 - 002709704 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2018-01-03 21:29 - 2018-01-01 04:46 - 000898216 _____ (Microsoft Corporation) C:\Windows\System32\CoreMessaging.dll
2018-01-03 21:29 - 2018-01-01 04:46 - 000471960 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2018-01-03 21:29 - 2018-01-01 04:45 - 002395032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2018-01-03 21:29 - 2018-01-01 04:45 - 001277848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2018-01-03 21:29 - 2018-01-01 04:45 - 000398744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2018-01-03 21:29 - 2018-01-01 04:43 - 001173576 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2018-01-03 21:29 - 2018-01-01 04:42 - 000571288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2018-01-03 21:29 - 2018-01-01 04:42 - 000184984 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2018-01-03 21:29 - 2018-01-01 04:41 - 007676296 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2018-01-03 21:29 - 2018-01-01 04:41 - 000559512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2018-01-03 21:29 - 2018-01-01 04:40 - 001206680 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2018-01-03 21:29 - 2018-01-01 04:39 - 000902416 _____ (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2018-01-03 21:29 - 2018-01-01 04:39 - 000677784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2018-01-03 21:29 - 2018-01-01 04:39 - 000362904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2018-01-03 21:29 - 2018-01-01 04:39 - 000129432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvsocket.sys
2018-01-03 21:29 - 2018-01-01 04:38 - 003904808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-01-03 21:29 - 2018-01-01 04:38 - 000519152 _____ (Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
2018-01-03 21:29 - 2018-01-01 04:37 - 001426664 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2018-01-03 21:29 - 2018-01-01 04:36 - 000374032 _____ (Microsoft Corporation) C:\Windows\System32\vac.exe
2018-01-03 21:29 - 2018-01-01 04:36 - 000166296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2018-01-03 21:29 - 2018-01-01 04:35 - 001170008 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2018-01-03 21:29 - 2018-01-01 04:34 - 007385088 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2018-01-03 21:29 - 2018-01-01 04:34 - 001336344 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2018-01-03 21:29 - 2018-01-01 04:33 - 000603920 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2018-01-03 21:29 - 2018-01-01 04:32 - 004481240 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2018-01-03 21:29 - 2018-01-01 04:27 - 000713624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2018-01-03 21:29 - 2018-01-01 04:26 - 000428952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2018-01-03 21:29 - 2018-01-01 04:25 - 000615768 _____ (Microsoft Corporation) C:\Windows\System32\services.exe
2018-01-03 21:29 - 2018-01-01 04:25 - 000147864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wcifs.sys
2018-01-03 21:29 - 2018-01-01 04:23 - 021352144 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2018-01-03 21:29 - 2018-01-01 04:06 - 000311192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-03 21:29 - 2018-01-01 04:03 - 000650328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2018-01-03 21:29 - 2018-01-01 04:03 - 000123512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-03 21:29 - 2018-01-01 03:53 - 001615712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-03 21:29 - 2018-01-01 03:46 - 003485392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2018-01-03 21:29 - 2018-01-01 03:45 - 006092152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-01-03 21:29 - 2018-01-01 03:45 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-01-03 21:29 - 2018-01-01 03:45 - 002192624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-03 21:29 - 2018-01-01 03:43 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-03 21:29 - 2018-01-01 03:42 - 006479552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-03 21:29 - 2018-01-01 03:42 - 004644912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-01-03 21:29 - 2018-01-01 03:42 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2018-01-03 21:29 - 2018-01-01 03:42 - 000982528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-01-03 21:29 - 2018-01-01 03:37 - 025247232 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2018-01-03 21:29 - 2018-01-01 03:34 - 000703568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-03 21:29 - 2018-01-01 03:25 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-01-03 21:29 - 2018-01-01 03:25 - 001008640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-01-03 21:29 - 2018-01-01 03:25 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-01-03 21:29 - 2018-01-01 03:25 - 000097792 _____ C:\Windows\System32\runexehelper.exe
2018-01-03 21:29 - 2018-01-01 03:24 - 003668480 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2018-01-03 21:29 - 2018-01-01 03:24 - 000202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2018-01-03 21:29 - 2018-01-01 03:23 - 001313792 _____ (Microsoft Corporation) C:\Windows\System32\InstallService.dll
2018-01-03 21:29 - 2018-01-01 03:23 - 000561152 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2018-01-03 21:29 - 2018-01-01 03:23 - 000536576 _____ (Microsoft Corporation) C:\Windows\System32\edgeIso.dll
2018-01-03 21:29 - 2018-01-01 03:23 - 000250368 _____ (Microsoft Corporation) C:\Windows\System32\AppxAllUserStore.dll
2018-01-03 21:29 - 2018-01-01 03:21 - 000192512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netvsc.sys
2018-01-03 21:29 - 2018-01-01 03:20 - 019337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-03 21:29 - 2018-01-01 03:20 - 018917888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-01-03 21:29 - 2018-01-01 03:20 - 000524288 _____ (Microsoft Corporation) C:\Windows\System32\daxexec.dll
2018-01-03 21:29 - 2018-01-01 03:20 - 000204288 _____ (Microsoft Corporation) C:\Windows\System32\provisioningcsp.dll
2018-01-03 21:29 - 2018-01-01 03:19 - 008014848 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2018-01-03 21:29 - 2018-01-01 03:19 - 000461312 _____ (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2018-01-03 21:29 - 2018-01-01 03:19 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2018-01-03 21:29 - 2018-01-01 03:19 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-01-03 21:29 - 2018-01-01 03:19 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2018-01-03 21:29 - 2018-01-01 03:19 - 000334848 _____ (Microsoft Corporation) C:\Windows\System32\dusmsvc.dll
2018-01-03 21:29 - 2018-01-01 03:19 - 000073216 _____ (Microsoft Corporation) C:\Windows\System32\provtool.exe
2018-01-03 21:29 - 2018-01-01 03:18 - 000699904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2018-01-03 21:29 - 2018-01-01 03:18 - 000432640 _____ (Microsoft Corporation) C:\Windows\System32\provengine.dll
2018-01-03 21:29 - 2018-01-01 03:18 - 000431616 _____ (Microsoft Corporation) C:\Windows\System32\msIso.dll
2018-01-03 21:29 - 2018-01-01 03:18 - 000427008 _____ (Microsoft Corporation) C:\Windows\System32\provhandlers.dll
2018-01-03 21:29 - 2018-01-01 03:18 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-03 21:29 - 2018-01-01 03:18 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-03 21:29 - 2018-01-01 03:17 - 011923968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-03 21:29 - 2018-01-01 03:17 - 006564864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-01-03 21:29 - 2018-01-01 03:17 - 000708096 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2018-01-03 21:29 - 2018-01-01 03:17 - 000568832 _____ (Microsoft Corporation) C:\Windows\System32\TileDataRepository.dll
2018-01-03 21:29 - 2018-01-01 03:17 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-03 21:29 - 2018-01-01 03:17 - 000542208 _____ (Microsoft Corporation) C:\Windows\System32\FirewallAPI.dll
2018-01-03 21:29 - 2018-01-01 03:16 - 005833216 _____ (Microsoft Corporation) C:\Windows\System32\dbgeng.dll
2018-01-03 21:29 - 2018-01-01 03:16 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-01-03 21:29 - 2018-01-01 03:16 - 003676672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-03 21:29 - 2018-01-01 03:16 - 000815616 _____ (Microsoft Corporation) C:\Windows\System32\ieproxy.dll
2018-01-03 21:29 - 2018-01-01 03:16 - 000812544 _____ (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2018-01-03 21:29 - 2018-01-01 03:16 - 000720896 _____ (Microsoft Corporation) C:\Windows\System32\LogonController.dll
2018-01-03 21:29 - 2018-01-01 03:16 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-03 21:29 - 2018-01-01 03:16 - 000594944 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2018-01-03 21:29 - 2018-01-01 03:16 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-03 21:29 - 2018-01-01 03:15 - 012687872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-01-03 21:29 - 2018-01-01 03:15 - 006029312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-01-03 21:29 - 2018-01-01 03:15 - 000588800 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2018-01-03 21:29 - 2018-01-01 03:15 - 000434176 _____ (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2018-01-03 21:29 - 2018-01-01 03:14 - 023655936 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2018-01-03 21:29 - 2018-01-01 03:14 - 002465280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-01-03 21:29 - 2018-01-01 03:14 - 001495040 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
2018-01-03 21:29 - 2018-01-01 03:14 - 000870912 _____ (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2018-01-03 21:29 - 2018-01-01 03:13 - 013657600 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2018-01-03 21:29 - 2018-01-01 03:13 - 012830208 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2018-01-03 21:29 - 2018-01-01 03:13 - 003121664 _____ (Microsoft Corporation) C:\Windows\System32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-03 21:29 - 2018-01-01 03:13 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-03 21:29 - 2018-01-01 03:13 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-03 21:29 - 2018-01-01 03:12 - 002633216 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2018-01-03 21:29 - 2018-01-01 03:12 - 002208768 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2018-01-03 21:29 - 2018-01-01 03:12 - 001573376 _____ (Microsoft Corporation) C:\Windows\System32\UserDataService.dll
2018-01-03 21:29 - 2018-01-01 03:12 - 001547776 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2018-01-03 21:29 - 2018-01-01 03:12 - 001424896 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2018-01-03 21:29 - 2018-01-01 03:11 - 008108544 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2018-01-03 21:29 - 2018-01-01 03:11 - 004748288 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2018-01-03 21:29 - 2018-01-01 03:11 - 003334144 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2018-01-03 21:29 - 2018-01-01 03:11 - 003165696 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2018-01-03 21:29 - 2018-01-01 03:11 - 002859520 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2018-01-03 21:29 - 2018-01-01 03:11 - 001822208 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2018-01-03 21:29 - 2018-01-01 03:11 - 001816576 _____ (Microsoft Corporation) C:\Windows\System32\wevtsvc.dll
2018-01-03 21:29 - 2018-01-01 03:11 - 001343488 _____ (Microsoft Corporation) C:\Windows\System32\wifinetworkmanager.dll
2018-01-03 21:29 - 2018-01-01 03:11 - 001231872 _____ (Microsoft Corporation) C:\Windows\System32\TokenBroker.dll
2018-01-03 21:29 - 2018-01-01 03:11 - 000880640 _____ (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2018-01-03 21:29 - 2018-01-01 03:11 - 000812032 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2018-01-03 21:29 - 2018-01-01 03:10 - 003126272 _____ (Microsoft Corporation) C:\Windows\System32\InputService.dll
2018-01-03 21:29 - 2018-01-01 03:09 - 001487872 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2018-01-03 21:29 - 2018-01-01 03:09 - 000925184 _____ (Microsoft Corporation) C:\Windows\System32\MPSSVC.dll
2018-01-03 21:29 - 2018-01-01 03:08 - 000963072 _____ (Microsoft Corporation) C:\Windows\System32\StorSvc.dll
2018-01-03 21:29 - 2018-01-01 03:08 - 000726016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2018-01-03 21:29 - 2018-01-01 03:08 - 000685056 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2018-01-03 21:29 - 2018-01-01 03:05 - 002510848 _____ (Microsoft Corporation) C:\Windows\System32\ResetEngine.dll
2018-01-03 21:29 - 2018-01-01 03:05 - 001160704 _____ (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2018-01-03 21:28 - 2018-01-01 04:54 - 000924648 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2018-01-03 21:28 - 2018-01-01 04:52 - 000066712 _____ (Microsoft Corporation) C:\Windows\System32\iumcrypt.dll
2018-01-03 21:28 - 2018-01-01 04:51 - 000191816 _____ (Microsoft Corporation) C:\Windows\System32\skci.dll
2018-01-03 21:28 - 2018-01-01 04:50 - 000479912 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase_enclave.dll
2018-01-03 21:28 - 2018-01-01 04:50 - 000077208 _____ (Microsoft Corporation) C:\Windows\System32\hvloader.dll
2018-01-03 21:28 - 2018-01-01 04:49 - 000599448 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2018-01-03 21:28 - 2018-01-01 04:49 - 000292376 _____ (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2018-01-03 21:28 - 2018-01-01 04:47 - 000649304 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2018-01-03 21:28 - 2018-01-01 04:46 - 000733592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2018-01-03 21:28 - 2018-01-01 04:43 - 000367336 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2018-01-03 21:28 - 2018-01-01 04:43 - 000062872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2018-01-03 21:28 - 2018-01-01 04:42 - 001029016 _____ (Microsoft Corporation) C:\Windows\System32\efscore.dll
2018-01-03 21:28 - 2018-01-01 04:42 - 000494488 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2018-01-03 21:28 - 2018-01-01 04:42 - 000109976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys
2018-01-03 21:28 - 2018-01-01 04:41 - 000549552 _____ (Microsoft Corporation) C:\Windows\System32\WWanAPI.dll
2018-01-03 21:28 - 2018-01-01 04:39 - 000508264 _____ (Microsoft Corporation) C:\Windows\System32\systemreset.exe
2018-01-03 21:28 - 2018-01-01 04:38 - 000727448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2018-01-03 21:28 - 2018-01-01 04:38 - 000103320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stornvme.sys
2018-01-03 21:28 - 2018-01-01 04:38 - 000038808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2018-01-03 21:28 - 2018-01-01 04:37 - 000461720 _____ (Microsoft Corporation) C:\Windows\System32\wifitask.exe
2018-01-03 21:28 - 2018-01-01 04:36 - 000413888 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2018-01-03 21:28 - 2018-01-01 04:36 - 000113560 _____ (Microsoft Corporation) C:\Windows\System32\icfupgd.dll
2018-01-03 21:28 - 2018-01-01 04:36 - 000057752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2018-01-03 21:28 - 2018-01-01 04:35 - 000075160 _____ (Microsoft Corporation) C:\Windows\System32\SecurityHealthProxyStub.dll
2018-01-03 21:28 - 2018-01-01 04:34 - 000260896 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2018-01-03 21:28 - 2018-01-01 04:34 - 000087384 _____ (Microsoft Corporation) C:\Windows\System32\remoteaudioendpoint.dll
2018-01-03 21:28 - 2018-01-01 04:33 - 002773400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2018-01-03 21:28 - 2018-01-01 04:32 - 000617304 _____ (Microsoft Corporation) C:\Windows\System32\TextInputFramework.dll
2018-01-03 21:28 - 2018-01-01 04:27 - 000163736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2018-01-03 21:28 - 2018-01-01 04:26 - 000081304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbkmcl.sys
2018-01-03 21:28 - 2018-01-01 04:21 - 001103768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2018-01-03 21:28 - 2018-01-01 04:21 - 000614296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2018-01-03 21:28 - 2018-01-01 04:03 - 000777904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-03 21:28 - 2018-01-01 04:03 - 000566664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-01-03 21:28 - 2018-01-01 03:49 - 000481464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-03 21:28 - 2018-01-01 03:49 - 000258808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2018-01-03 21:28 - 2018-01-01 03:46 - 000289816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-03 21:28 - 2018-01-01 03:45 - 000450928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2018-01-03 21:28 - 2018-01-01 03:42 - 001003152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-03 21:28 - 2018-01-01 03:42 - 000386424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2018-01-03 21:28 - 2018-01-01 03:42 - 000129184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-01-03 21:28 - 2018-01-01 03:42 - 000074992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2018-01-03 21:28 - 2018-01-01 03:25 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-03 21:28 - 2018-01-01 03:24 - 000240640 _____ (Microsoft Corporation) C:\Windows\System32\AboutSettingsHandlers.dll
2018-01-03 21:28 - 2018-01-01 03:24 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-03 21:28 - 2018-01-01 03:24 - 000038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-03 21:28 - 2018-01-01 03:23 - 000385024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cldflt.sys
2018-01-03 21:28 - 2018-01-01 03:23 - 000232960 _____ (Microsoft Corporation) C:\Windows\System32\convertvhd.exe
2018-01-03 21:28 - 2018-01-01 03:23 - 000121344 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2018-01-03 21:28 - 2018-01-01 03:23 - 000080384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbkmclr.sys
2018-01-03 21:28 - 2018-01-01 03:23 - 000047104 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2018-01-03 21:28 - 2018-01-01 03:22 - 000031744 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-03 21:28 - 2018-01-01 03:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpstorport.sys
2018-01-03 21:28 - 2018-01-01 03:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\System32\VmApplicationHealthMonitorProxy.dll
2018-01-03 21:28 - 2018-01-01 03:21 - 000268288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-03 21:28 - 2018-01-01 03:21 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppLockerCSP.dll
2018-01-03 21:28 - 2018-01-01 03:21 - 000133632 _____ (Microsoft Corporation) C:\Windows\System32\wificonnapi.dll
2018-01-03 21:28 - 2018-01-01 03:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-03 21:28 - 2018-01-01 03:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2018-01-03 21:28 - 2018-01-01 03:21 - 000080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2018-01-03 21:28 - 2018-01-01 03:21 - 000062976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2018-01-03 21:28 - 2018-01-01 03:20 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-01-03 21:28 - 2018-01-01 03:20 - 000397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-03 21:28 - 2018-01-01 03:20 - 000225792 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winnat.sys
2018-01-03 21:28 - 2018-01-01 03:20 - 000215552 _____ (Microsoft Corporation) C:\Windows\System32\fwpolicyiomgr.dll
2018-01-03 21:28 - 2018-01-01 03:20 - 000212992 _____ (Microsoft Corporation) C:\Windows\System32\container.dll
2018-01-03 21:28 - 2018-01-01 03:20 - 000186368 _____ (Microsoft Corporation) C:\Windows\System32\ACPBackgroundManagerPolicy.dll
2018-01-03 21:28 - 2018-01-01 03:20 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2018-01-03 21:28 - 2018-01-01 03:20 - 000134656 _____ (Microsoft Corporation) C:\Windows\System32\WcnApi.dll
2018-01-03 21:28 - 2018-01-01 03:20 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-01-03 21:28 - 2018-01-01 03:20 - 000104960 _____ (Microsoft Corporation) C:\Windows\System32\rasauto.dll
2018-01-03 21:28 - 2018-01-01 03:20 - 000082432 _____ (Microsoft Corporation) C:\Windows\System32\SCardDlg.dll
2018-01-03 21:28 - 2018-01-01 03:20 - 000043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RfxVmt.sys
2018-01-03 21:28 - 2018-01-01 03:20 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshhttp.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000795136 _____ (Microsoft Corporation) C:\Windows\System32\NaturalAuth.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000675328 _____ (Microsoft Corporation) C:\Windows\System32\webplatstorageserver.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000416768 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2018-01-03 21:28 - 2018-01-01 03:19 - 000366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-03 21:28 - 2018-01-01 03:19 - 000316928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2018-01-03 21:28 - 2018-01-01 03:19 - 000188416 _____ (Microsoft Corporation) C:\Windows\System32\PimIndexMaintenance.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000149504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000142848 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msoert2.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000093696 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000079872 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-03 21:28 - 2018-01-01 03:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\System32\nshhttp.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000748032 _____ (Microsoft Corporation) C:\Windows\System32\PhoneProviders.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000588800 _____ (Microsoft Corporation) C:\Windows\System32\SmsRouterSvc.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000465920 _____ (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000436224 _____ (Microsoft Corporation) C:\Windows\System32\PsmServiceExtHost.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000425984 _____ (Microsoft Corporation) C:\Windows\System32\vmrdvcore.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000391168 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000380928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000369664 _____ (Microsoft Corporation) C:\Windows\System32\APHostService.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000336896 _____ (Microsoft Corporation) C:\Windows\System32\AppLockerCSP.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000276480 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000259072 _____ (Microsoft Corporation) C:\Windows\System32\SCardSvr.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000210944 _____ (Microsoft Corporation) C:\Windows\System32\P2P.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000144896 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2018-01-03 21:28 - 2018-01-01 03:18 - 000082944 _____ (Microsoft Corporation) C:\Windows\System32\provdatastore.dll
2018-01-03 21:28 - 2018-01-01 03:17 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2018-01-03 21:28 - 2018-01-01 03:17 - 000791552 _____ (Microsoft Corporation) C:\Windows\System32\PhoneService.dll
2018-01-03 21:28 - 2018-01-01 03:17 - 000616960 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Bluetooth.dll
2018-01-03 21:28 - 2018-01-01 03:17 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-03 21:28 - 2018-01-01 03:17 - 000555520 _____ (Microsoft Corporation) C:\Windows\System32\SensorService.dll
2018-01-03 21:28 - 2018-01-01 03:17 - 000456704 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2018-01-03 21:28 - 2018-01-01 03:17 - 000423936 _____ (Microsoft Corporation) C:\Windows\System32\p2psvc.dll
2018-01-03 21:28 - 2018-01-01 03:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\System32\pnrpsvc.dll
2018-01-03 21:28 - 2018-01-01 03:17 - 000228352 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2018-01-03 21:28 - 2018-01-01 03:17 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\msoert2.dll
2018-01-03 21:28 - 2018-01-01 03:16 - 000966656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2018-01-03 21:28 - 2018-01-01 03:16 - 000956928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-01-03 21:28 - 2018-01-01 03:16 - 000831488 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll
2018-01-03 21:28 - 2018-01-01 03:16 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-03 21:28 - 2018-01-01 03:16 - 000624128 _____ (Microsoft Corporation) C:\Windows\System32\SyncController.dll
2018-01-03 21:28 - 2018-01-01 03:16 - 000401920 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2018-01-03 21:28 - 2018-01-01 03:16 - 000235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-03 21:28 - 2018-01-01 03:16 - 000086528 _____ (Microsoft Corporation) C:\Windows\System32\cldapi.dll
2018-01-03 21:28 - 2018-01-01 03:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-01-03 21:28 - 2018-01-01 03:15 - 002349568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2018-01-03 21:28 - 2018-01-01 03:15 - 001657856 _____ (Microsoft Corporation) C:\Windows\System32\rdpserverbase.dll
2018-01-03 21:28 - 2018-01-01 03:15 - 001245184 _____ (Microsoft Corporation) C:\Windows\System32\Unistore.dll
2018-01-03 21:28 - 2018-01-01 03:15 - 000970240 _____ (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2018-01-03 21:28 - 2018-01-01 03:15 - 000951808 _____ (Microsoft Corporation) C:\Windows\System32\usermgr.dll
2018-01-03 21:28 - 2018-01-01 03:15 - 000756736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2018-01-03 21:28 - 2018-01-01 03:15 - 000366080 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2018-01-03 21:28 - 2018-01-01 03:15 - 000258560 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2018-01-03 21:28 - 2018-01-01 03:14 - 001097728 _____ (Microsoft Corporation) C:\Windows\System32\rdpbase.dll
2018-01-03 21:28 - 2018-01-01 03:14 - 001003008 _____ (Microsoft Corporation) C:\Windows\System32\modernexecserver.dll
2018-01-03 21:28 - 2018-01-01 03:14 - 000985600 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2018-01-03 21:28 - 2018-01-01 03:14 - 000917504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2018-01-03 21:28 - 2018-01-01 03:13 - 002013184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-03 21:28 - 2018-01-01 03:13 - 001474560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-03 21:28 - 2018-01-01 03:13 - 000897024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-03 21:28 - 2018-01-01 03:12 - 000760320 _____ (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2018-01-03 21:28 - 2018-01-01 03:12 - 000464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-03 21:28 - 2018-01-01 03:11 - 002082304 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2018-01-03 21:28 - 2018-01-01 03:11 - 001597952 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2018-01-03 21:28 - 2018-01-01 03:11 - 000715776 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2018-01-03 21:28 - 2018-01-01 03:10 - 002528256 _____ (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2018-01-03 21:28 - 2018-01-01 03:10 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscproxystub.dll
2018-01-03 21:28 - 2018-01-01 03:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\System32\DbgModel.dll
2018-01-03 21:28 - 2018-01-01 03:09 - 000599552 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Core.TextInput.dll
2018-01-03 21:28 - 2018-01-01 03:08 - 000505344 _____ (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2018-01-03 21:28 - 2018-01-01 03:06 - 000018944 _____ (Microsoft Corporation) C:\Windows\System32\wscproxystub.dll
2018-01-03 21:28 - 2018-01-01 03:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-31 19:29 - 2017-10-30 08:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-31 19:29 - 2017-09-29 00:45 - 020185088 _____ C:\Windows\System32\config\HARDWARE
2018-01-31 19:29 - 2017-09-29 00:45 - 000524288 _____ C:\Windows\System32\config\BBI
2018-01-31 19:29 - 2015-04-25 13:22 - 000000000 ____D C:\Users\Les\Documents\Outlook Files
2018-01-31 19:28 - 2017-10-30 06:59 - 000000000 ___DC C:\Windows\Panther
2018-01-31 19:27 - 2017-10-30 07:55 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-01-31 18:33 - 2015-04-25 14:25 - 000000000 ____D C:\Users\Les\AppData\Local\Adobe
2018-01-31 18:08 - 2017-05-07 08:56 - 000103090 _____ C:\Windows\ZAM.krnl.trace
2018-01-31 16:29 - 2017-10-30 08:26 - 000004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3F08E355-1C38-4F89-A231-515F239D9F31}
2018-01-31 13:13 - 2017-11-16 11:53 - 000000000 ____D C:\Users\Les\AppData\LocalLow\Mozilla
2018-01-31 12:09 - 2015-04-25 13:37 - 000000000 ____D C:\Users\Les\AppData\Roaming\PrimoPDF
2018-01-31 12:05 - 2015-04-25 12:01 - 000000000 ____D C:\Users\Les\AppData\Local\CrashDumps
2018-01-31 12:05 - 2015-04-25 11:22 - 000000917 _____ C:\Windows\LandexRemote.ini
2018-01-31 11:03 - 2015-04-25 12:19 - 000000000 ____D C:\Program Files\tixati
2018-01-31 09:28 - 2017-10-30 08:02 - 000000000 ____D C:\Users\Les\AppData\Local\Packages
2018-01-31 05:51 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-01-31 05:50 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-31 05:50 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2018-01-30 18:55 - 2017-05-07 08:56 - 000069374 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-01-30 18:03 - 2015-04-25 15:06 - 000000000 ___RD C:\Users\Les\Creative Cloud Files
2018-01-30 18:02 - 2016-06-24 16:28 - 000000000 ____D C:\Users\Les\AppData\Roaming\DisplayCAL
2018-01-30 14:24 - 2017-12-10 05:52 - 000094144 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-01-30 12:49 - 2015-10-09 09:27 - 000000000 ____D C:\Windows\twain_64
2018-01-30 12:18 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2018-01-30 09:58 - 2017-09-29 00:45 - 000032768 _____ C:\Windows\System32\config\ELAM
2018-01-30 08:00 - 2015-05-12 13:30 - 000452388 _____ C:\Windows\System32\SFP
2018-01-29 23:37 - 2017-05-06 16:35 - 000000000 ____D C:\Windows\Microsoft Antimalware
2018-01-29 20:09 - 2015-04-25 10:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-29 18:04 - 2015-04-26 10:49 - 000000000 ____D C:\Users\Les\Downloads\2BrightSparks.SyncBackPro.7.0.14.0.Multilingual-ZWT [helg420]
2018-01-29 13:56 - 2017-11-16 11:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-29 08:25 - 2017-10-30 08:01 - 000000000 ____D C:\users\Les
2018-01-28 17:14 - 2017-05-12 08:19 - 000000000 ____D C:\AdwCleaner
2018-01-28 16:52 - 2017-09-09 15:10 - 000000000 ____D C:\Users\Les\Downloads\Photolemur 2.0.4 + Patch [CracksNow]
2018-01-28 09:53 - 2017-10-30 08:27 - 000001908 _____ C:\Windows\diagwrn.xml
2018-01-28 09:53 - 2017-10-30 08:27 - 000001908 _____ C:\Windows\diagerr.xml
2018-01-28 08:23 - 2015-04-27 08:54 - 000000000 ____D C:\Users\Les\AppData\Local\ElevatedDiagnostics
2018-01-27 16:57 - 2015-04-25 12:48 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
2018-01-27 16:54 - 2015-05-07 15:34 - 000000000 ____D C:\Users\Les\AppData\Roaming\vlc
2018-01-27 16:06 - 2017-05-06 21:09 - 000000000 _____ C:\Recovery.txt
2018-01-27 14:59 - 2017-05-05 14:10 - 000000000 ____D C:\Windows\pss
2018-01-25 20:06 - 2017-10-30 08:26 - 000003356 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3451223362-1175936456-4260665253-1000
2018-01-25 20:06 - 2015-07-29 12:53 - 000000000 ___RD C:\Users\Les\OneDrive
2018-01-25 08:03 - 2015-04-25 10:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-24 09:55 - 2015-09-27 10:42 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-01-24 09:41 - 2017-06-15 16:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-24 09:41 - 2017-05-19 14:14 - 000000000 ____D C:\Program Files\Paragon Software
2018-01-24 09:24 - 2017-10-05 16:02 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2018-01-24 09:02 - 2010-11-20 19:27 - 000548000 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2018-01-23 08:18 - 2017-06-17 19:17 - 000000000 ___HD C:\adobeTemp
2018-01-23 07:59 - 2017-05-07 08:56 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-01-22 21:13 - 2017-05-19 14:15 - 000000000 ____D C:\ProgramData\Paragon
2018-01-22 20:28 - 2015-05-03 07:33 - 000000000 ____D C:\Users\Les\Documents\Adobe
2018-01-22 20:28 - 2015-04-26 07:42 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-01-22 20:28 - 2015-04-25 14:33 - 000000000 ____D C:\Users\Les\AppData\Roaming\Adobe
2018-01-22 16:45 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-01-22 15:58 - 2015-04-26 10:42 - 000000000 ____D C:\Users\Les\Documents\Book Projects
2018-01-22 13:33 - 2015-04-25 13:37 - 000000000 ____D C:\Users\Les\Documents\Serials
2018-01-20 14:54 - 2016-02-25 16:43 - 000000000 ____D C:\Users\Les\Documents\Manuals
2018-01-19 14:49 - 2017-05-17 06:45 - 000000000 ____D C:\Program Files\CCleaner
2018-01-19 10:14 - 2016-10-13 11:04 - 000000000 ___RD C:\Users\Les\TV Shows
2018-01-18 11:37 - 2015-08-27 14:10 - 000000000 ____D C:\Users\Les\Documents\Calibre Library
2018-01-17 12:31 - 2015-10-01 07:30 - 000000000 ____D C:\Program Files (x86)\Riffstation Trial
2018-01-10 14:55 - 2016-04-11 09:06 - 000000000 ____D C:\Users\Les\Documents\TurboTax
2018-01-10 11:25 - 2015-05-19 08:59 - 000000000 ____D C:\Users\Les\Documents\Custom Office Templates
2018-01-10 03:15 - 2017-10-30 08:00 - 001121358 _____ C:\Windows\System32\PerfStringBackup.INI
2018-01-10 02:14 - 2015-04-27 06:45 - 000000000 ____D C:\Windows\System32\MRT
2018-01-10 02:09 - 2017-10-11 10:19 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-01-10 02:09 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2018-01-10 02:09 - 2015-04-27 06:45 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-01-10 02:00 - 2009-07-13 18:34 - 000000478 _____ C:\Windows\win.ini
2018-01-07 16:47 - 2015-04-26 12:15 - 000000000 ____D C:\Users\Les\Downloads\VSO ConvertXtoDVD 5.2.0.13 Final (crack+key) [ChingLiu]
2018-01-05 22:09 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\rescache
2018-01-05 07:03 - 2016-12-12 08:01 - 000000000 ____D C:\Program Files (x86)\Snappy Fax Version 5
2018-01-03 22:10 - 2017-10-30 08:34 - 000000000 ___RD C:\Users\Les\3D Objects
2018-01-03 22:10 - 2015-07-29 12:50 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-03 22:08 - 2017-10-30 07:55 - 000413824 _____ C:\Windows\System32\FNTCACHE.DAT
2018-01-03 22:04 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-01-03 22:04 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\System32\F12
2018-01-03 22:04 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\TextInput
2018-01-03 22:04 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-01-03 22:04 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\oobe
2018-01-03 22:04 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\migwiz
2018-01-03 22:04 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\appraiser
2018-01-03 22:04 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\Provisioning
2018-01-03 22:04 - 2017-09-29 00:45 - 000000000 ____D C:\Windows\System32\Dism
2018-01-03 21:32 - 2017-09-29 05:41 - 000403968 _____ (Microsoft Corporation) C:\Windows\System32\WpAXHolder.dll
2018-01-03 21:31 - 2017-09-29 05:41 - 000140800 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2018-01-03 21:31 - 2017-09-29 05:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-01-02 12:52 - 2015-04-26 09:30 - 000000000 ____D C:\Users\Les\Documents\Faxes

