Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rarsfx0\installer.exe prompting for install


  • This topic is locked This topic is locked
7 replies to this topic

#1 kassan07

kassan07

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 15 June 2018 - 02:18 PM

Hello, 

I have a program named  C:\users\[name]\appdata\local\temp\rarsfx0\installer.exe prompting every now and then for installation. I would like to remove it from my computer. I tried CCleaner but it does not work. Can anyone hep me please? 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01

Ran by latoe (ATTENTION: The user is not administrator) on BW07C134 (15-06-2018 20:54:46)
Running from C:\Users\latoe\Downloads
Loaded Profiles: latoe (Available Profiles: BW07Admin & LocalAdmin & Administrator & latoe)
Platform: Windows 10 Enterprise Version 1709 16299.492 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> svchost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> vsserv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dasHost.exe
Failed to access process -> UshUpgradeService.exe
Failed to access process -> svchost.exe
Failed to access process -> DevMgmtService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> igfxCUIService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> RtkAudioService64.exe
Failed to access process -> RAVBg64.exe
Failed to access process -> RAVBg64.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> HostControlService.exe
Failed to access process -> HostStorageService.exe
Failed to access process -> svchost.exe
Failed to access process -> HidMonitorSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> EMP_UDSA.exe
Failed to access process -> nssm.exe
Failed to access process -> WDDriveService.exe
Failed to access process -> ZDServ.exe
Failed to access process -> updatesrv.exe
Failed to access process -> vsservp.exe
Failed to access process -> IntelCpHDCPSvc.exe
Failed to access process -> ProductAgentService.exe
Failed to access process -> DbxSvc.exe
Failed to access process -> esif_uf.exe
Failed to access process -> svchost.exe
Failed to access process -> ibtsiva.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SecurityHealthService.exe
Failed to access process -> IntelCpHeciSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> xvpnd.exe
Failed to access process -> conhost.exe
Failed to access process -> svchost.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> bdredline.exe
Failed to access process -> CcmExec.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> DropboxUpdate.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> HPSupportSolutionsFrameworkService.exe
Failed to access process -> svchost.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> GoogleCrashHandler64.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> ssonsvr.exe
Failed to access process -> svchost.exe
() C:\Windows\Temp\DPTF\esif_assist_64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> svchost.exe
() C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125177.inf_amd64_d9d520fc51d8a7f4\igfxEM.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Airtel Internet\CancelAutoPlay.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
Failed to access process -> svchost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\dmiface.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
Failed to access process -> svchost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853248 2016-08-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-08-23] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [773760 2016-10-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2014-04-29] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [530560 2016-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [239744 2016-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [{2EB25CE5-0F84-4B65-AFB4-4360BECDEDC1}] => C:\Program Files (x86)\Airtel Internet\UUShell.exe [122112 2013-11-18] ()
HKLM-x32\...\Run: [CancelAutoPlay] => C:\Program Files (x86)\Airtel Internet\CancelAutoPlay.exe [450304 2013-07-11] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2309008 2017-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [534664 2011-11-17] (SEIKO EPSON CORPORATION)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27831240 2018-03-13] (Skype Technologies S.A.)
HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [812672 2018-02-07] (ExpressVPN)
HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\Policies\system: [DisableChangePassword] 1
HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\MountPoints2: {8c414cd8-2c8a-11e8-8331-f48c50e697d5} - "D:\EMP_UDSe.exe" /autorun
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 195.130.130.2 195.130.131.2
Tcpip\..\Interfaces\{24fbe1da-e121-4af5-a4cf-5d9323a96515}: [DhcpNameServer] 10.135.0.1
Tcpip\..\Interfaces\{35663739-ECD7-4186-98F8-84E2CAAC5321}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{47A8C347-067F-46BF-BC7C-2CFAF962234B}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{6A202EC3-0364-41C9-8170-5B1397A22F08}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{831510B1-B41D-41D0-82D2-70BCB2F68757}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{97bf0d36-79b0-4d2e-a449-b09dd9f9c2b7}: [DhcpNameServer] 195.130.130.2 195.130.131.2
Tcpip\..\Interfaces\{A032BEF3-59B4-450B-969E-FB6A3F9E88CC}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{b34713ba-ba6d-49e3-a950-a7c4fd475347}: [DhcpNameServer] 157.193.71.1 157.193.40.42
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4030456262-320625612-449655040-101214\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.ugent.be/intranet
SearchScopes: HKU\S-1-5-21-4030456262-320625612-449655040-101214 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-4030456262-320625612-449655040-101214 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-4030456262-320625612-449655040-101214 -> {DE605241-7D5D-40A2-ADA8-BBA542DD7C64} URL = hxxp://www.google.be/search?hl=en&q={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-23] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-23] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-19] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-19] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-23] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-23] (Bitdefender)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: fu7dcwgc.default
FF ProfilePath: C:\Users\latoe\AppData\Roaming\Mozilla\Firefox\Profiles\fu7dcwgc.default [2018-06-15]
FF Homepage: Mozilla\Firefox\Profiles\fu7dcwgc.default -> hxxp://www.ugent.be
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-11-08]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-11-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF Extension: (Belgium eID) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2017-05-24] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-04-25] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default [2018-06-15]
CHR Extension: (Slides) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2017-05-24]
CHR Extension: (YouTube) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-24]
CHR Extension: (Adblock Plus) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-17]
CHR Extension: (Adobe Acrobat) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-20]
CHR Extension: (Sheets) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (ExpressVPN for Chrome) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2018-05-18]
CHR Extension: (Google Docs Offline) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-24]
CHR Extension: (AdBlock) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-24]
CHR Extension: (Chrome Media Router) - C:\Users\latoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-18]
CHR HKU\S-1-5-21-4030456262-320625612-449655040-101214\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-10-20] (Alps Electric Co., Ltd.)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2137280 2018-04-17] (Bitdefender)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)
S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-06-04] (Dropbox, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [103584 2018-01-15] (Bitdefender)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2011-11-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-08-23] (Intel Corporation)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2018-02-07] ()
R2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1047000 2017-05-25] (Broadcom Corporation)
R2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [51160 2017-05-25] (Broadcom Corporation)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-25] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-10-15] (Intel Corporation)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-15] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-15] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-08-23] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-23] (Microsoft Corporation)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [276152 2013-09-11] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112712 2018-05-23] (Bitdefender)
R2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [268248 2017-05-25] ()
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1001072 2018-05-23] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe [522624 2018-05-23] (Bitdefender)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [355184 2017-09-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 ZDServ; C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe [432384 2013-11-18] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2016-08-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2016-08-23] (Advanced Micro Devices, Inc.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177008 2018-05-23] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-05-23] (BitDefender)
S3 bcmnfcusb; C:\WINDOWS\System32\drivers\bcmnfcusb.sys [48896 2016-08-23] (Broadcom Corporation.)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-23] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [130840 2018-05-23] (BitDefender LLC)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45104 2018-05-23] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-05-23] (BitDefender)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2016-08-23] (OSR Open Systems Resources, Inc.)
R3 DellRctl; C:\WINDOWS\System32\drivers\DellRctl.sys [33616 2016-08-23] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-08-23] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-08-23] (Intel Corporation)
R1 EMP_MIRRUD; C:\WINDOWS\System32\drivers\EMP_MirrUD.sys [5632 2011-11-17] (Windows ® Codename Longhorn DDK provider)
R3 eppvad_simple; C:\WINDOWS\system32\drivers\EMP_UDAU.sys [23040 2011-11-17] (SEIKO EPSON CORPORATION)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-08-23] (Intel Corporation)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [28160 2017-11-21] ()
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [189544 2018-05-23] (BitDefender LLC)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [732416 2016-10-15] (Intel Corporation)
R0 Ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [191592 2018-05-23] (Bitdefender)
S3 imausbhpal; C:\WINDOWS\System32\drivers\imausbhpal.sys [636976 2016-08-23] ()
S3 imausbhub; C:\WINDOWS\System32\drivers\imausbhub.sys [462384 2016-08-23] (Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2677504 2016-08-23] (Realtek Semiconductor Corp.)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
S3 nhi; C:\WINDOWS\System32\drivers\tbt81x.sys [127048 2016-08-23] (Intel Corporation)
R3 prepdrvr; C:\WINDOWS\system32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [758488 2016-08-23] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [146512 2016-08-23] (STMicroelectronics)
S3 swmbbser05; C:\WINDOWS\System32\drivers\swmbbser05.sys [288016 2016-08-23] (Sierra Wireless Incorporated)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2017-11-03] (The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [607640 2018-06-11] (Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-15 09:51 - 2018-06-08 19:26 - 021754880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-15 09:51 - 2018-06-08 19:26 - 017084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-06-15 09:51 - 2018-06-08 19:03 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-15 09:51 - 2018-06-08 18:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-15 09:51 - 2018-06-08 18:58 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-15 09:51 - 2018-06-08 13:42 - 002491120 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-15 09:51 - 2018-06-08 13:41 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-15 09:51 - 2018-06-08 09:33 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-06-15 09:51 - 2018-06-08 09:33 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-15 09:51 - 2018-06-08 09:33 - 001056184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-15 09:51 - 2018-06-08 09:33 - 000269720 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-06-15 09:51 - 2018-06-08 09:32 - 001638432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-15 09:51 - 2018-06-08 09:32 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-15 09:51 - 2018-06-08 09:32 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-15 09:51 - 2018-06-08 09:30 - 008594848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-15 09:51 - 2018-06-08 09:30 - 002514944 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-15 09:51 - 2018-06-08 09:30 - 001953544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-15 09:51 - 2018-06-08 09:29 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-15 09:51 - 2018-06-08 09:27 - 001173584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-15 09:51 - 2018-06-08 09:27 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-15 09:51 - 2018-06-08 09:25 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-06-15 09:51 - 2018-06-08 09:24 