Some files in TEMP:
====================
2018-01-27 15:09 - 2018-01-27 15:09 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\1A76.tmp.exe
2018-01-27 14:15 - 2018-01-27 14:15 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\28C8.tmp.exe
2018-01-27 15:15 - 2018-01-27 15:15 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\89B2.tmp.exe
2018-01-27 14:15 - 2018-01-27 14:15 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\DA36.tmp.exe
2018-01-28 17:53 - 2018-01-01 04:48 - 001954048 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\dllnt_dump.dll
2018-01-30 09:59 - 2018-01-30 09:57 - 081865688 _____ (Malwarebytes                                                ) C:\Users\Les\AppData\Local\Temp\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3811.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2018-01-03 21:28] - [2018-01-01 03:11] - 000715776 _____ (Microsoft Corporation) D0926E8FC082646487BD159538F4D9F5

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2018-01-03 21:29] - [2018-01-01 04:38] - 003904808 _____ (Microsoft Corporation) 92B369312AF5D0B83AEF82D5DE0428D2

C:\Windows\SysWOW64\explorer.exe
[2018-01-03 21:29] - [2018-01-01 03:46] - 003485392 _____ (Microsoft Corporation) 152D8FB49984351A39F87A592EECD896

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2018-01-03 21:29] - [2018-01-01 04:25] - 000615768 _____ (Microsoft Corporation) AB75687641C9ADBE22336EC3C496909C

C:\Windows\System32\User32.dll
[2017-12-12 21:49] - [2017-12-07 15:34] - 001634288 _____ (Microsoft Corporation) 0370364D4D8846B6CF316ABBB2EDB083

C:\Windows\SysWOW64\User32.dll
[2017-12-12 21:49] - [2017-12-07 14:56] - 001528904 _____ (Microsoft Corporation) 5D41A00F6ED104C9639D5CBF0D38A1D6

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2017-12-12 21:49] - [2017-12-07 15:12] - 000401304 _____ (Microsoft Corporation) 5B27846CF4B1C21AFB3A35A8336BA02F


==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 12252.09 MB
Available physical RAM: 11210.19 MB
Total Virtual: 12252.09 MB
Available Virtual: 11263.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.48 GB) (Free:750.96 GB) NTFS
Drive d: (TOSHIBA EXT) (Fixed) (Total:1862.92 GB) (Free:866.86 GB) NTFS
Drive e: (Samsung HDD) (Fixed) (Total:931.51 GB) (Free:30.2 GB) NTFS
Drive g: () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
Drive o: (FRST) (Fixed) (Total:14.89 GB) (Free:14.89 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: AA22ECA1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 9B722700)
Partition 1: (Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 8 (Size: 14.9 GB) (Disk ID: EDEAA0AF)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

LastRegBack: 2018-01-28 21:14

==================== End of FRST.txt ============================



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 01 February 2018 - 08:08 AM

All good. Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Les Berkley

Les Berkley
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, OH
  • Local time:06:30 AM

Posted 01 February 2018 - 03:08 PM

Here is the MB log. It still will not turn on its Web Protection module, but that could be a problem with its software. I hope there's a step after this, because MB would give me clean reports during the time when I was having major problems.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/1/18
Scan Time: 2:37 PM
Log File: 50376842-0787-11e8-bde4-4c72b912a99d.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3843
License: Premium

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: Winnie\Les

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382728
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 26 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Thank you,

Les



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 01 February 2018 - 03:22 PM

Yes, we're not done with the clean-up yet. Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Les Berkley

Les Berkley
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, OH
  • Local time:06:30 AM

Posted 01 February 2018 - 05:41 PM

RK Log first. Adware to follow.

 

RogueKiller V12.12.2.0 (x64) [Jan 29 2018] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Les [Administrator]
Started from : C:\Users\Les\Desktop\RogueKiller_portable64(2).exe
Mode : Scan -- Date : 02/01/2018 15:50:08 (Duration : 01:46:37)

¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] sf5.exe(2596) -- C:\Program Files (x86)\Snappy Fax Version 5\sf5.exe[7] -> Found

¤¤¤ Registry : 1 ¤¤¤
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 -> Found

¤¤¤ Tasks : 1 ¤¤¤
[PUP.HackTool] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Found

¤¤¤ Files : 2 ¤¤¤
[PUP.HackTool][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico -> Found
[PUP.HackTool][Folder] C:\Program Files\KMSpico -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20 EZRX-00D8PB0 SATA Disk Device +++++
--- User ---
[MBR] 086d4408cd186277f74dd3e85a0930d6
[BSP] b0d3cb4e323a31c980868c0dd7ad7138 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907177 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 3906105344 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 4d1706863896b6ad34bdead411e69a1a
[BSP] e203586aee126325eb1398496327eb49 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907625 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: SanDisk Cruzer Glide USB Device +++++
--- User ---
[MBR] c9a82014f3b5774ea54efb91d18992a1
[BSP] c123276a9c55a756e2552b272660a9a2 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 15266 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive7: Generic- SD/MMC/MS/MSPRO USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive8: SAMSUNG HD103SI USB Device +++++
--- User ---
[MBR] 7435b395373533bcd39085cd12602a0e
[BSP] 3a263ec662f61a27d74cd7a536bc3337 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

 



#10 Les Berkley

Les Berkley
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, OH
  • Local time:06:30 AM

Posted 01 February 2018 - 05:46 PM

Adware log

 

# AdwCleaner 7.0.7.0 - Logfile created on Thu Feb 01 22:44:50 2018
# Updated on 2018/18/01 by Malwarebytes
# Database: 01-16-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [7217 B] - [2017/5/12 16:27:44]
C:/AdwCleaner/AdwCleaner[S0].txt - [6814 B] - [2017/5/12 16:25:49]
C:/AdwCleaner/AdwCleaner[S1].txt - [1081 B] - [2017/10/27 16:2:59]
C:/AdwCleaner/AdwCleaner[S2].txt - [1273 B] - [2018/1/29 1:14:51]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 02 February 2018 - 08:42 AM

Good! Now please run a new scan with FRST (under a normal Windows boot) and provide me a fresh set of logs. I'll look for remnants.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Les Berkley

Les Berkley
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, OH
  • Local time:06:30 AM

Posted 02 February 2018 - 11:32 AM

Logs follow: I know that "purifier" and "understandable" were parts of the original malware attack and I see references in the logs.

 

Thanks,

Les

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Les (administrator) on WINNIE (02-02-2018 11:18:57)
Running from C:\Users\Les\Downloads
Loaded Profiles: Les (Available Profiles: Les)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ 5 Agent\DeviceSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Windows\SysWOW64\NMSAccessU.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\ScheduleService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Snappy Fax Version 5\sfpagent.exe
() C:\Program Files (x86)\DisplayCAL\DisplayCAL-apply-profiles.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(John Taylor & Associates) C:\Program Files (x86)\Snappy Fax Version 5\sf5.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\Bunez5Tray.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(The CefSharp Authors) C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\CefSharp.BrowserSubprocess.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Snappy Fax Printer virtual printer agent] => C:\Program Files (x86)\Snappy Fax Version 5\sfpagent.exe [116224 2009-10-05] ()
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [anaya] => "C:\Program Files (x86)\Pedestal\understandable.exe"
HKLM\...\Run: [anayapervades] => "C:\Program Files (x86)\palma\purifier.exe"
HKLM\...\Run: [anayaanaya] => "C:\Program Files (x86)\Daoud\understandable.exe"
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2016-06-27] (ABBYY Production LLC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BackupNowEZ5Tray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\Bunez5Tray.exe [1170608 2016-10-09] (NTI Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [EPSON Stylus Photo R2880] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATICXA.EXE [218112 2007-11-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15055848 2017-03-15] (Plex, Inc.)
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [Snappy Fax] => [X]
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Run: [Snappy Fax Version 5] => C:\Program Files (x86)\Snappy Fax Version 5\sf5.exe [59921008 2017-12-20] (John Taylor & Associates)
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\MountPoints2: {0d846cff-3249-11e5-9ac5-806e6f6e6963} - "E:\wubi.exe"
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2017-09-24]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\communiques.lnk [2018-01-22]
ShortcutTarget: communiques.lnk -> C:\Program Files (x86)\Pedestal\understandable.exe (No File)
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\communiquescommuniques.lnk [2018-01-22]
ShortcutTarget: communiquescommuniques.lnk -> C:\Program Files (x86)\palma\purifier.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{6edff3c7-3431-4c66-8f84-5213ba924344}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f5160679-1af9-49bd-9c63-af9559c7fd2b}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{f5160679-1af9-49bd-9c63-af9559c7fd2b}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3451223362-1175936456-4260665253-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3451223362-1175936456-4260665253-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25f4e390&q={searchTerms}
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-11-21] (Belarc, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: logkqiok.default-1510861966805
FF ProfilePath: C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805 [2018-02-02]
FF Homepage: Mozilla\Firefox\Profiles\logkqiok.default-1510861966805 -> about:home
FF NetworkProxy: Mozilla\Firefox\Profiles\logkqiok.default-1510861966805 -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\logkqiok.default-1510861966805 -> is enabled.
FF Extension: (Exif Viewer) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\exif_viewer@mozilla.doslash.org.xpi [2018-01-27]
FF Extension: (Fess Google Bookmark Extension) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\GBE@fess16.blogspot.com.xpi [2017-11-16]
FF Extension: (Panel View for Google™ Translate) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\jid0-fbHwsGfb6kJyq2hj65KnbGte3yT@jetpack.xpi [2017-11-20]
FF Extension: (Search by Image on Google) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\{1d6267dd-4b37-459a-84da-a5d2580daa6a}.xpi [2018-01-04]
FF Extension: (__MSG_extensionName__) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\{2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c}.xpi [2018-01-04]
FF Extension: (Print/Print Preview) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\{4e6c9475-6f44-463a-999a-cb7895cc5d04}.xpi [2017-12-02]
FF Extension: (ColorZilla) - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\logkqiok.default-1510861966805\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-12-15]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultSearchKeyword: Default -> yagbe
CHR Profile: C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default [2018-02-01]
CHR Extension: (Slides) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Sheets) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Bookmarks Menu) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2016-12-17]
CHR Extension: (Google Docs Offline) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Multiple File Downloader) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijodceacahodmjmdmfcobdepogaajbpc [2017-06-06]
CHR Extension: (Yet Another Google Bookmarks Extension) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnejaepfmacfdmhkplckpfdcjgbeode [2016-10-25]
CHR Extension: (Add to Google Bookmarks (context menu)) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\keobkeaihgkidbpfjojklhjjlfjgaejp [2016-12-21]
CHR Extension: (Fair AdBlocker) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-10-23]
CHR Extension: (EXIF Viewer) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbhfeiddhndihdjeganjggkmjapkffm [2016-10-25]
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-15]
CHR Extension: (Chrome Media Router) - C:\Users\Les\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-23]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-09-24] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-12] ()
R2 NTI Backup Now EZ 5 Agent Device Service; C:\Program Files (x86)\NTI\NTI Backup Now EZ 5 Agent\DeviceSvc.exe [936112 2016-08-12] (NTI Corporation)
R2 NTI Backup Now EZ 5 Scheduler; C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\ScheduleService.exe [102064 2016-10-09] ()
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1982952 2017-03-15] (Plex, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [52832 2017-01-29] (hxxp://libusb-win32.sourceforge.net)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-30] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-02-02] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-02-02] (Malwarebytes)
R1 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-30] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-02-02] (Malwarebytes)
R1 MpKsl44ddeb26; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{848785D6-922E-403A-85F2-CB5700B6394F}\MpKsl44ddeb26.sys [58120 2018-02-02] (Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 scsiscan; C:\WINDOWS\system32\DRIVERS\scsiscan.sys [20480 2017-09-29] (Microsoft Corporation)
S3 Spyder3; C:\WINDOWS\System32\drivers\Spyder3.sys [15360 2010-03-30] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-02-01] ()
R1 UimBus; C:\WINDOWS\System32\drivers\uimbus.sys [108856 2017-04-11] (Paragon Software GmbH)
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uimdevim.sys [44848 2017-04-11] (Paragon Software GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-05-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-07] (Zemana Ltd.)
U4 aspnet_state; no ImagePath
S3 NTIDrvr; System32\Drivers\NTIDrvr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-02 11:02 - 2018-02-02 11:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-01 16:09 - 2018-02-01 16:09 - 008206624 _____ (Malwarebytes) C:\Users\Les\Desktop\AdwCleaner.exe
2018-02-01 15:45 - 2018-02-01 15:46 - 026917960 _____ (Adlice Software) C:\Users\Les\Desktop\RogueKiller_portable64(2).exe
2018-01-31 14:05 - 2018-01-31 14:05 - 000000757 _____ C:\Users\Les\Downloads\Fixlog.txt
2018-01-31 11:43 - 2018-01-31 11:44 - 000075671 _____ C:\Users\Les\Downloads\Addition.txt
2018-01-31 11:42 - 2018-02-02 11:19 - 000025246 _____ C:\Users\Les\Downloads\FRST.txt
2018-01-31 11:42 - 2018-02-02 11:18 - 000000000 ____D C:\FRST
2018-01-31 11:41 - 2018-01-31 11:41 - 002393088 _____ (Farbar) C:\Users\Les\Downloads\FRST64.exe
2018-01-31 00:06 - 2018-01-31 00:06 - 014999000 _____ (Trend Micro Inc.) C:\Users\Les\Downloads\RootkitBusterV5.0-1203x64.exe
2018-01-30 23:40 - 2018-01-30 23:40 - 026917960 _____ (Adlice Software) C:\Users\Les\Downloads\RogueKiller_portable64(1).exe
2018-01-30 20:50 - 2018-01-30 20:50 - 000000000 ____D C:\Users\Les\Documents\ProcAlyzer Dumps
2018-01-30 20:48 - 2018-01-30 20:48 - 000000656 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-01-30 20:48 - 2018-01-30 20:48 - 000000628 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-01-30 20:06 - 2018-01-30 23:38 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-01-30 20:00 - 2018-01-31 22:40 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-30 20:00 - 2018-01-30 23:38 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-30 20:00 - 2018-01-30 20:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-01-30 19:58 - 2018-01-30 19:58 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Les\Downloads\spybotsd-2.6.46(1).exe
2018-01-30 19:52 - 2018-02-01 01:37 - 000000000 ____D C:\Users\Les\AppData\Local\lsokcpe
2018-01-30 19:47 - 2018-01-30 19:47 - 000000000 ____D C:\ProgramData\LHService
2018-01-30 19:25 - 2018-01-30 19:25 - 000000000 ____D C:\ProgramData\LockHunter
2018-01-30 19:23 - 2018-01-30 19:23 - 000000000 ____D C:\Users\Les\AppData\Roaming\LockHunter
2018-01-30 19:23 - 2018-01-30 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2018-01-30 19:23 - 2018-01-30 19:23 - 000000000 ____D C:\Program Files\LockHunter
2018-01-30 19:22 - 2018-01-30 19:22 - 003133480 _____ (Crystal Rich Ltd ) C:\Users\Les\Downloads\lockhuntersetup_3-2-3.exe
2018-01-30 17:49 - 2018-01-30 17:49 - 000167034 _____ C:\Users\Les\Downloads\fileassassin-setup-1.06.exe
2018-01-30 17:49 - 2018-01-30 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2018-01-30 17:49 - 2018-01-30 17:49 - 000000000 ____D C:\Program Files (x86)\FileASSASSIN
2018-01-30 15:48 - 2018-01-30 15:48 - 010051352 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex3296.exe
2018-01-30 15:36 - 2018-01-30 15:36 - 000000000 ____D C:\Program Files\VueScan
2018-01-30 15:35 - 2018-01-30 15:35 - 011002984 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(4).exe
2018-01-30 14:03 - 2018-01-30 14:03 - 011002984 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(3).exe
2018-01-30 13:11 - 2018-02-02 11:01 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-30 13:11 - 2018-02-02 11:01 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-30 13:11 - 2018-01-30 20:15 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-30 13:11 - 2018-01-30 13:11 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-30 13:10 - 2018-01-30 13:10 - 081865688 _____ (Malwarebytes ) C:\Users\Les\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3811(1).exe
2018-01-30 13:10 - 2018-01-30 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-30 13:10 - 2018-01-30 13:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-30 13:10 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-30 12:57 - 2018-01-30 12:57 - 081865688 _____ (Malwarebytes ) C:\Users\Les\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3811.exe
2018-01-30 02:37 - 2018-02-02 10:59 - 109838336 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-01-29 12:50 - 2018-01-29 12:56 - 2946746368 _____ C:\Users\Les\Downloads\ProfessionalRetail.img
2018-01-29 10:59 - 2018-01-29 10:59 - 000863696 _____ (Malwarebytes) C:\Users\Les\Downloads\mb-clean-3.1.0.1031.exe
2018-01-29 10:58 - 2018-01-29 10:58 - 081736824 _____ (Malwarebytes ) C:\Users\Les\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3806.exe
2018-01-28 20:54 - 2018-02-01 15:50 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-28 20:53 - 2018-01-28 23:02 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-28 20:51 - 2018-01-28 20:51 - 000269472 _____ C:\Users\Les\Documents\cc_20180128_205119.reg
2018-01-28 20:06 - 2018-01-28 20:06 - 011605440 _____ (SurfRight B.V.) C:\Users\Les\Downloads\hitmanpro_x64(1).exe
2018-01-28 20:06 - 2018-01-28 20:06 - 008206624 _____ (Malwarebytes) C:\Users\Les\Downloads\adwcleaner_7.0.7.0.exe
2018-01-28 16:42 - 2018-01-28 16:43 - 026916424 _____ (Adlice Software) C:\Users\Les\Downloads\RogueKiller_portable64.exe
2018-01-28 16:26 - 2018-01-28 16:27 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Les\Downloads\spybotsd-2.6.46.exe
2018-01-28 16:07 - 2018-01-28 16:07 - 124952848 _____ (Microsoft Corporation) C:\Users\Les\Downloads\msert.exe
2018-01-28 15:43 - 2018-01-28 15:43 - 000000000 ____D C:\Users\Les\Downloads\mbam-chameleon-3.1.33.0
2018-01-27 18:59 - 2018-01-27 18:59 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Les\Downloads\esetonlinescanner_enu(1).exe
2018-01-27 18:03 - 2018-01-30 20:16 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-27 17:49 - 2018-01-27 17:51 - 4250861568 _____ C:\Users\Les\Documents\Windows.iso
2018-01-27 14:37 - 2018-01-27 14:37 - 039611824 _____ (EaseUS ) C:\Users\Les\Downloads\epm_trial(1).exe
2018-01-27 14:20 - 2018-01-27 14:20 - 000000000 ____D C:\Users\Les\Downloads\WinDlg_v1_31
2018-01-27 14:20 - 2018-01-27 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
2018-01-27 14:20 - 2018-01-27 14:20 - 000000000 ____D C:\Program Files (x86)\Western Digital Corporation
2018-01-27 14:19 - 2018-01-27 14:19 - 000619792 _____ C:\Users\Les\Downloads\WinDlg_v1_31.zip
2018-01-25 12:42 - 2018-01-25 12:42 - 018617536 _____ (Microsoft Corporation) C:\Users\Les\Downloads\MediaCreationTool(2).exe
2018-01-25 12:22 - 2018-01-28 11:50 - 000000000 ____D C:\ESD
2018-01-25 12:21 - 2018-01-25 12:21 - 018617536 _____ (Microsoft Corporation) C:\Users\Les\Downloads\MediaCreationTool(1).exe
2018-01-25 11:44 - 2018-01-25 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ 5
2018-01-25 11:40 - 2018-01-25 11:40 - 000632064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr80.dll
2018-01-25 11:40 - 2018-01-25 11:40 - 000001869 _____ C:\WINDOWS\SysWOW64\Microsoft.VC80.CRT.manifest
2018-01-25 11:20 - 2018-01-25 11:33 - 158205520 _____ (NTI Corporation) C:\Users\Les\Downloads\NTI_Backup_Now_EZ_5.1.0.33_Retail_Update.exe
2018-01-25 11:04 - 2018-01-25 11:04 - 000000000 ____D C:\ProgramData\NTI
2018-01-25 11:02 - 2018-01-25 11:03 - 000000000 ____D C:\Program Files (x86)\NTI
2018-01-25 11:00 - 2018-01-25 11:00 - 000001024 ___RH C:\Users\Public\Documents\NTIBUNEZ5.dll
2018-01-25 10:59 - 2018-01-25 10:59 - 000000000 ____D C:\ProgramData\FLEXnet
2018-01-25 10:57 - 2018-01-25 10:57 - 145426960 _____ (NTI Corporation) C:\Users\Les\Downloads\NTI_Backup_Now_EZ_5.1.0.33_Upgrade_ESD_Version.exe
2018-01-24 20:06 - 2018-01-24 20:09 - 028458488 _____ (NTI Corporation, Inc.) C:\Users\Les\Downloads\NTI_Boot_Disk_Updater_1.0.2.5.exe
2018-01-24 19:05 - 2018-01-24 19:05 - 000000000 ____D C:\Users\Les\Downloads\SnapAPI_l_s_e
2018-01-24 19:04 - 2018-01-24 19:04 - 002348322 _____ C:\Users\Les\Downloads\SnapAPI_l_s_e.zip
2018-01-24 18:59 - 2018-01-24 18:59 - 039611824 _____ (EaseUS ) C:\Users\Les\Downloads\epm_trial.exe
2018-01-24 17:14 - 2018-01-24 17:14 - 006451688 _____ C:\Users\Les\Downloads\AcronisTrueImage2018_web.exe
2018-01-24 12:35 - 2018-01-24 12:35 - 000000000 ____D C:\Users\Les\Downloads\Silent Witness - Season 1 [DVDRip][XviD] - cOOt
2018-01-24 12:34 - 2018-01-24 12:34 - 000000000 ____D C:\Users\Les\Downloads\Thor Ragnarok (2017) [1080p] [YTS.AG]
2018-01-24 11:46 - 2018-01-25 11:54 - 000003544 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-Winnie-Les
2018-01-24 11:20 - 2018-01-24 11:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\2BrightSparks
2018-01-24 11:12 - 2018-01-24 11:12 - 010999056 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(2).exe
2018-01-23 14:24 - 2018-01-23 14:24 - 000000000 ____D C:\ProgramData\NTIReg
2018-01-23 14:21 - 2018-01-25 11:36 - 000000000 ____D C:\Users\Les\AppData\Local\Downloaded Installations
2018-01-23 14:07 - 2018-01-23 14:07 - 001715771 _____ C:\Users\Les\Documents\wogears[comcast.net]_2018-01-23_14-07.zip
2018-01-23 14:07 - 2018-01-23 14:07 - 000000000 ____D C:\Users\Les\Documents\wogears[comcast.net]_2018-01-23_14-07
2018-01-23 10:59 - 2018-01-23 10:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-01-23 10:58 - 2018-01-23 10:58 - 006625600 _____ (Zemana Ltd. ) C:\Users\Les\Downloads\Zemana.AntiMalware.Setup(2).exe
2018-01-23 10:53 - 2018-01-23 10:53 - 006625600 _____ (Zemana Ltd. ) C:\Users\Les\Downloads\Zemana.AntiMalware.Setup(1).exe
2018-01-23 00:14 - 2018-01-23 00:14 - 000000000 ____D C:\ProgramData\Paragon Software
2018-01-23 00:13 - 2018-01-23 00:13 - 000000000 ____D C:\Users\Les\AppData\Local\Paragon
2018-01-23 00:11 - 2018-01-23 00:11 - 079507800 _____ (Paragon Software GmbH) C:\Users\Les\Downloads\Paragon-700-FRE_WinInstallSNx64_10.2.1_000.exe
2018-01-22 23:29 - 2018-01-28 20:08 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-01-22 23:28 - 2018-01-22 23:28 - 000001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2018.lnk
2018-01-22 21:03 - 2018-01-22 21:09 - 000000000 ____D C:\Users\Les\AppData\Local\{E144D718-C5EC-BBA0-A874-9E488C1C62D0}
2018-01-22 20:09 - 2018-01-22 20:09 - 006705178 _____ C:\Users\Les\Downloads\mbam-chameleon-3.1.33.0.zip
2018-01-22 19:53 - 2018-01-22 19:53 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Les\Downloads\rkill64.exe
2018-01-22 19:52 - 2018-01-24 09:19 - 000000000 ____D C:\Users\Les\AppData\Local\aungrxw
2018-01-22 19:45 - 2018-01-30 18:01 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-22 19:41 - 2018-02-01 01:37 - 000000000 ____D C:\Users\Les\AppData\Local\upbxmvk
2018-01-22 19:37 - 2018-01-30 20:55 - 002888192 _____ C:\WINDOWS\system32\sndpuhvsvc.exe
2018-01-22 19:14 - 2018-01-22 19:14 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Les\Downloads\rkill.exe
2018-01-22 18:48 - 2018-01-22 18:48 - 000000000 ____D C:\WINDOWS\SysWOW64\rtmbgok
2018-01-22 18:48 - 2018-01-22 18:48 - 000000000 ____D C:\WINDOWS\system32\rtmbgok
2018-01-22 18:48 - 2018-01-22 18:48 - 000000000 ____D C:\Users\Les\AppData\Roaming\et
2018-01-22 18:43 - 2018-01-29 21:04 - 000000000 ____D C:\Program Files (x86)\Pedestal
2018-01-22 18:43 - 2018-01-29 21:04 - 000000000 ____D C:\Program Files (x86)\palma
2018-01-22 18:43 - 2018-01-22 18:44 - 000000000 ____D C:\Program Files (x86)\bridal
2018-01-22 18:43 - 2018-01-22 18:43 - 000000000 ___HD C:\Program Files (x86)\Daoud
2018-01-22 18:43 - 2018-01-22 18:43 - 000000000 ___HD C:\Program Files (x86)\bender
2018-01-22 16:56 - 2018-01-22 16:56 - 000001024 ____H C:\SYSTAG.BIN
2018-01-22 16:44 - 2018-01-22 18:24 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2018-01-22 16:43 - 2018-01-22 17:15 - 000000000 ____D C:\ProgramData\AomeiBR
2018-01-22 16:43 - 2017-09-01 18:12 - 000038320 _____ C:\WINDOWS\system32\amwrtdrv.sys
2018-01-22 16:43 - 2016-12-21 22:54 - 000051120 _____ C:\WINDOWS\system32\ambakdrv.sys
2018-01-22 16:43 - 2016-12-21 22:52 - 000171952 _____ C:\WINDOWS\system32\ammntdrv.sys
2018-01-21 20:39 - 2018-01-21 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortraitPro 17 Trial
2018-01-21 20:39 - 2018-01-21 20:39 - 000000000 ____D C:\Program Files\PortraitPro 17 Trial
2018-01-21 20:37 - 2018-01-21 20:38 - 163561368 _____ (Anthropics Technology Ltd. ) C:\Users\Les\Downloads\PortraitProTrialSetup64.exe
2018-01-20 17:51 - 2018-01-20 17:51 - 002224761 _____ C:\Users\Les\Downloads\AF35-70F28DRM.pdf
2018-01-19 20:02 - 2018-01-19 20:03 - 000000000 ____D C:\Users\Les\Downloads\rcsetup153
2018-01-19 20:02 - 2018-01-19 20:02 - 004007927 _____ C:\Users\Les\Downloads\rcsetup153.zip
2018-01-18 20:42 - 2018-01-19 11:15 - 000000000 ____D C:\Users\Les\Downloads\www.Torrenting.com - A.House.Through.Time.S01E02.XviD-AFG
2018-01-18 20:39 - 2018-01-18 20:39 - 000000000 ____D C:\Users\Les\Downloads\www.Torrenting.com - A.House.Through.Time.S01E02.720p.HEVC.x265-MeGusta
2018-01-18 16:55 - 2018-01-18 16:55 - 000123310 _____ C:\Users\Les\Documents\DreamVacationWeek2.pdf
2018-01-18 16:47 - 2018-01-18 16:47 - 000123896 _____ C:\Users\Les\Documents\DreamVacationWeek.pdf
2018-01-18 13:55 - 2018-01-18 13:55 - 004348233 _____ C:\Users\Les\Downloads\Anthony Trollope - Barsetshire Chronicles 01 to 06 - The Chronicles of Barsetshire (v5.0).mobi
2018-01-18 12:31 - 2018-01-18 12:31 - 000000000 ____D C:\Users\Les\Downloads\Anthony Trollope - The Way We Live Now
2018-01-17 15:31 - 2018-01-17 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riffstation Trial
2018-01-16 20:31 - 2018-01-16 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-01-16 20:31 - 2018-01-16 20:31 - 000000000 ____D C:\Program Files\iPod
2018-01-16 20:30 - 2018-01-16 20:31 - 000000000 ____D C:\Program Files\iTunes
2018-01-16 12:53 - 2018-01-16 12:53 - 010997896 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496(1).exe
2018-01-15 20:19 - 2018-01-15 20:19 - 000000000 ____D C:\Users\Les\Downloads\Elvis Presley - From Elvis In Memphis (2015) [24-96 HD FLAC]
2018-01-14 17:25 - 2018-01-29 12:33 - 000000000 ____D C:\Users\Les\Downloads\Camelot S01 Complete Season 1 BluRay 720p x265 HEVC [nate_666]
2018-01-14 16:30 - 2018-01-14 16:30 - 010992080 _____ (Hamrick Software) C:\Users\Les\Downloads\vuex6496.exe
2018-01-09 19:26 - 2018-01-09 19:26 - 000070249 _____ C:\Users\Les\Documents\https___app.ecwid.pdf
2018-01-06 19:07 - 2018-01-06 19:07 - 000000542 _____ C:\Users\Les\Documents\PO Account.txt
2018-01-06 15:51 - 2018-01-06 15:51 - 000000000 ____D C:\Users\Les\Downloads\Black.Mirror.S01.1080p.AMZN.WEBRip.AAC2.0.HEVC.x265.sharpysword
2018-01-05 10:02 - 2012-10-01 11:02 - 000054784 _____ C:\WINDOWS\system32\sfppm.dll