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-15 09:51 - 2018-06-08 09:24 - 003009736 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-15 09:51 - 2018-06-08 09:24 - 002711248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-15 09:51 - 2018-06-08 09:24 - 000891808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-06-15 09:51 - 2018-06-08 09:23 - 021357336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-15 09:51 - 2018-06-08 09:23 - 004486400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-15 09:51 - 2018-06-08 09:23 - 002412688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-15 09:51 - 2018-06-08 09:23 - 000824904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-06-15 09:51 - 2018-06-08 09:22 - 006791992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-15 09:51 - 2018-06-08 09:22 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-15 09:51 - 2018-06-08 09:22 - 001269640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-15 09:51 - 2018-06-08 09:22 - 000688072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-15 09:51 - 2018-06-08 09:22 - 000093624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-15 09:51 - 2018-06-08 09:21 - 007385096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-15 09:51 - 2018-06-08 09:21 - 004507096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-15 09:51 - 2018-06-08 09:21 - 001779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-15 09:51 - 2018-06-08 09:21 - 000594080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-15 09:51 - 2018-06-08 09:20 - 001101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-15 09:51 - 2018-06-08 08:26 - 025256960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-15 09:51 - 2018-06-08 08:21 - 001931256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-15 09:51 - 2018-06-08 08:21 - 001614168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-15 09:51 - 2018-06-08 08:21 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-15 09:51 - 2018-06-08 08:19 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-15 09:51 - 2018-06-08 08:18 - 000097160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-15 09:51 - 2018-06-08 08:10 - 003485400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-06-15 09:51 - 2018-06-08 08:10 - 002338272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-15 09:51 - 2018-06-08 08:09 - 017161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-15 09:51 - 2018-06-08 08:09 - 006092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-15 09:51 - 2018-06-08 08:09 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-15 09:51 - 2018-06-08 08:09 - 000791968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-06-15 09:51 - 2018-06-08 08:09 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe
2018-06-15 09:51 - 2018-06-08 08:08 - 020290256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-15 09:51 - 2018-06-08 08:08 - 003979696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-15 09:51 - 2018-06-08 08:08 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-15 09:51 - 2018-06-08 08:08 - 001990672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-15 09:51 - 2018-06-08 08:08 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 002386320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 000975360 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-06-15 09:51 - 2018-06-08 08:07 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 006015208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 004668688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 001524784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 000551696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-06-15 09:51 - 2018-06-08 08:05 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2018-06-15 09:51 - 2018-06-08 08:05 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-15 09:51 - 2018-06-08 08:04 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-15 09:51 - 2018-06-08 08:04 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-15 09:51 - 2018-06-08 08:04 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-15 09:51 - 2018-06-08 08:03 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-06-15 09:51 - 2018-06-08 08:02 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-06-15 09:51 - 2018-06-08 08:01 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-15 09:51 - 2018-06-08 08:01 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-15 09:51 - 2018-06-08 08:01 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-15 09:51 - 2018-06-08 08:01 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-06-15 09:51 - 2018-06-08 08:00 - 012833792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-15 09:51 - 2018-06-08 08:00 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-06-15 09:51 - 2018-06-08 08:00 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-06-15 09:51 - 2018-06-08 07:59 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-06-15 09:51 - 2018-06-08 07:59 - 003124224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-06-15 09:51 - 2018-06-08 07:59 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-06-15 09:51 - 2018-06-08 07:59 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-15 09:51 - 2018-06-08 07:58 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-15 09:51 - 2018-06-08 07:58 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-15 09:51 - 2018-06-08 07:58 - 003332608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-15 09:51 - 2018-06-08 07:58 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-15 09:51 - 2018-06-08 07:57 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-06-15 09:51 - 2018-06-08 07:57 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-06-15 09:51 - 2018-06-08 07:57 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-15 09:51 - 2018-06-08 07:57 - 001812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-15 09:51 - 2018-06-08 07:57 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-15 09:51 - 2018-06-08 07:57 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-06-15 09:51 - 2018-06-08 07:57 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-15 09:51 - 2018-06-08 07:56 - 002528768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-06-15 09:51 - 2018-06-08 07:56 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-15 09:51 - 2018-06-08 07:52 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-06-15 09:51 - 2018-06-08 07:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-15 09:51 - 2018-06-08 07:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-15 09:51 - 2018-06-08 07:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-15 09:51 - 2018-06-08 07:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-06-15 09:51 - 2018-06-08 07:45 - 018930688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-15 09:51 - 2018-06-08 07:45 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-06-15 09:51 - 2018-06-08 07:44 - 019358720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-15 09:51 - 2018-06-08 07:44 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-15 09:51 - 2018-06-08 07:43 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-15 09:51 - 2018-06-08 07:43 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-06-15 09:51 - 2018-06-08 07:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-06-15 09:51 - 2018-06-08 07:41 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-15 09:51 - 2018-06-08 07:41 - 011924992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-15 09:51 - 2018-06-08 07:41 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-15 09:51 - 2018-06-08 07:41 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-15 09:51 - 2018-06-08 07:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-15 09:51 - 2018-06-08 07:40 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-15 09:51 - 2018-06-08 07:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-15 09:51 - 2018-06-08 07:40 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-06-15 09:51 - 2018-06-08 07:39 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-15 09:51 - 2018-06-08 07:39 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-06-15 09:51 - 2018-06-08 07:39 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-06-15 09:51 - 2018-06-08 07:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-15 09:51 - 2018-06-08 07:38 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-15 09:51 - 2018-06-08 07:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-06-15 09:51 - 2018-06-08 07:36 - 006060032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-15 09:51 - 2018-06-08 07:36 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-15 09:51 - 2018-06-08 07:35 - 007812608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-06-15 09:51 - 2018-06-08 07:35 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-06-15 09:51 - 2018-06-08 07:35 - 002868736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-15 09:51 - 2018-06-08 07:35 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-15 09:51 - 2018-06-08 07:35 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-15 09:51 - 2018-06-08 07:35 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-15 09:51 - 2018-05-12 15:57 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2018-06-15 09:51 - 2018-05-12 15:55 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-15 09:51 - 2018-05-12 01:15 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-06-15 09:51 - 2018-05-12 01:15 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-06-15 09:51 - 2018-05-12 01:14 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-06-15 09:51 - 2018-05-12 01:14 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-06-15 09:51 - 2018-05-12 01:10 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-15 09:51 - 2018-05-12 01:10 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-15 09:51 - 2018-05-12 01:10 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-15 09:51 - 2018-05-12 01:09 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-06-15 09:51 - 2018-05-12 01:09 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-15 09:51 - 2018-05-12 01:08 - 000428440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-06-15 09:51 - 2018-05-12 01:08 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-06-15 09:51 - 2018-05-12 01:07 - 002711168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-15 09:51 - 2018-05-12 01:07 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-06-15 09:51 - 2018-05-12 01:07 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-15 09:51 - 2018-05-12 01:05 - 000616792 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-06-15 09:51 - 2018-05-11 23:54 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-15 09:51 - 2018-05-11 23:53 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-15 09:51 - 2018-05-11 23:53 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-06-15 09:51 - 2018-05-11 23:53 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-15 09:51 - 2018-05-11 23:52 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-06-15 09:51 - 2018-05-11 23:48 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-06-15 09:51 - 2018-05-11 23:48 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-06-15 09:51 - 2018-05-11 23:47 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-06-15 09:51 - 2018-05-11 23:46 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-06-15 09:51 - 2018-05-11 23:46 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-06-15 09:51 - 2018-05-11 23:45 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-06-15 09:51 - 2018-05-11 23:44 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-15 09:51 - 2018-05-11 23:42 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-15 09:51 - 2018-05-11 23:41 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-15 09:51 - 2018-05-11 23:40 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-15 09:51 - 2018-05-11 23:39 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-15 09:51 - 2018-05-11 23:29 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-06-15 09:51 - 2018-05-11 23:29 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2018-06-15 09:51 - 2018-05-11 23:20 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-15 09:51 - 2018-05-11 23:19 - 001353216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-06-15 09:50 - 2018-06-08 09:36 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-06-15 09:50 - 2018-06-08 09:36 - 000137120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-06-15 09:50 - 2018-06-08 09:35 - 001093040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-15 09:50 - 2018-06-08 09:35 - 000924656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-15 09:50 - 2018-06-08 09:35 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-15 09:50 - 2018-06-08 09:35 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-06-15 09:50 - 2018-06-08 09:34 - 000748472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-06-15 09:50 - 2018-06-08 09:34 - 000423352 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-06-15 09:50 - 2018-06-08 09:33 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-06-15 09:50 - 2018-06-08 09:33 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-06-15 09:50 - 2018-06-08 09:33 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-15 09:50 - 2018-06-08 09:33 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-06-15 09:50 - 2018-06-08 09:32 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-06-15 09:50 - 2018-06-08 09:32 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-06-15 09:50 - 2018-06-08 09:30 - 001416360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-15 09:50 - 2018-06-08 09:29 - 001849760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-15 09:50 - 2018-06-08 09:29 - 001210272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-15 09:50 - 2018-06-08 09:26 - 000712456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-15 09:50 - 2018-06-08 09:26 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-06-15 09:50 - 2018-06-08 09:25 - 