2018-01-04 09:58 - 2018-01-04 09:58 - 000002852 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-01-04 00:29 - 2018-01-01 12:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-04 00:29 - 2018-01-01 07:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-04 00:29 - 2018-01-01 07:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-04 00:29 - 2018-01-01 07:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-04 00:29 - 2018-01-01 07:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-04 00:29 - 2018-01-01 07:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-04 00:29 - 2018-01-01 07:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-04 00:29 - 2018-01-01 07:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-04 00:29 - 2018-01-01 07:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-04 00:29 - 2018-01-01 07:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-04 00:29 - 2018-01-01 07:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-04 00:29 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-04 00:29 - 2018-01-01 07:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-04 00:29 - 2018-01-01 07:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-04 00:29 - 2018-01-01 07:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-04 00:29 - 2018-01-01 07:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-04 00:29 - 2018-01-01 07:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-04 00:29 - 2018-01-01 07:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-04 00:29 - 2018-01-01 07:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-04 00:29 - 2018-01-01 07:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-04 00:29 - 2018-01-01 07:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-04 00:29 - 2018-01-01 07:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-04 00:29 - 2018-01-01 07:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-04 00:29 - 2018-01-01 07:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-04 00:29 - 2018-01-01 07:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-04 00:29 - 2018-01-01 07:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-04 00:29 - 2018-01-01 07:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-04 00:29 - 2018-01-01 07:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-04 00:29 - 2018-01-01 07:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-04 00:29 - 2018-01-01 07:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-04 00:29 - 2018-01-01 07:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-04 00:29 - 2018-01-01 07:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-04 00:29 - 2018-01-01 07:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-04 00:29 - 2018-01-01 07:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-04 00:29 - 2018-01-01 07:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-04 00:29 - 2018-01-01 07:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-04 00:29 - 2018-01-01 07:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-04 00:29 - 2018-01-01 07:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-04 00:29 - 2018-01-01 07:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-04 00:29 - 2018-01-01 07:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-04 00:29 - 2018-01-01 07:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-04 00:29 - 2018-01-01 07:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-04 00:29 - 2018-01-01 07:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-04 00:29 - 2018-01-01 07:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-04 00:29 - 2018-01-01 07:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-04 00:29 - 2018-01-01 07:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-04 00:29 - 2018-01-01 07:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-04 00:29 - 2018-01-01 07:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-04 00:29 - 2018-01-01 06:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-04 00:29 - 2018-01-01 06:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-04 00:29 - 2018-01-01 06:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-04 00:29 - 2018-01-01 06:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-04 00:29 - 2018-01-01 06:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-04 00:29 - 2018-01-01 06:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-04 00:29 - 2018-01-01 06:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-04 00:29 - 2018-01-01 06:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-04 00:29 - 2018-01-01 06:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-04 00:29 - 2018-01-01 06:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-04 00:29 - 2018-01-01 06:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-04 00:29 - 2018-01-01 06:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-04 00:29 - 2018-01-01 06:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-04 00:29 - 2018-01-01 06:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-04 00:29 - 2018-01-01 06:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-04 00:29 - 2018-01-01 06:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-04 00:29 - 2018-01-01 06:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-04 00:29 - 2018-01-01 06:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-04 00:29 - 2018-01-01 06:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-04 00:29 - 2018-01-01 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-04 00:29 - 2018-01-01 06:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-04 00:29 - 2018-01-01 06:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-04 00:29 - 2018-01-01 06:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-04 00:29 - 2018-01-01 06:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-04 00:29 - 2018-01-01 06:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-04 00:29 - 2018-01-01 06:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-04 00:29 - 2018-01-01 06:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-04 00:29 - 2018-01-01 06:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-04 00:29 - 2018-01-01 06:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-04 00:29 - 2018-01-01 06:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-04 00:29 - 2018-01-01 06:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-04 00:29 - 2018-01-01 06:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-04 00:29 - 2018-01-01 06:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-04 00:29 - 2018-01-01 06:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-04 00:29 - 2018-01-01 06:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-04 00:29 - 2018-01-01 06:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-04 00:29 - 2018-01-01 06:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-04 00:29 - 2018-01-01 06:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-04 00:29 - 2018-01-01 06:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-04 00:29 - 2018-01-01 06:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-04 00:29 - 2018-01-01 06:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-04 00:29 - 2018-01-01 06:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-04 00:29 - 2018-01-01 06:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-04 00:29 - 2018-01-01 06:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-04 00:29 - 2018-01-01 06:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-04 00:29 - 2018-01-01 06:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-04 00:29 - 2018-01-01 06:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-04 00:29 - 2018-01-01 06:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-04 00:29 - 2018-01-01 06:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-04 00:29 - 2018-01-01 06:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-04 00:29 - 2018-01-01 06:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-04 00:29 - 2018-01-01 06:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-04 00:29 - 2018-01-01 06:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-04 00:29 - 2018-01-01 06:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-04 00:29 - 2018-01-01 06:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-04 00:29 - 2018-01-01 06:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-04 00:29 - 2018-01-01 06:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-04 00:29 - 2018-01-01 06:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-04 00:29 - 2018-01-01 06:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-04 00:29 - 2018-01-01 06:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-04 00:29 - 2018-01-01 06:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-04 00:29 - 2018-01-01 06:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-04 00:29 - 2018-01-01 06:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-04 00:28 - 2018-01-01 07:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-04 00:28 - 2018-01-01 07:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-04 00:28 - 2018-01-01 07:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-04 00:28 - 2018-01-01 07:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-04 00:28 - 2018-01-01 07:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-04 00:28 - 2018-01-01 07:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-04 00:28 - 2018-01-01 07:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-04 00:28 - 2018-01-01 07:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-04 00:28 - 2018-01-01 07:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-04 00:28 - 2018-01-01 07:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-04 00:28 - 2018-01-01 07:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-04 00:28 - 2018-01-01 07:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-04 00:28 - 2018-01-01 07:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-04 00:28 - 2018-01-01 07:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-04 00:28 - 2018-01-01 07:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-04 00:28 - 2018-01-01 07:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-04 00:28 - 2018-01-01 07:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-04 00:28 - 2018-01-01 07:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-04 00:28 - 2018-01-01 07:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-04 00:28 - 2018-01-01 07:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-04 00:28 - 2018-01-01 07:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-04 00:28 - 2018-01-01 07:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-04 00:28 - 2018-01-01 07:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-04 00:28 - 2018-01-01 07:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-04 00:28 - 2018-01-01 07:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-04 00:28 - 2018-01-01 07:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-04 00:28 - 2018-01-01 07:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-04 00:28 - 2018-01-01 07:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-04 00:28 - 2018-01-01 07:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-04 00:28 - 2018-01-01 07:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-04 00:28 - 2018-01-01 07:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-04 00:28 - 2018-01-01 07:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-04 00:28 - 2018-01-01 07:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-04 00:28 - 2018-01-01 07:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-04 00:28 - 2018-01-01 06:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-04 00:28 - 2018-01-01 06:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-04 00:28 - 2018-01-01 06:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-04 00:28 - 2018-01-01 06:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-04 00:28 - 2018-01-01 06:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-04 00:28 - 2018-01-01 06:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-04 00:28 - 2018-01-01 06:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-04 00:28 - 2018-01-01 06:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-04 00:28 - 2018-01-01 06:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-04 00:28 - 2018-01-01 06:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-04 00:28 - 2018-01-01 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-04 00:28 - 2018-01-01 06:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-04 00:28 - 2018-01-01 06:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-04 00:28 - 2018-01-01 06:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-04 00:28 - 2018-01-01 06:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-04 00:28 - 2018-01-01 06:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-04 00:28 - 2018-01-01 06:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-04 00:28 - 2018-01-01 06:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-04 00:28 - 2018-01-01 06:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-04 00:28 - 2018-01-01 06:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-04 00:28 - 2018-01-01 06:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-04 00:28 - 2018-01-01 06:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-04 00:28 - 2018-01-01 06:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-04 00:28 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-04 00:28 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-04 00:28 - 2018-01-01 06:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-04 00:28 - 2018-01-01 06:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-04 00:28 - 2018-01-01 06:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-04 00:28 - 2018-01-01 06:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-04 00:28 - 2018-01-01 06:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-04 00:28 - 2018-01-01 06:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-04 00:28 - 2018-01-01 06:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-04 00:28 - 2018-01-01 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-04 00:28 - 2018-01-01 06:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-04 00:28 - 2018-01-01 06:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-04 00:28 - 2018-01-01 06:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-04 00:28 - 2018-01-01 06:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-04 00:28 - 2018-01-01 06:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-04 00:28 - 2018-01-01 06:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-04 00:28 - 2018-01-01 06:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-04 00:28 - 2018-01-01 06:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-04 00:28 - 2018-01-01 06:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-04 00:28 - 2018-01-01 06:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-04 00:28 - 2018-01-01 06:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-04 00:28 - 2018-01-01 06:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-04 00:28 - 2018-01-01 06:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-04 00:28 - 2018-01-01 06:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-04 00:28 - 2018-01-01 06:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-04 00:28 - 2018-01-01 06:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-04 00:28 - 2018-01-01 06:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-04 00:28 - 2018-01-01 06:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-04 00:28 - 2018-01-01 06:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-04 00:28 - 2018-01-01 06:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-04 00:28 - 2018-01-01 06:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-04 00:28 - 2018-01-01 06:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-04 00:28 - 2018-01-01 06:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-04 00:28 - 2018-01-01 06:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-04 00:28 - 2018-01-01 06:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-04 00:28 - 2018-01-01 06:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-02 11:19 - 2017-05-07 11:56 - 000075180 _____ C:\WINDOWS\ZAM.krnl.trace
2018-02-02 11:19 - 2017-05-07 11:56 - 000041058 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-02-02 11:14 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-02 11:09 - 2017-11-16 14:53 - 000000000 ____D C:\Users\Les\AppData\LocalLow\Mozilla
2018-02-02 11:08 - 2017-12-10 08:52 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-02-02 11:08 - 2015-04-25 16:22 - 000000000 ____D C:\Users\Les\Documents\Outlook Files
2018-02-02 11:06 - 2015-04-25 18:06 - 000000000 ___RD C:\Users\Les\Creative Cloud Files
2018-02-02 11:06 - 2015-04-25 17:25 - 000000000 ____D C:\Users\Les\AppData\Local\Adobe
2018-02-02 11:05 - 2016-06-24 19:28 - 000000000 ____D C:\Users\Les\AppData\Roaming\DisplayCAL
2018-02-02 11:00 - 2017-10-30 11:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-02 10:59 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-02-02 10:58 - 2015-04-26 13:42 - 000000000 ____D C:\Users\Les\Documents\Book Projects
2018-02-02 10:57 - 2017-10-30 10:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-02 09:45 - 2017-10-30 11:26 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3F08E355-1C38-4F89-A231-515F239D9F31}
2018-02-02 04:02 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-02 04:02 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-01 17:44 - 2017-05-12 11:19 - 000000000 ____D C:\AdwCleaner
2018-02-01 11:39 - 2015-04-25 16:37 - 000000000 ____D C:\Users\Les\AppData\Roaming\PrimoPDF
2018-02-01 11:36 - 2015-04-25 15:01 - 000000000 ____D C:\Users\Les\AppData\Local\CrashDumps
2018-02-01 11:36 - 2015-04-25 14:22 - 000000917 _____ C:\WINDOWS\LandexRemote.ini
2018-01-31 22:29 - 2017-09-29 03:45 - 020185088 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-31 22:28 - 2017-10-30 09:59 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-31 14:03 - 2015-04-25 15:19 - 000000000 ____D C:\Program Files\tixati
2018-01-31 12:28 - 2017-10-30 11:02 - 000000000 ____D C:\Users\Les\AppData\Local\Packages
2018-01-30 15:49 - 2015-10-09 12:27 - 000000000 ____D C:\WINDOWS\twain_64
2018-01-30 15:18 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-30 12:58 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-30 11:00 - 2015-05-12 16:30 - 000452388 _____ C:\WINDOWS\system32\SFP
2018-01-30 02:37 - 2017-05-06 19:35 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-01-29 23:09 - 2015-04-25 13:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-29 21:04 - 2015-04-26 13:49 - 000000000 ____D C:\Users\Les\Downloads\2BrightSparks.SyncBackPro.7.0.14.0.Multilingual-ZWT [helg420]
2018-01-29 16:56 - 2017-11-16 14:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-29 16:56 - 2015-04-25 13:26 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-29 11:25 - 2017-10-30 11:01 - 000000000 ____D C:\Users\Les
2018-01-28 19:52 - 2017-09-09 18:10 - 000000000 ____D C:\Users\Les\Downloads\Photolemur 2.0.4 + Patch [CracksNow]
2018-01-28 12:53 - 2017-10-30 11:27 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2018-01-28 12:53 - 2017-10-30 11:27 - 000001908 _____ C:\WINDOWS\diagerr.xml
2018-01-28 11:23 - 2015-04-27 11:54 - 000000000 ____D C:\Users\Les\AppData\Local\ElevatedDiagnostics
2018-01-27 19:57 - 2015-04-25 15:48 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
2018-01-27 19:54 - 2015-05-07 18:34 - 000000000 ____D C:\Users\Les\AppData\Roaming\vlc
2018-01-27 19:06 - 2017-05-07 00:09 - 000000000 _____ C:\Recovery.txt
2018-01-27 17:59 - 2017-05-05 17:10 - 000000000 ____D C:\WINDOWS\pss
2018-01-25 23:06 - 2017-10-30 11:26 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3451223362-1175936456-4260665253-1000
2018-01-25 23:06 - 2015-07-29 15:53 - 000002397 _____ C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-25 23:06 - 2015-07-29 15:53 - 000000000 ___RD C:\Users\Les\OneDrive
2018-01-25 11:03 - 2015-04-25 13:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-24 12:55 - 2015-09-27 13:42 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-01-24 12:41 - 2017-06-15 19:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-24 12:41 - 2017-05-19 17:14 - 000000000 ____D C:\Program Files\Paragon Software
2018-01-24 12:24 - 2017-10-05 19:02 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2018-01-24 12:02 - 2010-11-20 22:27 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-23 11:18 - 2017-06-17 22:17 - 000000000 ___HD C:\adobeTemp
2018-01-23 10:59 - 2017-05-07 11:56 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-01-23 00:13 - 2017-05-19 17:15 - 000000000 ____D C:\ProgramData\Paragon
2018-01-22 23:28 - 2015-05-03 10:33 - 000000000 ____D C:\Users\Les\Documents\Adobe
2018-01-22 23:28 - 2015-04-26 10:42 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-01-22 23:28 - 2015-04-25 17:33 - 000000000 ____D C:\Users\Les\AppData\Roaming\Adobe
2018-01-22 19:45 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-22 16:33 - 2015-04-25 16:37 - 000000000 ____D C:\Users\Les\Documents\Serials
2018-01-20 17:54 - 2016-02-25 19:43 - 000000000 ____D C:\Users\Les\Documents\Manuals
2018-01-19 17:49 - 2017-05-17 09:45 - 000000000 ____D C:\Program Files\CCleaner
2018-01-19 13:14 - 2016-10-13 14:04 - 000000000 ___RD C:\Users\Les\TV Shows
2018-01-18 14:37 - 2015-08-27 17:10 - 000000000 ____D C:\Users\Les\Documents\Calibre Library
2018-01-17 15:31 - 2015-10-01 10:30 - 000000000 ____D C:\Program Files (x86)\Riffstation Trial
2018-01-10 17:55 - 2016-04-11 12:06 - 000000000 ____D C:\Users\Les\Documents\TurboTax
2018-01-10 14:25 - 2015-05-19 11:59 - 000000000 ____D C:\Users\Les\Documents\Custom Office Templates
2018-01-10 06:15 - 2017-10-30 11:00 - 001121358 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-10 05:14 - 2015-04-27 09:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 05:09 - 2017-10-11 13:19 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 05:09 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-10 05:09 - 2015-04-27 09:45 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 05:08 - 2015-04-25 14:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-01-10 05:00 - 2009-07-13 21:34 - 000000478 _____ C:\WINDOWS\win.ini
2018-01-08 19:22 - 2017-10-08 10:40 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-07 19:47 - 2015-04-26 15:15 - 000000000 ____D C:\Users\Les\Downloads\VSO ConvertXtoDVD 5.2.0.13 Final (crack+key) [ChingLiu]
2018-01-06 01:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-05 10:03 - 2016-12-12 11:01 - 000000000 ____D C:\Program Files (x86)\Snappy Fax Version 5
2018-01-05 10:02 - 2016-12-12 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snappy Fax Version 5
2018-01-04 01:10 - 2017-10-30 11:34 - 000000000 ___RD C:\Users\Les\3D Objects
2018-01-04 01:10 - 2015-07-29 15:50 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-04 01:08 - 2017-10-30 10:55 - 000413824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-04 01:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-04 01:04 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-04 00:32 - 2017-09-29 08:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-04 00:31 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-04 00:31 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