000525728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-15 09:50 - 2018-06-08 09:24 - 006282280 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2018-06-15 09:50 - 2018-06-08 09:24 - 001488288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-06-15 09:50 - 2018-06-08 09:24 - 001029536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-06-15 09:50 - 2018-06-08 09:24 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2018-06-15 09:50 - 2018-06-08 09:24 - 000247712 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-15 09:50 - 2018-06-08 09:23 - 002472888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-15 09:50 - 2018-06-08 09:23 - 000706464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-15 09:50 - 2018-06-08 09:23 - 000677304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-15 09:50 - 2018-06-08 09:23 - 000137552 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-15 09:50 - 2018-06-08 09:22 - 001358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-15 09:50 - 2018-06-08 09:21 - 000260904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-15 09:50 - 2018-06-08 08:18 - 000212920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-06-15 09:50 - 2018-06-08 08:10 - 001124768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-06-15 09:50 - 2018-06-08 08:09 - 002993728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2018-06-15 09:50 - 2018-06-08 08:09 - 000832952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2018-06-15 09:50 - 2018-06-08 08:09 - 000592800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-15 09:50 - 2018-06-08 08:08 - 001075984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-15 09:50 - 2018-06-08 08:08 - 000640024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-06-15 09:50 - 2018-06-08 08:06 - 000129208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-06-15 09:50 - 2018-06-08 08:05 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-15 09:50 - 2018-06-08 08:04 - 001925120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2018-06-15 09:50 - 2018-06-08 08:04 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-15 09:50 - 2018-06-08 08:03 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-15 09:50 - 2018-06-08 08:03 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-15 09:50 - 2018-06-08 08:01 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2018-06-15 09:50 - 2018-06-08 08:01 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-06-15 09:50 - 2018-06-08 08:00 - 003180032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-15 09:50 - 2018-06-08 08:00 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-15 09:50 - 2018-06-08 08:00 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2018-06-15 09:50 - 2018-06-08 07:59 - 001297920 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-15 09:50 - 2018-06-08 07:59 - 001116672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-15 09:50 - 2018-06-08 07:59 - 001043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-06-15 09:50 - 2018-06-08 07:58 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-15 09:50 - 2018-06-08 07:58 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-15 09:50 - 2018-06-08 07:57 - 001238016 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-15 09:50 - 2018-06-08 07:57 - 001135104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-15 09:50 - 2018-06-08 07:56 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2018-06-15 09:50 - 2018-06-08 07:55 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-06-15 09:50 - 2018-06-08 07:52 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-06-15 09:50 - 2018-06-08 07:40 - 001277440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2018-06-15 09:50 - 2018-06-08 07:35 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-15 09:50 - 2018-06-08 07:35 - 000955392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-15 09:50 - 2018-06-08 07:35 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-15 09:50 - 2018-06-08 07:35 - 000891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2018-06-15 09:50 - 2018-05-12 15:56 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-06-15 09:50 - 2018-05-12 15:55 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-15 09:50 - 2018-05-12 15:53 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-15 09:50 - 2018-05-12 01:08 - 000757792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-06-15 09:50 - 2018-05-12 01:07 - 001084736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 001628056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 001051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000963992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000831384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-06-15 09:50 - 2018-05-12 01:05 - 000813976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000670104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000645528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000397720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000231320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-06-15 09:50 - 2018-05-11 23:54 - 003198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-15 09:50 - 2018-05-11 23:53 - 001033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-15 09:50 - 2018-05-11 23:52 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\PayloadRestrictions.dll
2018-06-15 09:50 - 2018-05-11 23:52 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-06-15 09:50 - 2018-05-11 23:50 - 002186240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll
2018-06-15 09:50 - 2018-05-11 23:50 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-06-15 09:50 - 2018-05-11 23:50 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-06-15 09:50 - 2018-05-11 23:49 - 001685504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2018-06-15 09:50 - 2018-05-11 23:40 - 001363968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-15 09:50 - 2018-05-11 23:38 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-06-15 09:50 - 2018-05-11 23:33 - 002762752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-15 09:50 - 2018-05-11 23:31 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-06-15 09:50 - 2018-05-11 23:28 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-06-15 09:50 - 2018-05-11 23:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-06-15 09:50 - 2018-05-11 23:26 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2018-06-15 09:50 - 2018-05-11 23:20 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-15 09:49 - 2018-06-08 09:29 - 000937376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-15 09:49 - 2018-06-08 09:29 - 000028576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-15 09:49 - 2018-06-08 09:22 - 000054376 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-15 09:49 - 2018-06-08 09:21 - 001206104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-06-15 09:49 - 2018-06-08 08:07 - 000047608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-15 09:49 - 2018-06-08 08:06 - 001131696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-06-15 09:49 - 2018-06-08 08:05 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2018-06-15 09:49 - 2018-06-08 08:05 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanelExternalHook.dll
2018-06-15 09:49 - 2018-06-08 08:04 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-15 09:49 - 2018-06-08 08:01 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-15 09:49 - 2018-06-08 07:59 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-15 09:49 - 2018-06-08 07:53 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-15 09:49 - 2018-06-08 07:52 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-06-15 09:49 - 2018-06-08 07:46 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-15 09:49 - 2018-06-08 07:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2018-06-15 09:49 - 2018-06-08 07:39 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2018-06-15 09:49 - 2018-06-08 07:39 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-15 09:49 - 2018-06-08 07:34 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DbgModel.dll
2018-06-15 09:49 - 2018-05-12 15:52 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-06-15 09:49 - 2018-05-12 15:52 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialStore.dll
2018-06-15 09:49 - 2018-05-11 23:51 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaproxystub.dll
2018-06-15 09:49 - 2018-05-11 23:50 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-06-15 09:49 - 2018-05-11 23:50 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
2018-06-15 09:49 - 2018-05-11 23:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-15 09:49 - 2018-05-11 23:48 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-06-15 09:49 - 2018-05-11 23:48 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-06-15 09:49 - 2018-05-11 23:47 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-06-15 09:49 - 2018-05-11 23:47 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2018-06-15 09:49 - 2018-05-11 23:47 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-06-15 09:49 - 2018-05-11 23:47 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-06-15 09:49 - 2018-05-11 23:31 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PayloadRestrictions.dll
2018-06-15 09:49 - 2018-05-11 23:31 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaproxystub.dll
2018-06-15 09:49 - 2018-05-11 23:30 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-15 09:49 - 2018-05-11 23:29 - 001428480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaclient.dll
2018-06-15 09:49 - 2018-05-11 23:29 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2018-06-15 09:49 - 2018-05-11 23:29 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secur32.dll
2018-06-15 09:49 - 2018-05-11 23:28 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-06-15 09:49 - 2018-05-11 23:27 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2018-06-11 15:47 - 2018-06-11 15:47 - 000000000 ____D C:\Program Files\RStudio
2018-06-11 15:44 - 2018-06-11 15:44 - 000000000 ____D C:\Program Files\R
2018-06-04 12:18 - 2018-06-04 12:18 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-06-04 12:18 - 2018-06-04 12:18 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-06-04 12:18 - 2018-06-04 12:18 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-06-04 12:18 - 2018-06-04 12:18 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-21 19:06 - 2018-05-01 23:25 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-21 19:06 - 2018-05-01 23:25 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-15 19:57 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-15 19:56 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-15 19:48 - 2018-01-24 11:46 - 002063564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-15 19:48 - 2018-01-23 15:22 - 000926146 _____ C:\WINDOWS\system32\perfh013.dat
2018-06-15 19:48 - 2018-01-23 15:22 - 000191796 _____ C:\WINDOWS\system32\perfc013.dat
2018-06-15 19:46 - 2017-05-24 12:31 - 000000569 _____ C:\WINDOWS\SMSCFG.ini
2018-06-15 19:44 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2018-06-15 19:43 - 2018-01-24 11:18 - 000471360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-15 19:42 - 2018-01-24 11:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-15 19:42 - 2017-12-05 20:29 - 000036331 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2018-06-15 15:06 - 2017-11-22 15:16 - 000015691 _____ C:\bdlog.txt
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-15 15:03 - 2017-09-29 10:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-15 14:46 - 2018-01-24 11:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-15 10:04 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-15 09:50 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-11 09:28 - 2018-01-23 16:14 - 000607640 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2018-06-09 23:39 - 2018-01-24 11:25 - 000000000 ____D C:\Users\latoe
2018-06-08 11:36 - 2017-11-16 16:35 - 000000000 ____D C:\Program Files\Bitdefender Agent
2018-06-08 08:29 - 2016-07-16 14:58 - 000398126 __RSH C:\bootmgr
2018-06-07 17:06 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-07 17:06 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-06 20:52 - 2017-05-24 15:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-24 14:46 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\rescache
2018-05-23 12:59 - 2018-01-23 16:14 - 000191592 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2018-05-23 12:46 - 2018-01-23 16:14 - 000045104 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2018-05-23 12:18 - 2018-01-23 16:14 - 001723552 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2018-05-23 12:18 - 2018-01-23 16:14 - 000189544 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2018-05-23 12:18 - 2018-01-23 16:14 - 000023032 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2018-05-23 12:16 - 2018-01-23 16:14 - 000096448 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2018-05-23 12:15 - 2018-01-23 16:14 - 001177008 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2018-05-22 09:11 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-21 19:04 - 2017-05-24 15:01 - 000001040 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-21 19:04 - 2017-05-24 15:01 - 000001036 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-21 18:57 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-21 18:56 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-21 18:56 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-21 18:56 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-05-21 18:56 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-21 18:55 - 2017-09-29 15:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-21 18:55 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-21 18:55 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-05-21 18:55 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-21 18:55 - 2017-09-29 10:45 - 000000000 ____D C:\WINDOWS\servicing
 
==================== Files in the root of some directories =======
 
2017-09-18 10:33 - 2018-01-18 14:30 - 000000600 _____ () C:\Users\latoe\AppData\Local\PUTTY.RND
2017-09-14 10:41 - 2018-06-15 11:49 - 004102144 _____ () C:\Users\latoe\AppData\Local\WebpageIcons.db
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. The user is not administrator
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by latoe (15-06-2018 20:56:50)
Running from C:\Users\latoe\Downloads
Windows 10 Enterprise Version 1709 16299.492 (X64) (2018-01-24 09:59:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1277790923-1796002617-886812490-500 - Administrator - Enabled) => C:\Users\Administrator
BW07Admin (S-1-5-21-1277790923-1796002617-886812490-1002 - Administrator - Enabled) => C:\Users\BW07Admin
DefaultAccount (S-1-5-21-1277790923-1796002617-886812490-503 - Limited - Disabled)
Guest (S-1-5-21-1277790923-1796002617-886812490-501 - Limited - Disabled)
LocalAdmin (S-1-5-21-1277790923-1796002617-886812490-1003 - Administrator - Enabled) => C:\Users\LocalAdmin
WDAGUtilityAccount (S-1-5-21-1277790923-1796002617-886812490-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
ACD/Labs Freeware (HKLM-x32\...\{3DD6B5BB-14AF-44C5-B43A-4F4C41976DF0}) (Version: 0.0.0 - ACD/Labs Inc.)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Airtel Internet (HKLM-x32\...\{2EB25CE5-0F84-4B65-AFB4-4360BECDEDC1}) (Version: 1.0.0.1 - )
Belgium e-ID middleware 4.1.20 (build 1779) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A71779}) (Version: 4.1.1779 - Belgian Government)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 22.0.10.67 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 22.0.15.189 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.15.189 - Bitdefender)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 6.4.0 - BitTorrent, Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.1000.16 - Citrix Systems, Inc.)
Click Install if prompted (HKLM-x32\...\{40830C8E-936E-4E08-AE37-240FF3343927}) (Version: 1.0.6.0 - ExpressVpn) Hidden
Configuration Manager Client (HKLM\...\{8864FB91-94EE-4F16-A144-0D82A232049D}) (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.2207.101.108 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
EpiData Entry 3.1.2701.2008 (HKLM-x32\...\EpiData Entry_is1) (Version:  - EpiData Association, Odense. Denmark)
EpiData Entry Client 4.2.0.0 (HKLM\...\{AD85F1FE-E6A8-4FE3-86AC-7C0CD535C696}_is1) (Version:  - EpiData Association)
EpiData Manager 4.2.0.0 (HKLM\...\{E3EA0CC9-E1B1-4A4B-8A24-6B7767D0E1BB}_is1) (Version:  - EpiData Association)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.60.000 - SEIKO EPSON CORPORATION)
ExpressVPN (HKLM-x32\...\{B97E1AC2-1F11-43C0-90A7-22B158337D06}) (Version: 6.5.1.3605 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{e87d0eca-dc93-4f55-bf74-0d155d8c6f07}) (Version: 6.5.1.3605 - ExpressVPN)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FileZilla Client 3.30.0 (HKLM-x32\...\FileZilla Client) (Version: 3.30.0 - Tim Kosse)
FreeFileSync 8.0 (HKLM-x32\...\FreeFileSync_is1) (Version: 8.0 - www.FreeFileSync.org)
Git version 2.14.1 (HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\Git_is1) (Version: 2.14.1 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\GitHubDesktop) (Version: 1.0.13 - GitHub, Inc.)
Google Chrome (HKLM\...\{A967B385-DA3A-32DD-B6F3-D169E888E661}) (Version: 63.0.3239.108 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 15.0.15188.2008 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{74696588-BE5D-4CB2-881F-6CB68C04FB29}) (Version: 12.8.47.1 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{1D839376-74B6-452F-BBFF-845F102E8A3A}) (Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (HKLM-x32\...\{010788AB-706E-4604-A46B-6785EAB64B5E}) (Version: 140.069.007 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{B445502B-2F83-4873-90F1-06059F71A46A}) (Version: 014.000.0001 - HP) Hidden
HPLJUTM276 (HKLM-x32\...\{C97E3F48-DE95-4E00-80AF-32D75C69302D}) (Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (HKLM-x32\...\{3B37F001-CAC7-4973-8693-D253BB0BB60F}) (Version: 004.000.00001 - Hewlett-Packard) Hidden
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM276LaserJetService (HKLM-x32\...\{D6610387-8E8B-48ED-AB1C-0D38DFE31C55}) (Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (HKLM-x32\...\{7DF7A3DB-90B1-48FE-B314-147E1504214D}) (Version: 004.000.00001 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{E35D0ED5-716B-4E1F-8477-54DD746DF527}) (Version: 140.040.00231 - Hewlett Packard) Hidden
hpStatusAlertsM276 (HKLM-x32\...\{FFD4184D-7EC6-476E-9A72-E83412AB9D3B}) (Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Jihosoft WhatsMate version Jihosoft WhatsMate (HKLM-x32\...\{63D14B9C-AB0C-4B20-AE64-844D38DC101E}_is1) (Version: Jihosoft WhatsMate - HONGKONG JIHO CO., LIMITED)
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Mendeley Desktop 1.17.10 (HKLM-x32\...\Mendeley Desktop) (Version: 1.17.10 - Mendeley Ltd.)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 45.9.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.9.0 ESR (x86 en-US)) (Version: 45.9.0 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Online Plug-in (HKLM-x32\...\{2AB290A4-6B1F-4591-AF1B-73153F10D362}) (Version: 14.4.1000.16 - Citrix Systems, Inc.) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.2 - pdfforge GmbH)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
R for Windows 3.5.0 (HKLM\...\R for Windows 3.5.0_is1) (Version: 3.5.0 - R Core Team)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6105 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 1.1.453 - RStudio)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Software Carpentry Windows Installer version 0.3 (HKLM-x32\...\{2E6818B6-DA37-4D45-8FED-88A6EED6CD08}_is1) (Version: 0.3 - Software Carpentry)
Spelling Dictionaries Support For Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Split Tunneling Driver (HKLM-x32\...\{F078B0B5-2F41-42C2-9162-B8C628D5E6FE}) (Version: 1.0.0.0 - ExpressVpn) Hidden
Stata 13 (HKLM-x32\...\{217BE429-022D-4094-960F-0376E1CBE13E}) (Version: 13.0 - StataCorp LP)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM-x32\...\{90160000-001F-0413-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TurningPoint 2008 (HKLM-x32\...\{B6FCAE72-20C8-44E8-B3CA-F9FB6B2210CF}) (Version: 4.3.2.1178 - Turning Technologies, LLC.)
Umetrics SIMCA 14.1 (HKLM\...\{15EA224C-C791-4249-A1AA-5FCCD32F93CE}) (Version: 14.1.0.2047 - MKS Umetrics AB)
Update for Skype for Business 2016 (KB3213548) 32-Bit Edition (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{BCEFD249-ED9A-4696-9022-9001BF7C7FB3}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 32-Bit Edition (HKLM-x32\...\{90160000-002A-0000-1000-0000000FF1CE}_Office16.PROPLUS_{BCEFD249-ED9A-4696-9022-9001BF7C7FB3}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 32-Bit Edition (HKLM-x32\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{BCEFD249-ED9A-4696-9022-9001BF7C7FB3}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 32-Bit Edition (HKLM-x32\...\{90160000-012B-0413-0000-0000000FF1CE}_Office16.PROPLUS_{BCEFD249-ED9A-4696-9022-9001BF7C7FB3}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
VirtualDJ 8 (HKLM-x32\...\{F6E5CB37-42C1-4FA1-A442-33D9ACD6DCFA}) (Version: 8.2.3752.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vysor (HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\Vysor) (Version: 1.8.2 - ClockworkMod)
WD Drive Utilities (HKLM-x32\...\{27c7215d-df19-4095-8f6a-eba55cab35be}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{F413FB4C-7CFF-4737-BCC3-5EE43BFB3721}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WHO Anthro (HKLM-x32\...\{AC66F0B8-8E0E-4106-AF80-3F8F1F93BE14}_is1) (Version: 3.2.2.1 - WHO)
WHO AnthroPlus (HKLM-x32\...\{13A42C71-87A5-41F7-B7C9-5DC7D56038FC}_is1) (Version: 1.0.4 - WHO)
Windows Driver Package - Fedict SmartCard  (11/30/2016 4.1.9) (HKLM\...\A9FBB4D4E267FA9BF2CEBF564F02DB39E147B466) (Version: 11/30/2016 4.1.9 - Fedict)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
YTD Video Downloader 5.9.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.9.3 - GreenTree Applications SRL) <==== ATTENTION
ZDServer (HKLM-x32\...\{C8197F5F-E0DC-44f1-8AF2-1AA5A84F695D}) (Version: 1.0.1.2 - ZTE Corporation)
ZTE Mobile Broadband Device Drivers 1.0.0.16 (HKLM-x32\...\{9194B665-5134-4B6B-AD73-A5292CB072D3}_is1) (Version:  - ZTE)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125177.inf_amd64_d9d520fc51d8a7f4\igfxDTCM.dll [2017-11-07] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job =>  <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job =>  <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\latoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\latoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-01-08 15:00 - 2018-01-08 15:00 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-10-02 00:53 - 2013-11-18 09:34 - 000426752 _____ () C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
2018-04-25 14:12 - 2018-04-25 14:18 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-25 14:12 - 2018-04-25 14:18 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-25 14:12 - 2018-04-25 14:20 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-25 14:12 - 2018-04-25 14:18 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-25 14:12 - 2018-04-25 14:13 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-10-02 00:53 - 2013-07-11 13:12 - 000450304 _____ () C:\Program Files (x86)\Airtel Internet\CancelAutoPlay.exe
2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-22 23:49 - 2017-02-22 23:49 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-06-15 09:51 - 2018-06-08 08:00 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-06-15 09:51 - 2018-06-08 07:56 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-18 19:31 - 2017-12-14 04:49 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libglesv2.dll
2017-12-18 19:31 - 2017-12-14 04:49 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\mediapluspro.com -> hxxps://www.mediapluspro.com
IE trusted site: HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\sharepoint.com -> hxxps://ugentbe-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-4030456262-320625612-449655040-101214\...\ugent.be -> ugent.be
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 13:47 - 2018-06-15 20:44 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4030456262-320625612-449655040-101214\Control Panel\Desktop\\Wallpaper -> C:\Users\latoe\Pictures\20171225_123003.jpg
DNS Servers: 195.130.130.2 - 195.130.131.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8EBCEB7B-B74D-4089-B987-5CCE5D8A48EB}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{6A02E1A6-EB40-40F9-9976-881E84EB70E4}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{FF13AD9C-3C93-4BBB-A72B-1DDBB7D3C135}] => (Allow) C:\Users\LocalAdmin\AppData\Local\Programs\Opera\49.0.2725.64\opera.exe
FirewallRules: [{E851FA56-0DFB-4108-8F10-53593637FEAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D6BBD3D7-6E53-4D89-A8CC-035B287829A8}] => (Allow) C:\Users\latoe\AppData\Local\Temp\7zS5039\HPDiagnosticCoreUI.exe
FirewallRules: [{057FE357-1EC3-473B-B20E-A58AF527E789}] => (Allow) C:\Users\latoe\AppData\Local\Temp\7zS5039\HPDiagnosticCoreUI.exe
FirewallRules: [{886F78D1-97D1-4CAD-A764-9C68CDC5176C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{8A7AE854-28D1-4DDE-BB24-1FC46561328F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{99356A16-86A3-4918-966F-399721D7A54F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{80CBA622-0F87-446F-9C08-3B1F0FFD3D3E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{913CED0A-BD0F-4376-A30D-1B0F30ECF3D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D97C8834-7D79-4192-A0B5-592A37C6F7AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{94422D99-FBDA-447B-88FF-84EE23235C6F}] => (Block) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{104703FA-A6D6-47D0-AE2C-ADA24FFF1132}] => (Block) C:\Program Files\Java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{441D39E4-01F9-4B30-B3D7-E82D021C321C}] => (Block) C:\Program Files (x86)\Java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{13809E26-E689-482A-8315-1F26B3D14C2B}] => (Block) C:\Program Files\Java\jre1.8.0_131\bin\java.exe
FirewallRules: [{1360339C-5AF8-4F97-8690-781BCE97548E}] => (Block) C:\Program Files (x86)\Java\jre1.8.0_131\bin\java.exe
FirewallRules: [{9A14305B-4ECF-4FB9-94FD-6C266B831A69}] => (Block) C:\Program Files\Java\jre1.8.0_131\bin\rmiregistry.exe
FirewallRules: [{4ACA50BA-9DD7-4797-87E2-AADB2887D5A2}] => (Block) C:\Program Files (x86)\Java\jre1.8.0_131\bin\rmiregistry.exe
FirewallRules: [{C0D0A728-F64E-4FE9-B053-1D4795DDE304}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{72DBADDB-92C1-4EB6-B708-B4CD5D9EE332}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{9370D3FE-E654-4E16-8DD5-BA8E92ACBC42}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{988C1FCE-5BF8-4DE9-BB16-E89F0A53F6DE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{0D144144-0318-4D3B-8E79-DB51F5793C18}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{A247676E-113A-452D-A219-8F48243AF441}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{19E01E14-07D3-43AD-8703-3A9C61FC63E6}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FA6EDDF3-7F00-4279-9DD9-EC97D146A8B5}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D82A0153-C6D3-4D2B-8CE1-F9A8A75F03DC}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CBF23DD5-976B-4134-9B51-A20AA685DFD2}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FF9E7D38-F753-4626-B2CB-D5510272AABE}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{0919D5FE-67C9-4919-9100-FD0ACA492D0C}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{AA491DA9-4A0D-4CFF-8FEB-E049613D0A4B}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{331CD013-1629-4E37-B74C-9CE6359F7A6B}] => (Block) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{126BC440-A317-42A9-AEB8-8CFE8595576D}] => (Block) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{5E26713A-129E-4B9C-B9B5-26A914703756}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{45695D13-071E-40FC-94C4-55EE6D5C2A7F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{65C00666-FDF8-4153-B4DF-207FF804C9B9}] => (Allow) C:\Users\LocalAdmin\AppData\Local\Programs\Opera\46.0.2597.26\opera.exe
FirewallRules: [{FBC4F405-E2B8-49EF-9093-59F5ECC25AC9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: ExpressVPN Tap Adapter
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/15/2018 07:52:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.492 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 22e8
 
Start Time: 01d404d1015aacf8
 
Termination Time: 1850
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 0ce56760-ea89-4524-9672-c506f27c3e1e
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/15/2018 07:46:24 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (06/15/2018 07:46:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (06/15/2018 07:42:41 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
 
Error: (06/15/2018 11:10:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.16299.248, time stamp: 0x6c6fc3d0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80131623
Fault offset: 0x00007ff91f251be5
Faulting process id: 0x2f78
Faulting application start time: 0x01d40488a1918405
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: unknown
Report Id: c496f1be-68bd-4972-98e5-db3dfdbf5093
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/15/2018 11:10:04 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Unexpected exception thrown from the provider:
 System.IO.FileNotFoundException: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
   at Windows.ApplicationModel.Package.get_InstalledLocation()
   at Microsoft.ConfigurationManager.WinRTProvider.Windows8Application.get_InstalledLocation()
Stack:
   at System.Environment.FailFast(System.String)
   at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)
 
Error: (06/14/2018 09:30:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CLVIEW.EXE, version: 16.0.4266.1001, time stamp: 0x55ba12c2
Faulting module name: CoreUIComponents.dll, version: 10.0.16299.15, time stamp: 0x2b1f332b
Exception code: 0xc0000602
Fault offset: 0x000eff75
Faulting process id: 0x2658
Faulting application start time: 0x01d403b1a1cf4332
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE
Faulting module path: C:\WINDOWS\System32\CoreUIComponents.dll
Report Id: 6f63dc01-2810-4b05-83e8-26b660c03a20
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/13/2018 08:40:18 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={92AEBB72-0F50-4D49-AEC3-AD0D7F67C481}: The user SYSTEM dialed a connection named ExpressVPN which has failed. The error code returned on failure is 1168.
 