==================== Files in the root of some directories =======

2015-04-26 15:18 - 2016-01-04 15:54 - 000099384 _____ () C:\Users\Les\AppData\Roaming\inst.exe
2015-04-26 15:18 - 2016-01-04 15:54 - 000007859 _____ () C:\Users\Les\AppData\Roaming\pcouffin.cat
2015-04-26 15:18 - 2016-01-04 15:54 - 000001167 _____ () C:\Users\Les\AppData\Roaming\pcouffin.inf
2015-04-26 15:18 - 2016-01-04 15:54 - 000000055 _____ () C:\Users\Les\AppData\Roaming\pcouffin.log
2015-04-26 15:18 - 2016-01-04 15:54 - 000082816 _____ (VSO Software) C:\Users\Les\AppData\Roaming\pcouffin.sys
2015-09-29 16:30 - 2015-09-29 16:30 - 000000038 ___SH () C:\Users\Les\AppData\Local\56f857505417e3fe0c6362.11790009
2015-05-24 16:27 - 2017-09-30 18:58 - 000001456 _____ () C:\Users\Les\AppData\Local\Adobe Save for Web 13.0 Prefs

Some files in TEMP:
====================
2018-01-27 18:09 - 2018-01-27 18:09 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\1A76.tmp.exe
2018-01-27 17:15 - 2018-01-27 17:15 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\28C8.tmp.exe
2018-01-27 18:15 - 2018-01-27 18:15 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\89B2.tmp.exe
2018-01-27 17:15 - 2018-01-27 17:15 - 000080696 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\DA36.tmp.exe
2018-01-28 20:53 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\Users\Les\AppData\Local\Temp\dllnt_dump.dll
2018-01-30 12:59 - 2018-01-30 12:57 - 081865688 _____ (Malwarebytes                                                ) C:\Users\Les\AppData\Local\Temp\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3811.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-29 00:14