 
System errors:
=============
Error: (06/15/2018 08:02:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/15/2018 07:59:30 PM) (Source: DCOM) (EventID: 10016) (User: UGENT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user UGENT\latoe SID (S-1-5-21-4030456262-320625612-449655040-101214) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/15/2018 07:57:21 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: UGENT)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (06/15/2018 07:57:21 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (06/15/2018 07:57:21 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: UGENT)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (06/15/2018 07:57:05 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: NT AUTHORITY)
Description: 0 failed. 
GPO Name : Private.Scripts
GPO File System Path : \\UGent.be\SysVol\UGent.be\Policies\{DA9EE71C-4270-4DFB-8FC7-7FC11804E982}\Machine
Script Name: \\UGent.be\SysVol\UGent.be\DICT\scripts\Startup\Startup1.bat
 
Error: (06/15/2018 07:56:53 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (06/15/2018 07:55:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-01-24 13:05:01.511
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-01-24 13:05:01.511
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-01-24 13:05:01.511
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
CodeIntegrity:
===================================
 
Date: 2018-06-15 19:46:18.099
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-23 23:06:45.835
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-21 19:06:08.023
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-04-28 05:23:59.877
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-04-16 04:09:08.071
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-04-10 17:11:37.551
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-03-20 23:06:03.155
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-03-17 01:07:33.345
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6300U CPU @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 7860.17 MB
Available physical RAM: 3503.68 MB
Total Virtual: 9076.17 MB
Available Virtual: 4166.23 MB
 
==================== Drives ================================
 
Drive c: (BW07C134) (Fixed) (Total:464.84 GB) (Free:139 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{a00408a8-0000-0000-0000-003674000000}\ () (Fixed) (Total:0.92 GB) (Free:0.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 PM

Posted 16 June 2018 - 07:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please run the Farbar program in an Administrator account and post fresh FRST.txt and Addition.txt logs for my review.

#3 kassan07

kassan07
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 17 June 2018 - 07:16 AM

Thanks Nasdaq for your help. 

I followed your instructions and here are the different reports:

 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/17/18
Scan Time: 11:52 AM
Log File: 19a5a3b4-7214-11e8-92c0-d481d77956a5.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5516
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.492)
CPU: x64
File System: NTFS
User: BW07C134\LocalAdmin
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 394273
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 59 min, 29 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-15.3
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-17-2018
# Duration: 00:00:12
# OS:       Windows 10 Enterprise
# Cleaned:  9
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\ProgramData\ytd video downloader
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted       C:\Program Files (x86)\GreenTree Applications
 
***** [ Files ] *****
 
Deleted       C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Facebook.lnk
Deleted       C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YTD Video Downloader.lnk
Deleted       C:\Users\Public\Desktop\YTD Video Downloader.lnk
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Deleted       Softonic FR
Deleted       Softonic FR
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1985 octets] - [17/06/2018 13:17:33]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by LocalAdmin (administrator) on BW07C134 (17-06-2018 13:39:03)
Running from C:\Users\latoe\Downloads
Loaded Profiles: LocalAdmin (Available Profiles: BW07Admin & LocalAdmin & Administrator)
Platform: Windows 10 Enterprise Version 1709 16299.492 (X64) Language: Engels (Verenigde Staten)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
() C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125177.inf_amd64_d9d520fc51d8a7f4\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostStorageService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125177.inf_amd64_d9d520fc51d8a7f4\IntelCpHDCPSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125177.inf_amd64_d9d520fc51d8a7f4\IntelCpHeciSvc.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125177.inf_amd64_d9d520fc51d8a7f4\igfxEM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
() C:\Program Files (x86)\Airtel Internet\CancelAutoPlay.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Policy Platform\policyHost.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.456_none_16e251c03219d5cd\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853248 2016-08-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-08-23] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [773760 2016-10-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2014-04-29] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [530560 2016-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [239744 2016-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [{2EB25CE5-0F84-4B65-AFB4-4360BECDEDC1}] => C:\Program Files (x86)\Airtel Internet\UUShell.exe [122112 2013-11-18] ()
HKLM-x32\...\Run: [CancelAutoPlay] => C:\Program Files (x86)\Airtel Internet\CancelAutoPlay.exe [450304 2013-07-11] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2309008 2017-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [534664 2011-11-17] (SEIKO EPSON CORPORATION)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1277790923-1796002617-886812490-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27831240 2018-03-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1277790923-1796002617-886812490-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1277790923-1796002617-886812490-1003\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [812672 2018-02-07] (ExpressVPN)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 195.130.130.2 195.130.131.2
Tcpip\..\Interfaces\{24fbe1da-e121-4af5-a4cf-5d9323a96515}: [DhcpNameServer] 10.135.0.1
Tcpip\..\Interfaces\{35663739-ECD7-4186-98F8-84E2CAAC5321}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{47A8C347-067F-46BF-BC7C-2CFAF962234B}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{6A202EC3-0364-41C9-8170-5B1397A22F08}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{831510B1-B41D-41D0-82D2-70BCB2F68757}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{97bf0d36-79b0-4d2e-a449-b09dd9f9c2b7}: [DhcpNameServer] 195.130.130.2 195.130.131.2
Tcpip\..\Interfaces\{A032BEF3-59B4-450B-969E-FB6A3F9E88CC}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{b34713ba-ba6d-49e3-a950-a7c4fd475347}: [DhcpNameServer] 157.193.71.1 157.193.40.42
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1277790923-1796002617-886812490-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1277790923-1796002617-886812490-1003 -> DefaultScope {DE605241-7D5D-40A2-ADA8-BBA542DD7C64} URL = hxxp://www.google.be/search?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1277790923-1796002617-886812490-1003 -> {DE605241-7D5D-40A2-ADA8-BBA542DD7C64} URL = hxxp://www.google.be/search?hl=en&q={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-23] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-23] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-19] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-19] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-23] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-23] (Bitdefender)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
 
Edge: 
======
Edge Extension: (AutoFormFill) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [2017-09-29]
Edge Extension: (LearningTools) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [2018-05-21]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-11-08]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-11-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF Extension: (Belgium eID) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2017-05-24] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-04-25] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default [2018-06-17]
CHR Extension: (Slides) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2017-12-24]
CHR Extension: (YouTube) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-16]
CHR Extension: (Adblock Plus) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-06-17]
CHR Extension: (Sheets) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (ExpressVPN for Chrome) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2017-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-16]
CHR Extension: (AdBlock) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-17]
CHR Extension: (Gmail) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\LocalAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-24]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-10-20] (Alps Electric Co., Ltd.)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2137280 2018-04-17] (Bitdefender)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)
S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-06-04] (Dropbox, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [107680 2018-02-19] (Bitdefender)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2011-11-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-08-23] (Intel Corporation)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2018-02-07] ()
R2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1047000 2017-05-25] (Broadcom Corporation)
R2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [51160 2017-05-25] (Broadcom Corporation)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-25] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-10-15] (Intel Corporation)
R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-15] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-15] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-08-23] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-23] (Microsoft Corporation)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112712 2018-05-23] (Bitdefender)
R2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [268248 2017-05-25] ()
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1001072 2018-05-23] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe [522624 2018-05-23] (Bitdefender)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [355184 2017-09-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 ZDServ; C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe [432384 2013-11-18] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2016-08-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2016-08-23] (Advanced Micro Devices, Inc.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177008 2018-05-23] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-05-23] (BitDefender)
S3 bcmnfcusb; C:\WINDOWS\System32\drivers\bcmnfcusb.sys [48896 2016-08-23] (Broadcom Corporation.)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-23] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [130840 2018-05-23] (BitDefender LLC)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45104 2018-05-23] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-05-23] (BitDefender)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2016-08-23] (OSR Open Systems Resources, Inc.)
R3 DellRctl; C:\WINDOWS\System32\drivers\DellRctl.sys [33616 2016-08-23] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-08-23] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-08-23] (Intel Corporation)
R1 EMP_MIRRUD; C:\WINDOWS\System32\drivers\EMP_MirrUD.sys [5632 2011-11-17] (Windows ® Codename Longhorn DDK provider)
R3 eppvad_simple; C:\WINDOWS\system32\drivers\EMP_UDAU.sys [23040 2011-11-17] (SEIKO EPSON CORPORATION)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-08-23] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [28160 2017-11-21] ()
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [189544 2018-05-23] (BitDefender LLC)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [732416 2016-10-15] (Intel Corporation)
R0 Ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [191592 2018-05-23] (Bitdefender)
S3 imausbhpal; C:\WINDOWS\System32\drivers\imausbhpal.sys [636976 2016-08-23] ()
S3 imausbhub; C:\WINDOWS\System32\drivers\imausbhub.sys [462384 2016-08-23] (Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2677504 2016-08-23] (Realtek Semiconductor Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-06-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-06-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-17] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-06-17] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
S3 nhi; C:\WINDOWS\System32\drivers\tbt81x.sys [127048 2016-08-23] (Intel Corporation)
R3 prepdrvr; C:\WINDOWS\system32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [758488 2016-08-23] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [146512 2016-08-23] (STMicroelectronics)
S3 swmbbser05; C:\WINDOWS\System32\drivers\swmbbser05.sys [288016 2016-08-23] (Sierra Wireless Incorporated)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2017-11-03] (The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [607640 2018-06-11] (Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-17 13:38 - 2018-06-17 13:39 - 000000000 ____D C:\FRST
2018-06-17 13:31 - 2018-06-17 13:31 - 000002001 _____ C:\Users\LocalAdmin\Desktop\AdwCleaner[C00].txt
2018-06-17 13:29 - 2018-06-17 13:29 - 000000000 ____D C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2018-06-17 13:23 - 2018-06-17 13:23 - 000000000 ___HD C:\Users\LocalAdmin\MicrosoftEdgeBackups
2018-06-17 13:07 - 2018-06-17 13:25 - 000000000 ____D C:\AdwCleaner
2018-06-17 13:05 - 2018-06-17 13:05 - 000001312 _____ C:\Users\LocalAdmin\Desktop\report.txt
2018-06-17 11:59 - 2018-06-17 12:00 - 000000000 ____D C:\ProgramData\Packages
2018-06-17 11:48 - 2018-06-17 11:47 - 007372496 _____ (Malwarebytes) C:\Users\LocalAdmin\Desktop\adwcleaner_7.2.0.exe
2018-06-17 11:47 - 2018-06-17 11:47 - 007372496 _____ (Malwarebytes) C:\Users\LocalAdmin\Downloads\adwcleaner_7.2.0.exe
2018-06-17 11:45 - 2018-06-17 11:47 - 077945584 _____ (Malwarebytes ) C:\Users\LocalAdmin\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5508.exe
2018-06-17 11:32 - 2018-06-17 11:32 - 000049647 _____ C:\ProgramData\dm.update.1529227865.bdinstall.bin
2018-06-17 11:12 - 2018-06-17 13:28 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-06-17 11:11 - 2018-06-17 13:28 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-17 11:11 - 2018-06-17 13:28 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-06-17 11:11 - 2018-06-17 13:28 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-06-17 11:11 - 2018-06-17 11:11 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-06-17 11:11 - 2018-06-17 11:11 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-17 11:11 - 2018-06-17 11:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-17 11:11 - 2018-06-17 11:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-17 11:11 - 2018-06-17 11:11 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-17 11:11 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-17 11:09 - 2018-06-17 11:09 - 007372496 _____ (Malwarebytes) C:\Users\latoe\Downloads\adwcleaner_7.2.0.exe
2018-06-17 11:08 - 2018-06-17 11:08 - 077945584 _____ (Malwarebytes ) C:\Users\latoe\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5508 (1).exe
2018-06-17 11:07 - 2018-06-17 11:07 - 077945584 _____ (Malwarebytes ) C:\Users\latoe\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5508.exe
2018-06-16 19:17 - 2018-06-16 19:17 - 000000000 ____D C:\Users\latoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2018-06-15 20:56 - 2018-06-15 21:01 - 000042760 _____ C:\Users\latoe\Downloads\Addition.txt
2018-06-15 20:54 - 2018-06-17 13:41 - 000030435 _____ C:\Users\latoe\Downloads\FRST.txt
2018-06-15 20:54 - 2018-06-15 20:54 - 002413056 _____ (Farbar) C:\Users\latoe\Downloads\FRST64.exe
2018-06-15 09:51 - 2018-06-08 19:26 - 021754880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-15 09:51 - 2018-06-08 19:26 - 017084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-06-15 09:51 - 2018-06-08 19:03 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-15 09:51 - 2018-06-08 18:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-15 09:51 - 2018-06-08 18:58 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-15 09:51 - 2018-06-08 13:42 - 002491120 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-15 09:51 - 2018-06-08 13:41 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-15 09:51 - 2018-06-08 09:33 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-06-15 09:51 - 2018-06-08 09:33 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-15 09:51 - 2018-06-08 09:33 - 001056184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-15 09:51 - 2018-06-08 09:33 - 000269720 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-06-15 09:51 - 2018-06-08 09:32 - 001638432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-15 09:51 - 2018-06-08 09:32 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-15 09:51 - 2018-06-08 09:32 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-15 09:51 - 2018-06-08 09:30 - 008594848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-15 09:51 - 2018-06-08 09:30 - 002514944 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-15 09:51 - 2018-06-08 09:30 - 001953544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-15 09:51 - 2018-06-08 09:29 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-15 09:51 - 2018-06-08 09:27 - 001173584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-15 09:51 - 2018-06-08 09:27 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-15 09:51 - 2018-06-08 09:25 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-06-15 09:51 - 2018-06-08 09:24 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-15 09:51 - 2018-06-08 09:24 - 003009736 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-15 09:51 - 2018-06-08 09:24 - 002711248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-15 09:51 - 2018-06-08 09:24 - 000891808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-06-15 09:51 - 2018-06-08 09:23 - 021357336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-15 09:51 - 2018-06-08 09:23 - 004486400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-15 09:51 - 2018-06-08 09:23 - 002412688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-15 09:51 - 2018-06-08 09:23 - 000824904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-06-15 09:51 - 2018-06-08 09:22 - 006791992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-15 09:51 - 2018-06-08 09:22 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-15 09:51 - 2018-06-08 09:22 - 001269640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-15 09:51 - 2018-06-08 09:22 - 000688072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-15 09:51 - 2018-06-08 09:22 - 000093624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-15 09:51 - 2018-06-08 09:21 - 007385096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-15 09:51 - 2018-06-08 09:21 - 004507096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-15 09:51 - 2018-06-08 09:21 - 001779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-15 09:51 - 2018-06-08 09:21 - 000594080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-15 09:51 - 2018-06-08 09:20 - 001101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-15 09:51 - 2018-06-08 08:26 - 025256960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-15 09:51 - 2018-06-08 08:21 - 001931256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-15 09:51 - 2018-06-08 08:21 - 001614168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-15 09:51 - 2018-06-08 08:21 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-15 09:51 - 2018-06-08 08:19 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-15 09:51 - 2018-06-08 08:18 - 000097160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-15 09:51 - 2018-06-08 08:10 - 003485400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-06-15 09:51 - 2018-06-08 08:10 - 002338272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-15 09:51 - 2018-06-08 08:09 - 017161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-15 09:51 - 2018-06-08 08:09 - 006092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-15 09:51 - 2018-06-08 08:09 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-15 09:51 - 2018-06-08 08:09 - 000791968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-06-15 09:51 - 2018-06-08 08:09 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe