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Les (02-02-2018 11:20:57)
Running from C:\Users\Les\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-10-30 16:30:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3451223362-1175936456-4260665253-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3451223362-1175936456-4260665253-503 - Limited - Disabled)
Guest (S-1-5-21-3451223362-1175936456-4260665253-501 - Limited - Disabled)
Les (S-1-5-21-3451223362-1175936456-4260665253-1000 - Administrator - Enabled) => C:\Users\Les
WDAGUtilityAccount (S-1-5-21-3451223362-1175936456-4260665253-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.3 (HKLM-x32\...\{D0CA3944-0FD5-40FF-97A1-FEDFFB5EE31F}) (Version: 4.3.2.2215 - Open Media LLC)
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe GoLive CS2 English (HKLM-x32\...\Adobe GoLive CS2 English) (Version: 8.0 - Adobe Systems)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_1) (Version: 7.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1) (Version: 19.1 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Alien Skin Bokeh 2 (HKLM\...\Alien Skin Bokeh 2) (Version:  - Alien Skin)
Amazon Kindle (HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Ashampoo Burning Studio 16 v.16.0.0 (HKLM-x32\...\{91B33C97-A730-69CE-7A4F-4ADF378BB993}_is1) (Version: 16.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2015 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.3 - Ashampoo GmbH & Co. KG)
Belarc Advisor 8.6 (HKLM-x32\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{C91787D1-574E-4367-A8D2-641532A78A5E}) (Version: 3.8.0 - Kovid Goyal)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Concise Oxford English Dictionary (Eleventh Edition) (HKLM-x32\...\Concise Oxford English Dictionary (Eleventh Edition)) (Version:  - )
Core Temp 1.5.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.5.1 - ALCPU)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DVD Audio Extractor 7.1.2 (HKLM-x32\...\DVD Audio Extractor_is1) (Version:  - Computer Application Studio)
DVD-Audio Solo Standard 4.4 (HKLM-x32\...\DVD-Audio Solo Standard) (Version: 4.4 - Cirlinca, Inc.)
DxO PhotoLab (HKLM\...\{C2CF718C-ABE3-4D77-989D-78F69C9EF7CF}) (Version: 1.0.1 - DxO)
DxO PhotoLab plug-in for Adobe Lightroom (HKLM-x32\...\{91E4E071-DE20-45D9-91A1-F1A3BBD8333A}) (Version: 1.0.38 - DxO Labs)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
File Repair (HKLM-x32\...\File Repair_is1) (Version:  - File Repair)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileMaker Pro 11 Advanced (HKLM-x32\...\{C53BECC0-C579-44F8-A995-E97FACB04DFC}) (Version: 11.0.1.0 - FileMaker, Inc.) Hidden
FileMaker Pro 11 Advanced (HKLM-x32\...\{C53BECC0-C579-44F8-A995-E97FACB04DFC}_FileMaker) (Version: 11.0.1.0 - FileMaker, Inc.)
FoCal (HKLM-x32\...\{5AAD9891-19E8-406F-80DF-A3FCF5D801E2}) (Version: 1.2.0 - Reikan Technology Ltd)
foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski)
Fundy Designer version 1.9.34 (HKLM-x32\...\{2EB6CDD7-506F-4D1A-989A-27DC85A11739}_is1) (Version: 1.9.34 - Fundy Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.129 - Google Inc.) Hidden
Guitar and Bass (HKLM-x32\...\Guitar and Bass_is1) (Version: 1.2.1 - G.F. Software)
HD-Audio Solo Ultra 4.4.2 (HKLM-x32\...\HD-Audio Solo Ultra) (Version: 4.4.2 - Cirlinca, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HL-2240 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Imagenomic Noiseware 5 Plug-in (build 5030) (HKLM\...\ImagenomicNoisewarePlugin) (Version:  - )
Imagenomic Portraiture 2 Plug-in (build 2340) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
Imaging And Configuration Designer (HKLM-x32\...\{0D838979-E7DE-0D33-26B7-18D7127F22D0}) (Version: 10.1.15063.0 - Microsoft) Hidden
Imaging Designer (HKLM-x32\...\{A8474393-2BD3-E8CF-F20F-2A0A18E679E8}) (Version: 10.1.15063.0 - Microsoft) Hidden
Imaging Tools Support (HKLM-x32\...\{4BF95F2D-83DC-10F1-505D-6675F69F2BAC}) (Version: 10.1.15063.0 - Microsoft) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InPixio Photo Focus Demo (HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\{93721FF0-E352-4bb0-999D-11DA6E86EDB8}) (Version: 3.00 - InPixio)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Kits Configuration Installer (HKLM-x32\...\{F571A156-8221-FBC3-A604-4A108DBEC395}) (Version: 10.1.15063.0 - Microsoft) Hidden
KMSnano 22.1 (HKLM\...\KMSnano 22.1_is1) (Version: KMSnano 22.1 - )
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Kolor Autopano Giga 4.0 (HKLM\...\AutopanoGiga4.0) (Version: V4.0.2 - Kolor)
LANDEX Remote (HKLM-x32\...\LANDEX Remote_is1) (Version: 4.1.5 - Optical Storage Solutions, Inc.)
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
MicroSD Card Recovery Pro 2.9.9 (HKLM-x32\...\{2A17969C-E67A-ABAC-7298-8798EA962C49}_is1) (Version: 2.9.9 - LionSea SoftWare)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - )
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Nitro Pro 9 (HKLM\...\{BC8E7DF0-4434-4688-B615-0A3E5FACFC26}) (Version: 9.0.4.5 - Nitro)
NTI Backup Now EZ 5 (HKLM-x32\...\{C2570AA2-476E-4FB7-A901-AC4268A2F721}) (Version: 5.1.0.33 - NTI Corporation) Hidden
NTI Backup Now EZ 5 (HKLM-x32\...\InstallShield_{C2570AA2-476E-4FB7-A901-AC4268A2F721}) (Version: 5.1.0.33 - NTI Corporation)
NTI Backup Now EZ 5 Agent (HKLM-x32\...\{DA422BFF-EF06-4FF8-AF80-ED004822B343}) (Version: 1.0.0.16 - NTI Corporation) Hidden
NTI Backup Now EZ 5 Agent (HKLM-x32\...\InstallShield_{DA422BFF-EF06-4FF8-AF80-ED004822B343}) (Version: 1.0.0.16 - NTI Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paragon Hard Disk Manager™ 15 Premium (HKLM\...\{44DAFF99-9632-4DEA-8737-76DCE9AE2DFA}) (Version: 10.1.25.0 - Paragon Software)
Perfectly Clear Complete 2.2.0 (HKLM-x32\...\Perfectly Clear Complete) (Version: 2.2.0 - Athentech)
Perfectly Clear LightroomPlugin v2 2.0.0.28 (HKLM-x32\...\Perfectly Clear LightroomPlugin v2) (Version: 2.0.0.28 - Athentech)
Perfectly Clear Plugin v2 2.0.0.28 (HKLM-x32\...\Perfectly Clear Plugin v2) (Version: 2.0.0.28 - Athentech)
Piccure+ (HKLM-x32\...\{eb57d388-7f96-4b68-a406-9b68a8351002}) (Version: 2.5.0.62 - Intelligent Imaging Solutions)
Piccure+ Setup x64 (HKLM\...\{6B0A5D8D-59C5-4FC4-984C-E1B1BF2BBFD0}) (Version: 2.5.0.62 - Intelligent Imaging Solutions) Hidden
Piccure+ Setup x86 (HKLM-x32\...\{8D1C5716-0935-40C1-A48B-BB2D93564DFC}) (Version: 2.5.0.62 - Intelligent Imaging Solutions) Hidden
PitchPerfect Musical Instrument Tuner (HKLM-x32\...\PitchPerfect) (Version: 2.12 - NCH Software)
Play MPE Player 5 (HKLM-x32\...\{B818D973-20EF-4830-B642-061AD59B5C53}) (Version: 1.0.0 - Destiny Media Technologies, Inc.)
Plex Media Server (HKLM-x32\...\{6CC7EB42-D3B5-4527-9FCE-C793B91A1DD3}) (Version: 1.4.3495 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{d55f2773-2fc4-4a79-bf44-125c7afff11f}) (Version: 1.4.4.3495 - Plex, Inc.)
Polaroid PolaColor Insight v5.0.0.25.6L (HKLM-x32\...\{428D80B1-17CA-11D5-9EC9-00A0241873EB}) (Version:  - Polaroid Corporation)
PortraitPro 15.4 (HKLM-x32\...\PortraitPro15_is1) (Version: 15.4 - Anthropics Technology Ltd.)
PortraitPro 15.7 (HKLM\...\PortraitPro15_is1) (Version: 15.7 - Anthropics Technology Ltd.)
PortraitPro 15.7.3 (HKLM-x32\...\PortraitPro 15.7.3) (Version: 15.7.3.0 - RePack by SamuRa1)
PortraitPro 17.3 Trial (HKLM\...\com.anthropics.portraitprostdtrial17_is1) (Version: 17.3 - Anthropics Technology Ltd.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.63 - NCH Software)
PT Portrait - Studio Edition 4.1 (HKLM\...\{8E2D6BBF-8372-4B53-B006-E24DCE64753A}_is1) (Version: 4.1 - PHOTO-TOOLBOX.COM)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
RAW FILE CONVERTER EX 2.0 powered by SILKYPIX (HKLM-x32\...\{B648910F-5E28-41D0-9844-70499F278A37}) (Version: 4.2.2.0 - Ichikawa Soft Laboratory)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Riffstation Trial version 1.4 (HKLM-x32\...\{E3C18079-46E4-4A93-AEF4-56B7A9190949}_is1) (Version: 1.4 - Sonic Ladder Ltd)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
SilverFast 8.8.0r10 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.8.0r10 - LaserSoft Imaging AG)
SilverFast Polaroid 6.6.2r5 (HKLM-x32\...\SilverFast Polaroid) (Version:  - LaserSoft Imaging AG)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
SnapAPI (HKLM-x32\...\{D4830EE9-E795-4CCA-AA7A-612A4E565977}) (Version: 3.1.329 - Acronis)
Snappy Fax Version 5 (HKLM-x32\...\{9A0CEF36-483A-4EAE-99B8-0E5767FFD161}_is1) (Version: 5..0 - John Taylor & Associates)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version:  - )
Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version:  - )
Stopping Plex (HKLM-x32\...\{F935BB29-E095-46A3-8936-965397627AA0}) (Version: 1.4.3495 - Plex, Inc.) Hidden
SyncBackPro (HKLM-x32\...\SyncBackPro_is1) (Version: 7.0.14.0 - 2BrightSparks)
TakeOwnershipPro 1.6 (HKLM-x32\...\TakeOwnershipPro_is1) (Version:  - )
Toolkit Documentation (HKLM-x32\...\{4CB72D51-B41D-CB91-4FC9-FF14D691DAC1}) (Version: 10.1.15063.0 - Microsoft) Hidden
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.1 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC)
Topaz ReMask 4 (HKLM-x32\...\Topaz ReMask 4) (Version: 4.0.0 - Topaz Labs, LLC)
Topaz ReMask 5 (HKLM-x32\...\Topaz ReMask 5) (Version: 5.0.0 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs, LLC)
Topaz Studio (HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\{337bc2a3-0442-4fa9-b1ee-243059d52089}) (Version: 1.0.9 - Topaz Labs, LLC)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
UEV Tools on amd64 (HKLM\...\{050DC954-7765-FD9F-4AAB-052F2DA92CE4}) (Version: 10.1.15063.0 - Microsoft) Hidden
Uninstall DisplayCAL (HKLM-x32\...\{4714199A-0D66-4E69-97FF-7B54BFF80B88}_is1) (Version: 3.2.3.0 - Florian Höch)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update EPSON Stylus Photo R2880 icc profile Glossy (HKLM-x32\...\{3947135B-6AD6-4485-B9B1-5DD7B3DE3147}) (Version:  - )
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
User State Migration Tool (HKLM-x32\...\{E78D5281-8B04-1115-4A68-DE12BF47D559}) (Version: 10.1.15063.0 - Microsoft) Hidden
Vertus Fluid Mask 3 3.3.17 (HKLM-x32\...\vertusFluidMask3) (Version: 3.3.17 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.3 - VSO Software)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - Hamrick Software)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{cef137de-cdb9-48e2-babe-301cb8448d7b}) (Version: 10.1.15063.0 - Microsoft Corporation)
Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WPT Redistributables (HKLM-x32\...\{0432AB38-DDDD-CABF-F9E4-53B746BD6EFE}) (Version: 10.1.15063.0 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{78418409-E850-B0E6-5C05-789D0610AEE4}) (Version: 10.1.15063.0 - Microsoft) Hidden
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3451223362-1175936456-4260665253-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4E6619CDDE4F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3451223362-1175936456-4260665253-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-27] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY Production LLC.)
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\9.0\NPShellExtension64.dll [2013-11-12] (Nitro PDF)
ContextMenuHandlers1: [TakeOwnershipMenu] -> {659E506B-0AC2-410E-A94C-A326FF199883} => C:\Program Files (x86)\TakeOwnershipPro\TakeOwnershipPro_x64.dll [2017-08-07] (TODO: <Company name>)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers4: [AutopanoShell.ShellContextMenu] -> {4B4F4C4F-5220-4798-ABF3-EC03F7C8A498} => C:\Program Files\Kolor\Autopano Giga 4.0\AutopanoShell_x64.dll [2014-06-24] (Kolor)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers4: [TakeOwnershipMenu] -> {659E506B-0AC2-410E-A94C-A326FF199883} => C:\Program Files (x86)\TakeOwnershipPro\TakeOwnershipPro_x64.dll [2017-08-07] (TODO: <Company name>)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-27] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY Production LLC.)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CE2A67-35E7-4B3A-A49D-CC026B89FFB2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {03461CC5-A95E-4E37-B59E-F665C6C593A1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {04AEA346-5E80-4715-95A9-A08769703536} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {077DE328-5275-4576-95B0-3318B025F71F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {0AA77B19-B67B-4C02-9F73-CD3C483FBD89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {113E6DA3-DC9A-4197-B1C1-1D8E6F192CA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {1187088E-C837-4DB1-879C-F8F831BD4F72} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {11D425F7-8BF9-405A-9C4B-43AE351CFFF1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {170A4F8B-7EFD-4884-B933-1D8A5EA28D0E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1E377535-2CF8-4333-991E-5E6085BA317E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2338D353-F2F5-4F1A-A65E-EFEE9E5458FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2FBF83C0-AC29-4423-BE12-31D9F8442D55} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {35F12C0A-6D80-4B73-9035-85BCF19476CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {369B2467-79C1-4C30-88A8-1BF849A392CF} - System32\Tasks\Trigger KMS Activation => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()
Task: {391FCA37-53D1-49A3-92C5-9ADFBC07C613} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {3A74DB89-50C4-4931-8DBA-FBAB1C51C8B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3CF8771B-1420-4268-BBB6-D8349A77A5A7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3D358764-3CF9-4697-AB09-9D2175238692} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4997D0D6-A423-46AF-B8B2-353F5D959D22} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4E20CB96-D572-4AAD-ACB7-0C6B64A0E332} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {51871724-0BE8-4DB0-A03A-2F1962ACACC6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {52AF4322-FDC8-46D8-8F49-52D4AAE209BB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {54D1A595-E9F3-4427-BD31-3CA9F9CD0264} - System32\Tasks\AdobeGCInvoker-1.0-Winnie-Les => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {5A762D9C-D743-46DD-BF51-10347AB19DCB} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe
Task: {613F75A8-5D59-4A2E-BFB8-EFF282F0B1DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {61A09969-5673-458A-B0BA-5DD1E3B69CFA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6AE59B17-7367-4B66-85B7-11E036EABD67} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6DD96D19-116B-4A09-8CCB-7A1C59FA0A35} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6F5A8670-F30A-4B39-B8C6-4002B3C2B64A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {78EAAC59-69A1-480F-AC33-3835375F80BE} - System32\Tasks\DisplayCAL Profile Loader Launcher => C:\Program Files (x86)\DisplayCAL\DisplayCAL-apply-profiles-launcher.exe [2017-01-04] ()
Task: {79A06F1F-97A3-4E81-BB44-DB44D586ABF3} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe
Task: {82E9380B-67DA-45B3-B64A-F28835292E25} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {85CC7BCA-A220-42C8-A6BA-2B174576D4B9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8C2DF0D5-F74B-4614-B43A-12CCDC4A1D2E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9033EB99-9E2C-42D7-9455-B75652AC739A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {971831F5-DF5C-4367-A69E-691F0C215589} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9CB903AF-A5F6-4BA0-8A41-0C2B8FD31473} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9E7961E2-6F5C-473F-BAFC-09A46E6A9535} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A484F8A5-40C8-41BC-8F71-C47B7E68B1A3} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A56F7581-0C56-482B-9F69-A32814604414} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AFFB8605-7CC6-4C55-9D64-A50CBD599162} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {B762162F-F4DB-42FA-B4C6-B905B2F3E57E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B7F9E382-D50F-4F61-B54C-BE6BF45725C5} - System32\Tasks\{396BEC7F-C701-4E03-BEA4-D9D0927DF764} => C:\Windows\system32\pcalua.exe -a C:\Users\Les\Downloads\madFlac\InstallFilter.exe -d C:\Users\Les\Downloads\madFlac
Task: {BBE9910C-8E65-45E6-855B-0300E56670D7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BC72752D-974E-4D29-83FB-0CDBC92B6DF4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner64.exe [2017-09-20] (Piriform Ltd)
Task: {C60566A7-50AE-434A-8448-6B17C62EB354} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {C674E973-79D4-49B2-8593-51406A423E7A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CA3DB7CC-A47A-4E5C-B580-6E5EA377A522} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {CC547247-6454-47B7-ADCF-444775311109} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D024A65F-E3F7-4E35-9EF8-6901E1A2EAF5} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D48B9A2A-80C0-456F-A2F5-05F51F0F9E5A} - System32\Tasks\AdobeAAMUpdater-1.0-Winnie-Les => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {DD317FD5-5866-4837-BC52-6DA53C81AB98} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E02994B9-8A06-499C-B35B-CC3B43DC6E06} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E52BC891-3247-49C4-BEE1-CADCDCC23C50} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-01-10] (Microsoft Corporation)