2018-06-15 09:51 - 2018-06-08 08:08 - 020290256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-15 09:51 - 2018-06-08 08:08 - 003979696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-15 09:51 - 2018-06-08 08:08 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-15 09:51 - 2018-06-08 08:08 - 001990672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-15 09:51 - 2018-06-08 08:08 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 002386320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 000975360 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-06-15 09:51 - 2018-06-08 08:07 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-15 09:51 - 2018-06-08 08:07 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 006015208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 004668688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 001524784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 000551696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-15 09:51 - 2018-06-08 08:06 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-06-15 09:51 - 2018-06-08 08:05 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2018-06-15 09:51 - 2018-06-08 08:05 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-15 09:51 - 2018-06-08 08:04 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-15 09:51 - 2018-06-08 08:04 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-15 09:51 - 2018-06-08 08:04 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-15 09:51 - 2018-06-08 08:03 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-06-15 09:51 - 2018-06-08 08:02 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-06-15 09:51 - 2018-06-08 08:02 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-06-15 09:51 - 2018-06-08 08:01 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-15 09:51 - 2018-06-08 08:01 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-15 09:51 - 2018-06-08 08:01 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-15 09:51 - 2018-06-08 08:01 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-06-15 09:51 - 2018-06-08 08:00 - 012833792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-15 09:51 - 2018-06-08 08:00 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-06-15 09:51 - 2018-06-08 08:00 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-06-15 09:51 - 2018-06-08 07:59 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-06-15 09:51 - 2018-06-08 07:59 - 003124224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-06-15 09:51 - 2018-06-08 07:59 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-06-15 09:51 - 2018-06-08 07:59 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-15 09:51 - 2018-06-08 07:58 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-15 09:51 - 2018-06-08 07:58 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-15 09:51 - 2018-06-08 07:58 - 003332608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-15 09:51 - 2018-06-08 07:58 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-15 09:51 - 2018-06-08 07:57 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-06-15 09:51 - 2018-06-08 07:57 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-06-15 09:51 - 2018-06-08 07:57 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-15 09:51 - 2018-06-08 07:57 - 001812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-15 09:51 - 2018-06-08 07:57 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-15 09:51 - 2018-06-08 07:57 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-06-15 09:51 - 2018-06-08 07:57 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-15 09:51 - 2018-06-08 07:56 - 002528768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-06-15 09:51 - 2018-06-08 07:56 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-15 09:51 - 2018-06-08 07:52 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-06-15 09:51 - 2018-06-08 07:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-15 09:51 - 2018-06-08 07:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-15 09:51 - 2018-06-08 07:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-15 09:51 - 2018-06-08 07:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-06-15 09:51 - 2018-06-08 07:45 - 018930688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-15 09:51 - 2018-06-08 07:45 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-06-15 09:51 - 2018-06-08 07:44 - 019358720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-15 09:51 - 2018-06-08 07:44 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-15 09:51 - 2018-06-08 07:43 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-15 09:51 - 2018-06-08 07:43 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-06-15 09:51 - 2018-06-08 07:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-06-15 09:51 - 2018-06-08 07:41 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-15 09:51 - 2018-06-08 07:41 - 011924992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-15 09:51 - 2018-06-08 07:41 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-15 09:51 - 2018-06-08 07:41 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-15 09:51 - 2018-06-08 07:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-15 09:51 - 2018-06-08 07:40 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-15 09:51 - 2018-06-08 07:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-15 09:51 - 2018-06-08 07:40 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-06-15 09:51 - 2018-06-08 07:39 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-15 09:51 - 2018-06-08 07:39 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-06-15 09:51 - 2018-06-08 07:39 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-06-15 09:51 - 2018-06-08 07:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-15 09:51 - 2018-06-08 07:38 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-15 09:51 - 2018-06-08 07:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-06-15 09:51 - 2018-06-08 07:36 - 006060032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-15 09:51 - 2018-06-08 07:36 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-15 09:51 - 2018-06-08 07:35 - 007812608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-06-15 09:51 - 2018-06-08 07:35 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-06-15 09:51 - 2018-06-08 07:35 - 002868736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-15 09:51 - 2018-06-08 07:35 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-15 09:51 - 2018-06-08 07:35 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-15 09:51 - 2018-06-08 07:35 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-15 09:51 - 2018-05-12 15:57 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2018-06-15 09:51 - 2018-05-12 15:55 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-15 09:51 - 2018-05-12 01:15 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-06-15 09:51 - 2018-05-12 01:15 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-06-15 09:51 - 2018-05-12 01:14 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-06-15 09:51 - 2018-05-12 01:14 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-06-15 09:51 - 2018-05-12 01:10 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-15 09:51 - 2018-05-12 01:10 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-15 09:51 - 2018-05-12 01:10 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-15 09:51 - 2018-05-12 01:09 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-06-15 09:51 - 2018-05-12 01:09 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-15 09:51 - 2018-05-12 01:08 - 000428440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-06-15 09:51 - 2018-05-12 01:08 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-06-15 09:51 - 2018-05-12 01:07 - 002711168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-15 09:51 - 2018-05-12 01:07 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-06-15 09:51 - 2018-05-12 01:07 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-15 09:51 - 2018-05-12 01:05 - 000616792 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-06-15 09:51 - 2018-05-11 23:54 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-15 09:51 - 2018-05-11 23:53 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-15 09:51 - 2018-05-11 23:53 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-06-15 09:51 - 2018-05-11 23:53 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-15 09:51 - 2018-05-11 23:52 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-06-15 09:51 - 2018-05-11 23:48 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-06-15 09:51 - 2018-05-11 23:48 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-06-15 09:51 - 2018-05-11 23:47 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-06-15 09:51 - 2018-05-11 23:46 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-06-15 09:51 - 2018-05-11 23:46 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-06-15 09:51 - 2018-05-11 23:45 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-06-15 09:51 - 2018-05-11 23:44 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-15 09:51 - 2018-05-11 23:42 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-15 09:51 - 2018-05-11 23:41 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-15 09:51 - 2018-05-11 23:40 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-15 09:51 - 2018-05-11 23:39 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-15 09:51 - 2018-05-11 23:29 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-06-15 09:51 - 2018-05-11 23:29 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2018-06-15 09:51 - 2018-05-11 23:20 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-15 09:51 - 2018-05-11 23:19 - 001353216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-06-15 09:50 - 2018-06-08 09:36 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-06-15 09:50 - 2018-06-08 09:36 - 000137120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-06-15 09:50 - 2018-06-08 09:35 - 001093040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-15 09:50 - 2018-06-08 09:35 - 000924656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-15 09:50 - 2018-06-08 09:35 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-15 09:50 - 2018-06-08 09:35 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-06-15 09:50 - 2018-06-08 09:34 - 000748472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-06-15 09:50 - 2018-06-08 09:34 - 000423352 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-06-15 09:50 - 2018-06-08 09:33 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-06-15 09:50 - 2018-06-08 09:33 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-06-15 09:50 - 2018-06-08 09:33 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-15 09:50 - 2018-06-08 09:33 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-06-15 09:50 - 2018-06-08 09:32 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-06-15 09:50 - 2018-06-08 09:32 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-06-15 09:50 - 2018-06-08 09:30 - 001416360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-15 09:50 - 2018-06-08 09:29 - 001849760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-15 09:50 - 2018-06-08 09:29 - 001210272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-15 09:50 - 2018-06-08 09:26 - 000712456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-15 09:50 - 2018-06-08 09:26 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-06-15 09:50 - 2018-06-08 09:25 - 000525728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-15 09:50 - 2018-06-08 09:24 - 006282280 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2018-06-15 09:50 - 2018-06-08 09:24 - 001488288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-06-15 09:50 - 2018-06-08 09:24 - 001029536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-06-15 09:50 - 2018-06-08 09:24 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2018-06-15 09:50 - 2018-06-08 09:24 - 000247712 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-15 09:50 - 2018-06-08 09:23 - 002472888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-15 09:50 - 2018-06-08 09:23 - 000706464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-15 09:50 - 2018-06-08 09:23 - 000677304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-15 09:50 - 2018-06-08 09:23 - 000137552 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-15 09:50 - 2018-06-08 09:22 - 001358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-15 09:50 - 2018-06-08 09:21 - 000260904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-15 09:50 - 2018-06-08 08:18 - 000212920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-06-15 09:50 - 2018-06-08 08:10 - 001124768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-06-15 09:50 - 2018-06-08 08:09 - 002993728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2018-06-15 09:50 - 2018-06-08 08:09 - 000832952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2018-06-15 09:50 - 2018-06-08 08:09 - 000592800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-15 09:50 - 2018-06-08 08:08 - 001075984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-15 09:50 - 2018-06-08 08:08 - 000640024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-06-15 09:50 - 2018-06-08 08:06 - 000129208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-06-15 09:50 - 2018-06-08 08:05 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-15 09:50 - 2018-06-08 08:04 - 001925120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2018-06-15 09:50 - 2018-06-08 08:04 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-15 09:50 - 2018-06-08 08:03 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-15 09:50 - 2018-06-08 08:03 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-15 09:50 - 2018-06-08 08:01 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2018-06-15 09:50 - 2018-06-08 08:01 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-06-15 09:50 - 2018-06-08 08:00 - 003180032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-15 09:50 - 2018-06-08 08:00 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-15 09:50 - 2018-06-08 08:00 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2018-06-15 09:50 - 2018-06-08 07:59 - 001297920 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-15 09:50 - 2018-06-08 07:59 - 001116672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-15 09:50 - 2018-06-08 07:59 - 001043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-06-15 09:50 - 2018-06-08 07:58 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-15 09:50 - 2018-06-08 07:58 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-15 09:50 - 2018-06-08 07:57 - 001238016 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-15 09:50 - 2018-06-08 07:57 - 001135104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-15 09:50 - 2018-06-08 07:56 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2018-06-15 09:50 - 2018-06-08 07:55 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-06-15 09:50 - 2018-06-08 07:52 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-06-15 09:50 - 2018-06-08 07:40 - 001277440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2018-06-15 09:50 - 2018-06-08 07:35 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-15 09:50 - 2018-06-08 07:35 - 000955392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-15 09:50 - 2018-06-08 07:35 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-15 09:50 - 2018-06-08 07:35 - 000891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2018-06-15 09:50 - 2018-05-12 15:56 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-06-15 09:50 - 2018-05-12 15:55 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-15 09:50 - 2018-05-12 15:53 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-15 09:50 - 2018-05-12 01:08 - 000757792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-06-15 09:50 - 2018-05-12 01:07 - 001084736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 001628056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 001051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000963992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000831384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-06-15 09:50 - 2018-05-12 01:05 - 000813976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000670104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000645528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000397720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-06-15 09:50 - 2018-05-12 01:05 - 000231320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-06-15 09:50 - 2018-05-11 23:54 - 003198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-15 09:50 - 2018-05-11 23:53 - 001033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-15 09:50 - 2018-05-11 23:52 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\PayloadRestrictions.dll