Task: {E755F442-839F-434D-8A83-E7CB3B84394D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0FDF95A-9F47-4F05-A620-70C1854CA9BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F1CB7C3F-51EB-4B80-8B6D-40B7F0C4D226} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2DF2AF3-A04A-4FD5-8743-DA5C5DFE5C41} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {F85F3FA1-14E7-4271-A858-13725121BF64} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FAB1284C-A6A1-42E0-8CAC-52E73EBE5947} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-04-25 14:24 - 2011-02-28 17:37 - 000095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2018-01-05 10:02 - 2012-10-01 11:02 - 000054784 _____ () C:\WINDOWS\System32\sfppm.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-30 13:10 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-30 13:10 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-04-26 13:50 - 2009-01-12 07:15 - 000071096 _____ () C:\Windows\SysWOW64\NMSAccessU.exe
2016-10-09 11:36 - 2016-10-09 11:36 - 000102064 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\ScheduleService.exe
2015-05-21 13:54 - 2014-08-19 14:12 - 001356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2018-01-04 09:04 - 2018-01-04 09:04 - 000649672 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-14 23:44 - 2010-07-14 23:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2017-05-07 11:56 - 2017-10-27 10:28 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-12-13 00:49 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 00:49 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-31 08:50 - 2018-01-31 08:50 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 08:50 - 2018-01-31 08:50 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-31 08:50 - 2018-01-31 08:50 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-31 08:50 - 2018-01-31 08:50 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2009-10-05 12:39 - 2009-10-05 12:39 - 000116224 _____ () C:\Program Files (x86)\Snappy Fax Version 5\sfpagent.exe
2017-01-29 19:13 - 2017-01-04 15:27 - 000193936 _____ () C:\Program Files (x86)\DisplayCAL\DisplayCAL-apply-profiles.exe
2017-08-29 19:06 - 2012-10-01 11:02 - 000018944 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\sfpui.dll
2018-01-04 09:04 - 2018-01-04 09:04 - 035292104 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2017-03-15 13:18 - 2017-03-15 13:18 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2016-08-12 15:32 - 2016-08-12 15:32 - 000053936 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5 Agent\dispatch.dll
2016-08-12 15:32 - 2016-08-12 15:32 - 000110256 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5 Agent\lib_json.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000068272 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\XMLParser.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000055472 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\SendMsgCallbackDll.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000073392 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\Pehook.DLL
2017-01-29 19:13 - 2016-06-27 14:20 - 000047616 _____ () C:\Program Files (x86)\DisplayCAL\lib\_socket.pyd
2017-01-29 19:13 - 2016-06-27 14:21 - 001405440 _____ () C:\Program Files (x86)\DisplayCAL\lib\_ssl.pyd
2017-01-29 19:13 - 2016-01-11 21:45 - 000100864 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32api.pyd
2017-01-29 19:13 - 2016-01-11 21:44 - 000110080 _____ () C:\Program Files (x86)\DisplayCAL\lib\pywintypes27.dll
2017-01-29 19:13 - 2016-01-11 21:46 - 000396800 _____ () C:\Program Files (x86)\DisplayCAL\lib\pythoncom27.dll
2017-01-29 19:13 - 2016-01-11 21:48 - 000381952 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32com.shell.shell.pyd
2017-01-29 19:13 - 2016-06-27 14:21 - 001014272 _____ () C:\Program Files (x86)\DisplayCAL\lib\_hashlib.pyd
2017-01-29 19:13 - 2016-06-27 14:20 - 000092672 _____ () C:\Program Files (x86)\DisplayCAL\lib\_ctypes.pyd
2017-01-29 19:13 - 2016-01-11 21:44 - 000119808 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32file.pyd
2017-01-29 19:13 - 2016-06-27 14:20 - 000688128 _____ () C:\Program Files (x86)\DisplayCAL\lib\unicodedata.pyd
2017-01-29 19:13 - 2016-01-11 21:45 - 000036864 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32process.pyd
2017-01-29 19:13 - 2014-11-27 13:09 - 001176576 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._core_.pyd
2017-01-29 19:13 - 2014-11-27 13:09 - 000806400 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._gdi_.pyd
2017-01-29 19:13 - 2014-11-27 13:09 - 000816128 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._windows_.pyd
2017-01-29 19:13 - 2014-11-27 13:09 - 001067008 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._controls_.pyd
2017-01-29 19:13 - 2014-11-27 13:10 - 000733184 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._misc_.pyd
2017-01-29 19:13 - 2014-11-27 13:10 - 000438784 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._grid.pyd
2017-01-29 19:13 - 2014-11-27 13:10 - 000149504 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._xrc.pyd
2017-01-29 19:13 - 2016-06-27 14:20 - 000137728 _____ () C:\Program Files (x86)\DisplayCAL\lib\pyexpat.pyd
2017-01-29 19:13 - 2016-01-11 21:45 - 000167936 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32gui.pyd
2017-01-29 19:13 - 2016-06-27 14:20 - 000011264 _____ () C:\Program Files (x86)\DisplayCAL\lib\select.pyd
2017-01-29 19:13 - 2016-01-11 21:45 - 000045568 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32console.pyd
2017-01-29 19:13 - 2016-01-11 21:45 - 000016384 _____ () C:\Program Files (x86)\DisplayCAL\lib\_winxptheme.pyd
2017-01-29 19:13 - 2014-11-27 13:10 - 000357376 _____ () C:\Program Files (x86)\DisplayCAL\lib\wx._html.pyd
2017-01-29 19:13 - 2016-01-11 21:44 - 000018432 _____ () C:\Program Files (x86)\DisplayCAL\lib\win32event.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-09-20 02:42 - 2017-09-20 02:42 - 067115616 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000299184 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\OnlineClient.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000106160 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\SocialClient.dll
2016-10-09 11:37 - 2016-10-09 11:37 - 000045744 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\NtiPipe.dll
2015-12-18 17:05 - 2015-12-18 17:05 - 000466008 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\sqlite3.dll
2016-05-06 16:55 - 2016-05-06 16:55 - 001003696 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\CefSharp.Core.dll
2016-05-06 16:55 - 2016-05-06 16:55 - 053443248 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\libcef.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-03-15 13:18 - 2017-03-15 13:18 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-03-15 13:18 - 2017-03-15 13:18 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2015-04-26 10:23 - 2009-02-27 15:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-05-06 16:55 - 2016-05-06 16:55 - 000689328 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\CefSharp.BrowserSubprocess.Core.dll
2016-05-06 16:55 - 2016-05-06 16:55 - 001982640 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\libglesv2.dll
2016-05-06 16:55 - 2016-05-06 16:55 - 000081072 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 5\libegl.dll
2017-09-06 18:11 - 2017-09-06 18:11 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-09-20 03:04 - 2017-09-20 03:04 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-09-06 18:11 - 2017-09-06 18:11 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-09-12 20:11 - 2017-09-12 20:11 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-09-12 20:10 - 2017-09-12 20:10 - 000117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-09-12 20:11 - 2017-09-12 20:11 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-09-12 20:11 - 2017-09-12 20:11 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-09-20 02:59 - 2017-09-20 02:59 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-09-12 20:11 - 2017-09-12 20:11 - 000098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-09-12 20:11 - 2017-09-12 20:11 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-11-30 18:55 - 2017-11-30 18:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-30 18:55 - 2017-11-30 18:55 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2017-05-07 12:43 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\Control Panel\Desktop\\Wallpaper -> c:\users\les\pictures\jpegs\desktops\eva-green-wallpaper-24.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run: => "anayapervades"
HKLM\...\StartupApproved\Run: => "anayaanaya"
HKLM\...\StartupApproved\Run: => "anaya"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
HKLM\...\StartupApproved\Run32: => "lappattie"
HKLM\...\StartupApproved\Run32: => "laplap"
HKLM\...\StartupApproved\Run32: => "lap"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\StartupFolder: => "communiques.lnk"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pervadesanaya"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pattielap"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pervadespervades"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pervades"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pattiepattie"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pattie"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A9B0B0E2-51B7-4788-9E8D-670F876BE0EA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{29AD5D5C-E455-47D9-8BC4-3A66776CE81A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{D9B21AE9-4857-4FB4-95CB-E5ED0AFCB8E0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{0B13E8FB-E9D5-485A-AABA-83DFD1EDCF9B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5FCEC1C3-0F28-47D5-A08C-ED68A914987A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{F2B90AD0-723B-4010-BBBB-9D9A3EDF8353}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{C071DB5F-4DBA-4223-918F-5EC026565C27}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{9284D8C8-6C9A-4882-834F-658A454A221E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [UDP Query User{B53F15BF-804B-4729-AA41-CF3B1E733A68}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{8D245CF3-A612-4423-A7C6-BDDB53AE4B1A}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{E69724E9-B8D9-439A-8651-266418BEEB87}C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe
FirewallRules: [TCP Query User{7D9418BD-10B2-462C-AD96-7F2581C73CFF}C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe
FirewallRules: [UDP Query User{53535F5F-6387-4EC7-AD46-3AF4821EED2D}C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe
FirewallRules: [TCP Query User{45262CB0-C3EC-40B5-9E45-95AFF45B9206}C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.8.3\bin\dispcal.exe
FirewallRules: [{1AACFD80-74C6-4F9E-8013-2BFB14C06E9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F8B5E84D-D342-4D28-9953-9792C9507261}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69480D12-BE6D-45AB-9738-6D6E1801FE82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7006063C-5960-4391-899F-F8543A7FB591}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{5E5AEA97-CA51-42C7-84B9-4C14500B59DE}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [TCP Query User{FA54F8B4-50F1-44ED-A339-252A240513B5}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [{FE39D487-DE26-4E71-ADDC-4E89D131448B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{32A28F5C-AB61-431B-911C-54B086A11720}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BFB3A9F4-2B03-46CA-9599-7329B1F4A2D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{48612714-03D8-468B-A976-2B32064316C9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A124F29B-4D7B-48C5-9166-68BE3A1AA634}] => (Allow) LPort=12008
FirewallRules: [{396F3FC8-7E0A-4C43-B565-AFEA1EACE358}] => (Allow) LPort=12007
FirewallRules: [{D7CD111D-541C-475F-9C43-C36FAD24BE52}] => (Allow) LPort=12006
FirewallRules: [{91C620CB-CC12-42B1-9DE2-49CB20EC386D}] => (Allow) LPort=12005
FirewallRules: [{E54B5110-201A-478C-91AD-B0152F0B2109}] => (Allow) LPort=12008
FirewallRules: [{B474AC6A-BDC7-4572-907B-90BCD6E92824}] => (Allow) LPort=12007
FirewallRules: [{98E32B18-D0A9-467F-8C20-81168609F2C3}] => (Allow) LPort=12006
FirewallRules: [{85671827-C9B9-4D1E-A2D2-863A6B650E08}] => (Allow) LPort=12005
FirewallRules: [{0178ACC3-C28B-42EA-861C-6ED4D26BAF8D}] => (Allow) LPort=12008
FirewallRules: [{97B9E869-CC2F-4C2C-82B0-C7412C95BB9D}] => (Allow) LPort=12007
FirewallRules: [{C12C811F-D9FB-4412-A696-ABC647B9A95C}] => (Allow) LPort=12006
FirewallRules: [{22BE410F-25C3-4457-A0AB-75021731E39D}] => (Allow) LPort=12005
FirewallRules: [{FCC31125-F3F3-4795-B1DA-AC8F66C83F53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DEF17E18-50CD-4A78-B181-C0D35A77A237}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1340D0A5-A10A-4E57-97F2-354464519D75}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{E94B4693-1E1F-4BFE-93E4-E66C4F86DCAE}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{AADA175D-773F-498B-AD28-8E80C413D976}] => (Allow) LPort=12005
FirewallRules: [{9F9603F8-B5A0-481E-8AF2-6EB4E21FC3AA}] => (Allow) LPort=12006
FirewallRules: [{884955DF-7121-47DF-B97F-791A5C6F87DD}] => (Allow) LPort=12007
FirewallRules: [{59CD3426-E7DB-483C-AD13-FBF2A15A8CED}] => (Allow) LPort=12008
FirewallRules: [{6EC3FEDF-F7DA-4312-A5FF-12A6D7BDF3DD}] => (Allow) LPort=12005
FirewallRules: [{B2E7948D-B8B0-489B-8FDB-A5E96489EB3F}] => (Allow) LPort=12006
FirewallRules: [{B14C5245-76AB-4D8A-AEF3-286631B51E61}] => (Allow) LPort=12007
FirewallRules: [{46F640BF-DB2E-4FD0-B7E9-E17DDFDAEB2A}] => (Allow) LPort=12008
FirewallRules: [{1475A2BF-C050-4A06-A50A-E360AC06E542}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{44EB9CB1-5971-472A-BFFA-5986FD1EBA03}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{7FB73DB6-84D8-4607-95A4-F548D9664E6E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{66D86257-C822-4435-B1D7-3F96D85BEF1A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A1A315A8-F444-45B7-8E9B-E8DB80B06269}] => (Allow) LPort=12005
FirewallRules: [{62F25A17-ED29-47D9-8AC9-0F6D0B72B636}] => (Allow) LPort=12006
FirewallRules: [{4A1B9047-4F1B-4C86-A099-00DF868690F3}] => (Allow) LPort=12007
FirewallRules: [{C8F134CC-7E18-4F7F-B3B8-24CDE66C1684}] => (Allow) LPort=12008
FirewallRules: [TCP Query User{26282489-D2DB-4D96-B706-504AC2E68B59}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Block) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [UDP Query User{C0899786-E0DC-4EB1-BF1F-59775505865C}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Block) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [{B8182E0C-FF46-4776-AE80-524B228209A0}] => (Block) %ProgramFiles% (x86)\Fundy Designer\Fundy Designer.exe
FirewallRules: [{5E87219D-57B8-40A0-A4E7-E7A8AD2D9DBE}] => (Allow) LPort=12005
FirewallRules: [{4181609C-E689-4950-853E-00B186C639FB}] => (Allow) LPort=12006
FirewallRules: [{6AA32E55-86B2-49F0-A6D0-7855BB296D20}] => (Allow) LPort=12007
FirewallRules: [{204CE4D4-5C96-4D76-A74F-6D00972A8AF0}] => (Allow) LPort=12008
FirewallRules: [{8F5CF143-10B6-442F-85A8-6860B2DDCAB4}] => (Block) %ProgramFiles% (x86)\Athentech\License Manager\AthentechLicenseManager.exe
FirewallRules: [TCP Query User{6E92780F-6C39-4846-A904-14E080E8F0B6}C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe
FirewallRules: [UDP Query User{C61F3676-AA12-4DB9-8B7F-3DC2EA2881D0}C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe] => (Allow) C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe
FirewallRules: [{6F561551-92FD-4275-85EA-7EDCF37F30E8}] => (Block) C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe
FirewallRules: [{DF8D2DDA-D3AC-4039-92C2-E9EC75A1F013}] => (Block) C:\users\les\downloads\argyll_v1.9.2\bin\dispcal.exe
FirewallRules: [{9EEEAF42-2C9D-465E-9676-971BFF2C1E72}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{48CBB6C7-41EE-4DE7-8359-B76166586AC8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{58726946-761B-4737-A180-9B4FDB1A843E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{5A888E51-8BCF-4659-8D60-6C6FA197A4FE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{40AE0314-51D1-4574-9ED7-239FA821292B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{61903BBE-D8AA-4518-9CE4-1E25FFD7EEEF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3889CDFA-0A90-4E25-A424-C1A81E0AAA20}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A73A8BDE-5E91-410C-BDB7-D0A77B3A421E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DE7051DD-D9FA-445A-94DF-390646514BDE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{11B91D47-4BB9-40C1-B8D1-A55937779E31}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EE090BB8-FB94-4CD9-AFC3-791D28C8B022}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FBAB879B-5D8C-4B47-A751-EE3F9B0CB3BC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [TCP Query User{104510E0-C0E2-47E6-9192-0A1A19AC9BFF}C:\users\les\downloads\argyll_v1.9.2\bin\dispwin.exe] => (Allow) C:\users\les\downloads\argyll_v1.9.2\bin\dispwin.exe
FirewallRules: [UDP Query User{4E199D3A-DB4E-4D74-8304-9E96C6945F1C}C:\users\les\downloads\argyll_v1.9.2\bin\dispwin.exe] => (Allow) C:\users\les\downloads\argyll_v1.9.2\bin\dispwin.exe
FirewallRules: [{08DAA427-B34D-4224-98A2-06A11FCAFF7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0936A1F4-7BA4-4E36-ABE9-2E79ACE6A845}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CA5ED653-0E2E-4895-99C7-BCFD62982C0B}] => (Allow) C:\Program Files (x86)\NTI\NTI Backup Now EZ 5 Agent\DeviceSvc.exe

==================== Restore Points =========================

01-02-2018 00:42:00 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2018 11:07:23 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (5844,G,0) An attempt to open the file "C:\Users\Les\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/01/2018 11:36:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LANDEXRemote.exe, version: 0.0.0.0, time stamp: 0x56cf4283
Faulting module name: ProfUIS288u-RDE62.dll, version: 2.8.9.1245, time stamp: 0x5640f249
Exception code: 0xc0000005
Fault offset: 0x0029c7e5
Faulting process id: 0x6ea8
Faulting application start time: 0x01d39b7a5d302f0f
Faulting application path: C:\Program Files (x86)\LandexRemote\LANDEXRemote.exe
Faulting module path: C:\Program Files (x86)\LandexRemote\ProfUIS288u-RDE62.dll
Report Id: 95f1c10e-6291-4d49-bd01-03ba698a31ce
Faulting package full name:
Faulting package-relative application ID:

Error: (01/31/2018 10:47:35 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (2536,G,0) An attempt to open the file "C:\Users\Les\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/31/2018 10:45:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 58.0.1.6602, time stamp: 0x5a6e3024
Faulting module name: shcore.dll, version: 10.0.16299.15, time stamp: 0x6c07e48f
Exception code: 0xc0000005
Fault offset: 0x0000000000036c7a
Faulting process id: 0x26e8
Faulting application start time: 0x01d39b0f255cbb9e
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\WINDOWS\System32\shcore.dll
Report Id: b9b80fa0-ee59-4e06-9bd6-9cc0b0a836b0
Faulting package full name:
Faulting package-relative application ID:

Error: (01/31/2018 10:43:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4997.1000, time stamp: 0x5a2f8225
Faulting module name: shcore.dll, version: 10.0.16299.15, time stamp: 0x30134c68
Exception code: 0xc0000005
Fault offset: 0x00038091
Faulting process id: 0x2188
Faulting application start time: 0x01d39b0eca91e100
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
Faulting module path: C:\WINDOWS\System32\shcore.dll
Report Id: d6f6e2a6-5a1a-4101-9fe6-d65c0ef524e9
Faulting package full name:
Faulting package-relative application ID:

Error: (01/31/2018 03:05:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LANDEXRemote.exe, version: 0.0.0.0, time stamp: 0x56cf4283
Faulting module name: ProfUIS288u-RDE62.dll, version: 2.8.9.1245, time stamp: 0x5640f249
Exception code: 0xc0000005
Fault offset: 0x0029c7e5
Faulting process id: 0x9d78
Faulting application start time: 0x01d39ace1882c501
Faulting application path: C:\Program Files (x86)\LandexRemote\LANDEXRemote.exe
Faulting module path: C:\Program Files (x86)\LandexRemote\ProfUIS288u-RDE62.dll
Report Id: 8d9dd34b-3f0f-472f-bf37-6733c162b99f
Faulting package full name:
Faulting package-relative application ID:

Error: (01/31/2018 12:56:20 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (01/31/2018 12:55:59 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (01/30/2018 09:06:16 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (6692,G,0) An attempt to open the file "C:\Users\Les\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/30/2018 07:54:35 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (3816,G,0) An attempt to open the file "C:\Users\Les\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (02/02/2018 11:05:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/02/2018 11:05:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.

Error: (02/02/2018 11:01:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (02/02/2018 10:58:39 AM) (Source: DCOM) (EventID: 10010) (User: Winnie)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (01/31/2018 10:44:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/31/2018 10:44:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.

Error: (01/31/2018 10:43:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/31/2018 10:43:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (01/31/2018 09:57:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/31/2018 09:57:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


CodeIntegrity:
===================================
  Date: 2018-02-02 11:27:48.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-02 11:27:33.694
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-02 11:25:36.318
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-02 11:25:36.315
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-02 11:20:20.262
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-02 11:20:20.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-02 11:16:08.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-02 11:16:08.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-02 11:12:27.441
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-02-02 11:12:27.438
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: AMD A10-5700 APU with Radeon™ HD Graphics
Percentage of memory in use: 50%
Total physical RAM: 12252.09 MB
Available physical RAM: 6101.73 MB
Total Virtual: 13148.09 MB
Available Virtual: 6085.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.48 GB) (Free:715.41 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (FRST) (Fixed) (Total:14.89 GB) (Free:14.89 GB) FAT32
Drive n: (Samsung HDD) (Fixed) (Total:931.51 GB) (Free:30.2 GB) NTFS
Drive o: (TOSHIBA EXT) (Fixed) (Total:1862.92 GB) (Free:866.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: AA22ECA1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 9B722700)
Partition 1: (Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: EDEAA0AF)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 02 February 2018 - 01:29 PM

Almost done!

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply
How's your system behaving now? Are there any other issues to address?

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Les Berkley

Les Berkley
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lakewood, OH
  • Local time:06:30 AM

Posted 02 February 2018 - 02:27 PM

Fixlog attached. NOTE: Program crashed on the first run, but completed on the second. System seems good right now.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Les (02-02-2018 14:12:10) Run:3
Running from C:\Users\Les\Downloads
Loaded Profiles: Les (Available Profiles: Les)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

DeleteKey: HKLM\SOFTWARE\Google\Chrome\Extensions\hkhkiakolggnnicallabhkobalpeplpi
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hkhkiakolggnnicallabhkobalpeplpi

HKLM\...\Run: [anaya] => "C:\Program Files (x86)\Pedestal\understandable.exe"
HKLM\...\Run: [anayapervades] => "C:\Program Files (x86)\palma\purifier.exe"
HKLM\...\Run: [anayaanaya] => "C:\Program Files (x86)\Daoud\understandable.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\communiques.lnk [2018-01-22]
ShortcutTarget: communiques.lnk -> C:\Program Files (x86)\Pedestal\understandable.exe (No File)
Startup: C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\communiquescommuniques.lnk [2018-01-22]
ShortcutTarget: communiquescommuniques.lnk -> C:\Program Files (x86)\palma\purifier.exe (No File)
GroupPolicy: Restriction <==== ATTENTION

CustomCLSID: HKU\S-1-5-21-3451223362-1175936456-4260665253-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4E6619CDDE4F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File

Task: {00CE2A67-35E7-4B3A-A49D-CC026B89FFB2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {04AEA346-5E80-4715-95A9-A08769703536} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2338D353-F2F5-4F1A-A65E-EFEE9E5458FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4997D0D6-A423-46AF-B8B2-353F5D959D22} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4E20CB96-D572-4AAD-ACB7-0C6B64A0E332} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {61A09969-5673-458A-B0BA-5DD1E3B69CFA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6DD96D19-116B-4A09-8CCB-7A1C59FA0A35} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9033EB99-9E2C-42D7-9455-B75652AC739A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {971831F5-DF5C-4367-A69E-691F0C215589} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A56F7581-0C56-482B-9F69-A32814604414} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B762162F-F4DB-42FA-B4C6-B905B2F3E57E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B7F9E382-D50F-4F61-B54C-BE6BF45725C5} - System32\Tasks\{396BEC7F-C701-4E03-BEA4-D9D0927DF764} => C:\Windows\system32\pcalua.exe -a C:\Users\Les\Downloads\madFlac\InstallFilter.exe -d C:\Users\Les\Downloads\madFlac
Task: {E02994B9-8A06-499C-B35B-CC3B43DC6E06} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F0FDF95A-9F47-4F05-A620-70C1854CA9BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

AlternateDataStreams: C:\Windows:nlsPreferences [386]

HKLM\...\StartupApproved\Run: => "anayapervades"
HKLM\...\StartupApproved\Run: => "anayaanaya"
HKLM\...\StartupApproved\Run: => "anaya"
HKLM\...\StartupApproved\Run32: => "lappattie"
HKLM\...\StartupApproved\Run32: => "laplap"
HKLM\...\StartupApproved\Run32: => "lap"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\StartupFolder: => "communiques.lnk"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pervadesanaya"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pattielap"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pervadespervades"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pervades"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pattiepattie"
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\...\StartupApproved\Run: => "pattie"

C:\Program Files (x86)\bender
C:\Program Files (x86)\bridal
C:\Program Files (x86)\Daoud
C:\Program Files (x86)\palma
C:\Program Files (x86)\Pedestal
C:\Program Files (x86)\KMSPico 10.0.6
C:\Users\Les\AppData\Local\{E144D718-C5EC-BBA0-A874-9E488C1C62D0}
C:\Users\Les\AppData\Local\aungrxw
C:\Users\Les\AppData\Local\lsokcpe
C:\Users\Les\AppData\Local\upbxmvk
C:\Users\Les\AppData\Local\56f857505417e3fe0c6362.11790009
C:\Users\Les\AppData\Roaming\et
C:\WINDOWS\system32\rtmbgok
C:\WINDOWS\system32\sndpuhvsvc.exe
C:\WINDOWS\SysWOW64\rtmbgok

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Google\Chrome\Extensions\hkhkiakolggnnicallabhkobalpeplpi => key not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hkhkiakolggnnicallabhkobalpeplpi => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\anaya" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\anayapervades" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\anayaanaya" => not found
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\communiques.lnk" => not found
C:\Program Files => FRST is scripted not to move this directory.
"C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\communiquescommuniques.lnk" => not found
C:\Program Files => FRST is scripted not to move this directory.
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
HKU\S-1-5-21-3451223362-1175936456-4260665253-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4E6619CDDE4F} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00CE2A67-35E7-4B3A-A49D-CC026B89FFB2}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00CE2A67-35E7-4B3A-A49D-CC026B89FFB2} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04AEA346-5E80-4715-95A9-A08769703536} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2338D353-F2F5-4F1A-A65E-EFEE9E5458FC} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4997D0D6-A423-46AF-B8B2-353F5D959D22} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E20CB96-D572-4AAD-ACB7-0C6B64A0E332} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61A09969-5673-458A-B0BA-5DD1E3B69CFA} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DD96D19-116B-4A09-8CCB-7A1C59FA0A35} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9033EB99-9E2C-42D7-9455-B75652AC739A} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{971831F5-DF5C-4367-A69E-691F0C215589} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A56F7581-0C56-482B-9F69-A32814604414} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B762162F-F4DB-42FA-B4C6-B905B2F3E57E} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7F9E382-D50F-4F61-B54C-BE6BF45725C5} => key not found
"C:\WINDOWS\System32\Tasks\{396BEC7F-C701-4E03-BEA4-D9D0927DF764}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{396BEC7F-C701-4E03-BEA4-D9D0927DF764} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E02994B9-8A06-499C-B35B-CC3B43DC6E06} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0FDF95A-9F47-4F05-A620-70C1854CA9BE} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found
"C:\Windows" => ":nlsPreferences" ADS not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\anayapervades" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\anayapervades" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\anayaanaya" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\anayaanaya" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\anaya" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\anaya" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\lappattie" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\lappattie" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\laplap" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\laplap" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\lap" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\lap" => not found
"C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\communiques.lnk" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\communiques.lnk" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\pervadesanaya" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pervadesanaya" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\pattielap" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pattielap" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\pervadespervades" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pervadespervades" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\pervades" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pervades" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\pattiepattie" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pattiepattie" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\pattie" => not found
"HKU\S-1-5-21-3451223362-1175936456-4260665253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pattie" => not found
"C:\Program Files (x86)\bender" => not found
"C:\Program Files (x86)\bridal" => not found
"C:\Program Files (x86)\Daoud" => not found
"C:\Program Files (x86)\palma" => not found
"C:\Program Files (x86)\Pedestal" => not found
"C:\Program Files (x86)\KMSPico 10.0.6" => not found
"C:\Users\Les\AppData\Local\{E144D718-C5EC-BBA0-A874-9E488C1C62D0}" => not found
"C:\Users\Les\AppData\Local\aungrxw" => not found
"C:\Users\Les\AppData\Local\lsokcpe" => not found
"C:\Users\Les\AppData\Local\upbxmvk" => not found
"C:\Users\Les\AppData\Local\56f857505417e3fe0c6362.11790009" => not found
"C:\Users\Les\AppData\Roaming\et" => not found
"C:\WINDOWS\system32\rtmbgok" => not found
"C:\WINDOWS\system32\sndpuhvsvc.exe" => not found
"C:\WINDOWS\SysWOW64\rtmbgok" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 72 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Les => 1811775117 B

RecycleBin => 342415129 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:13:46 ====



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 02 February 2018 - 03:55 PM

Looks like it crashed when emptying your temp folder, as when it ran the 2nd time, everything was already removed.

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users