2018-06-15 09:50 - 2018-05-11 23:52 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-06-15 09:50 - 2018-05-11 23:50 - 002186240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll
2018-06-15 09:50 - 2018-05-11 23:50 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-06-15 09:50 - 2018-05-11 23:50 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-06-15 09:50 - 2018-05-11 23:49 - 001685504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2018-06-15 09:50 - 2018-05-11 23:40 - 001363968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-15 09:50 - 2018-05-11 23:38 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-06-15 09:50 - 2018-05-11 23:33 - 002762752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-15 09:50 - 2018-05-11 23:31 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-06-15 09:50 - 2018-05-11 23:28 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-06-15 09:50 - 2018-05-11 23:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-06-15 09:50 - 2018-05-11 23:26 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2018-06-15 09:50 - 2018-05-11 23:20 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-15 09:49 - 2018-06-08 09:29 - 000937376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-15 09:49 - 2018-06-08 09:29 - 000028576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-15 09:49 - 2018-06-08 09:22 - 000054376 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-15 09:49 - 2018-06-08 09:21 - 001206104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-06-15 09:49 - 2018-06-08 08:07 - 000047608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-15 09:49 - 2018-06-08 08:06 - 001131696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-06-15 09:49 - 2018-06-08 08:05 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2018-06-15 09:49 - 2018-06-08 08:05 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanelExternalHook.dll
2018-06-15 09:49 - 2018-06-08 08:04 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-15 09:49 - 2018-06-08 08:01 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-15 09:49 - 2018-06-08 07:59 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-15 09:49 - 2018-06-08 07:53 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-15 09:49 - 2018-06-08 07:52 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-06-15 09:49 - 2018-06-08 07:46 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-15 09:49 - 2018-06-08 07:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2018-06-15 09:49 - 2018-06-08 07:39 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2018-06-15 09:49 - 2018-06-08 07:39 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-15 09:49 - 2018-06-08 07:34 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DbgModel.dll
2018-06-15 09:49 - 2018-05-12 15:52 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-06-15 09:49 - 2018-05-12 15:52 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialStore.dll
2018-06-15 09:49 - 2018-05-11 23:51 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaproxystub.dll
2018-06-15 09:49 - 2018-05-11 23:50 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-06-15 09:49 - 2018-05-11 23:50 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
2018-06-15 09:49 - 2018-05-11 23:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-15 09:49 - 2018-05-11 23:48 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-06-15 09:49 - 2018-05-11 23:48 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-06-15 09:49 - 2018-05-11 23:47 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-06-15 09:49 - 2018-05-11 23:47 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2018-06-15 09:49 - 2018-05-11 23:47 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-06-15 09:49 - 2018-05-11 23:47 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-06-15 09:49 - 2018-05-11 23:31 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PayloadRestrictions.dll
2018-06-15 09:49 - 2018-05-11 23:31 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaproxystub.dll
2018-06-15 09:49 - 2018-05-11 23:30 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-15 09:49 - 2018-05-11 23:29 - 001428480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaclient.dll
2018-06-15 09:49 - 2018-05-11 23:29 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2018-06-15 09:49 - 2018-05-11 23:29 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secur32.dll
2018-06-15 09:49 - 2018-05-11 23:28 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-06-15 09:49 - 2018-05-11 23:27 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2018-06-13 17:42 - 2018-06-13 17:44 - 000000000 ____D C:\Users\latoe\Downloads\[ Torrent9.red ] La.Casa.De.Papel.S01.FRENCH.WEB-DL.XviD-ZT
2018-06-13 17:42 - 2018-06-13 17:42 - 000197436 _____ C:\Users\latoe\Downloads\la-casa-de-papel-saison-1-french-hdtv.torrent
2018-06-13 17:41 - 2018-06-13 17:41 - 000000000 ____D C:\Users\latoe\Downloads\[ www.Torrent9.Red ] Young Sheldon S01E22 VOSTFR HDTV XviD-EXTREME
2018-06-13 17:40 - 2018-06-13 17:41 - 183729268 _____ C:\Users\latoe\Downloads\[ www.Torrent9.Red ] Young.Sheldon.S01E21.FASTSUB.VOSTFR.HDTV.XviD-ZT.avi
2018-06-13 17:40 - 2018-06-13 17:41 - 183686780 _____ C:\Users\latoe\Downloads\[ Torrent9.red ] Young.Sheldon.S01E19.FASTSUB.VOSTFR.HDTV.XviD-ZT.avi
2018-06-13 17:40 - 2018-06-13 17:41 - 171392088 _____ C:\Users\latoe\Downloads\[ Torrent9.red ] Young.Sheldon.S01E18.FASTSUB.VOSTFR.HDTV.XviD-EXTREME.avi
2018-06-13 17:40 - 2018-06-13 17:40 - 183771100 _____ C:\Users\latoe\Downloads\[ Torrent9.red ] Young.Sheldon.S01E20.FASTSUB.VOSTFR.HDTV.XviD-ZT.avi
2018-06-13 17:38 - 2018-06-13 17:38 - 000017216 _____ C:\Users\latoe\Downloads\young-sheldon-s01e22-vostfr-hdtv.torrent
2018-06-13 17:37 - 2018-06-13 17:37 - 000008624 _____ C:\Users\latoe\Downloads\young-sheldon-s01e21-vostfr-hdtv.torrent
2018-06-13 17:37 - 2018-06-13 17:37 - 000008620 _____ C:\Users\latoe\Downloads\young-sheldon-s01e20-vostfr-hdtv.torrent
2018-06-13 17:37 - 2018-06-13 17:37 - 000008620 _____ C:\Users\latoe\Downloads\young-sheldon-s01e19-vostfr-hdtv.torrent
2018-06-13 17:37 - 2018-06-13 17:37 - 000008145 _____ C:\Users\latoe\Downloads\young-sheldon-s01e18-vostfr-hdtv.torrent
2018-06-13 10:44 - 2018-06-13 10:44 - 000012309 _____ C:\Users\latoe\Documents\Copy of Draft budget collecte des données additionelles (002).xlsx
2018-06-13 01:22 - 2018-06-13 01:39 - 183772596 _____ C:\Users\latoe\Downloads\[ Torrent9.red ] Young.Sheldon.S01E17.FASTSUB.VOSTFR.HDTV.XviD-ZT.avi
2018-06-13 01:21 - 2018-06-13 01:21 - 000008620 _____ C:\Users\latoe\Downloads\young-sheldon-s01e17-vostfr-hdtv.torrent
2018-06-11 15:47 - 2018-06-11 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2018-06-11 15:47 - 2018-06-11 15:47 - 000000000 ____D C:\Program Files\RStudio
2018-06-11 15:46 - 2018-06-11 15:46 - 089992256 _____ (RStudio, Inc.) C:\Users\latoe\Downloads\RStudio-1.1.453.exe
2018-06-11 15:44 - 2018-06-11 15:44 - 000001121 _____ C:\Users\Public\Desktop\R i386 3.5.0.lnk
2018-06-11 15:44 - 2018-06-11 15:44 - 000001114 _____ C:\Users\Public\Desktop\R x64 3.5.0.lnk
2018-06-11 15:44 - 2018-06-11 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2018-06-11 15:44 - 2018-06-11 15:44 - 000000000 ____D C:\Program Files\R
2018-06-11 15:41 - 2018-06-11 15:41 - 083351952 _____ (R Core Team ) C:\Users\latoe\Downloads\R-3.5.0-win.exe
2018-06-11 15:29 - 2018-06-11 15:29 - 004374911 _____ C:\Users\latoe\Downloads\Rcpp_0.12.17 (2).zip
2018-06-11 15:27 - 2018-06-11 15:27 - 004506867 _____ C:\Users\latoe\Downloads\Rcpp_0.12.17 (1).zip
2018-06-11 15:18 - 2018-06-11 15:18 - 004506867 _____ C:\Users\latoe\Downloads\Rcpp_0.12.17.zip
2018-06-11 09:40 - 2018-06-11 09:40 - 030074643 _____ C:\Users\latoe\Downloads\klasdialogen (1).zip
2018-06-11 09:39 - 2018-06-11 09:39 - 008749872 _____ C:\Users\latoe\Downloads\woordenlijsten.zip
2018-06-11 09:39 - 2018-06-11 09:39 - 003888019 _____ C:\Users\latoe\Downloads\OKL.zip
2018-06-11 09:32 - 2018-06-11 09:32 - 001802619 _____ C:\Users\latoe\Downloads\Oplossingen.zip
2018-06-11 09:31 - 2018-06-11 09:31 - 044803760 _____ C:\Users\latoe\Downloads\klasdialogen.zip
2018-06-11 09:31 - 2018-06-11 09:31 - 000178577 _____ C:\Users\latoe\Downloads\transcripts_audiofiles.zip
2018-06-08 14:20 - 2018-06-08 14:20 - 000000000 ___RD C:\Users\latoe\Desktop\etude LNS-prebiotique
2018-06-08 14:20 - 2018-06-08 14:20 - 000000000 ___RD C:\Users\latoe\Desktop\databases LNSprebiotics
2018-06-08 14:19 - 2018-06-08 14:20 - 000000000 ___RD C:\Users\latoe\Desktop\Dossier terrain LNS-prebiotiques
2018-06-08 13:46 - 2018-06-08 13:47 - 000000000 ____D C:\Users\latoe\Desktop\from downloads dropbox
2018-06-08 13:43 - 2018-06-08 13:44 - 000000000 ____D C:\Users\latoe\Documents\series and movies
2018-06-08 11:36 - 2018-06-08 11:36 - 000029655 _____ C:\ProgramData\agent.update.1528450560.bdinstall.bin
2018-06-07 12:50 - 2018-06-07 12:50 - 000000000 ____D C:\Users\latoe\AppData\LocalLow\uTorrent
2018-06-06 20:51 - 2018-06-06 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-04 12:18 - 2018-06-04 12:18 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-06-04 12:18 - 2018-06-04 12:18 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-06-04 12:18 - 2018-06-04 12:18 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-06-04 12:18 - 2018-06-04 12:18 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-06-01 23:05 - 2018-06-01 23:05 - 000258434 _____ C:\Users\latoe\Documents\PRIERE_CASSER_MAGIE_SORCELLERIE_LIENS NEGATIFS.pdf
2018-06-01 11:01 - 2018-06-01 11:01 - 000004225 _____ C:\Users\latoe\Documents\export_BE31731005488555_20180601_1100.pdf
2018-05-30 20:41 - 2018-05-30 20:42 - 000000000 ____D C:\Users\latoe\Documents\scan_read_articles
2018-05-30 12:57 - 2018-05-30 12:57 - 000257646 _____ C:\Users\latoe\Documents\DETRUIRE LE POUVOIR DES CADENAS MALEFIQUES.pdf
2018-05-21 19:06 - 2018-05-01 23:25 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-21 19:06 - 2018-05-01 23:25 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-21 13:32 - 2018-05-24 18:53 - 000000000 ____D C:\Users\latoe\Documents\CRF_Participants_LNS_préboitiques
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-17 13:34 - 2017-10-19 15:00 - 000000000 ____D C:\Users\LocalAdmin\AppData\Roaming\Skype
2018-06-17 13:32 - 2017-05-24 12:31 - 000000569 _____ C:\WINDOWS\SMSCFG.ini
2018-06-17 13:29 - 2017-10-19 14:59 - 000000000 __SHD C:\Users\LocalAdmin\IntelGraphicsProfiles
2018-06-17 13:29 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-17 13:27 - 2018-01-24 11:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-17 13:27 - 2017-12-05 20:29 - 000039532 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2018-06-17 13:26 - 2017-11-22 15:16 - 000017312 _____ C:\bdlog.txt
2018-06-17 13:26 - 2017-09-29 10:45 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-06-17 13:23 - 2018-01-24 11:25 - 000000000 ____D C:\Users\LocalAdmin
2018-06-17 13:01 - 2018-01-24 11:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-17 12:16 - 2017-10-20 00:37 - 000000000 ___RD C:\Users\LocalAdmin\Dropbox
2018-06-17 12:00 - 2018-01-24 11:26 - 000000000 ____D C:\Users\LocalAdmin\AppData\Local\Packages
2018-06-17 11:38 - 2018-01-24 11:57 - 000004208 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1505721614
2018-06-17 11:38 - 2017-12-24 09:30 - 000001445 _____ C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-06-17 11:35 - 2018-01-24 11:57 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1277790923-1796002617-886812490-1003
2018-06-17 11:35 - 2017-10-19 15:00 - 000002406 _____ C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-17 11:35 - 2017-10-19 15:00 - 000000000 ___RD C:\Users\LocalAdmin\OneDrive
2018-06-17 11:33 - 2017-05-24 15:01 - 000000000 ____D C:\Users\LocalAdmin\AppData\Local\Dropbox
2018-06-17 11:32 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-17 11:31 - 2017-10-19 14:59 - 000000000 ____D C:\Users\LocalAdmin\AppData\Local\TileDataLayer
2018-06-17 11:29 - 2017-05-24 14:53 - 000000000 ____D C:\Users\latoe\AppData\Roaming\Skype
2018-06-17 11:23 - 2018-01-24 11:57 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6BCF093-3AED-4C4F-90E5-5C85ACB27425}
2018-06-17 11:09 - 2017-05-24 14:49 - 000000000 ____D C:\Users\latoe\AppData\Roaming\vlc
2018-06-17 10:51 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\rescache
2018-06-16 19:17 - 2017-05-24 14:49 - 000000000 __SHD C:\Users\latoe\IntelGraphicsProfiles
2018-06-15 19:48 - 2018-01-24 11:46 - 002063564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-15 19:48 - 2018-01-23 15:22 - 000926146 _____ C:\WINDOWS\system32\perfh013.dat
2018-06-15 19:48 - 2018-01-23 15:22 - 000191796 _____ C:\WINDOWS\system32\perfc013.dat
2018-06-15 19:46 - 2017-09-29 10:45 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
2018-06-15 19:44 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2018-06-15 19:43 - 2018-01-24 11:18 - 000471360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-15 15:03 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-15 15:03 - 2017-09-29 10:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-15 15:01 - 2017-09-14 17:11 - 000000000 ____D C:\Users\latoe\AppData\Roaming\RStudio
2018-06-15 15:01 - 2017-09-14 10:41 - 000000000 ____D C:\Users\latoe\AppData\Local\RStudio-Desktop
2018-06-15 11:49 - 2017-09-14 10:41 - 004102144 _____ C:\Users\latoe\AppData\Local\WebpageIcons.db
2018-06-15 10:04 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-15 09:50 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-14 09:37 - 2017-05-24 15:04 - 000000000 ___RD C:\Users\latoe\Dropbox
2018-06-13 18:00 - 2017-09-15 13:29 - 000012762 _____ C:\Users\latoe\.Rhistory
2018-06-13 18:00 - 2017-06-11 12:35 - 000000000 ____D C:\Users\latoe\AppData\Roaming\BitTorrent
2018-06-13 10:24 - 2018-01-24 11:28 - 000000000 ____D C:\Users\latoe\AppData\Local\Packages
2018-06-11 15:48 - 2018-01-15 01:31 - 000023687 _____ C:\Users\latoe\Desktop\.Rhistory
2018-06-11 09:42 - 2017-06-01 22:50 - 000000000 ____D C:\Users\latoe\Documents\Nederlands
2018-06-11 09:28 - 2018-01-23 16:14 - 000607640 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2018-06-09 23:39 - 2018-01-24 11:25 - 000000000 ____D C:\Users\latoe
2018-06-08 11:36 - 2017-11-16 16:35 - 000000000 ____D C:\Program Files\Bitdefender Agent
2018-06-08 08:29 - 2016-07-16 14:58 - 000398126 __RSH C:\bootmgr
2018-06-07 17:07 - 2018-01-24 11:57 - 000004760 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-06-07 17:06 - 2018-03-13 23:22 - 000004638 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-07 17:06 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-07 17:06 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-07 15:31 - 2017-05-28 17:39 - 000000000 ____D C:\Users\latoe\AppData\Roaming\uTorrent
2018-06-06 20:52 - 2017-05-24 15:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-24 20:42 - 2017-05-24 14:51 - 000000000 ____D C:\Users\latoe\AppData\Local\Citrix
2018-05-24 18:24 - 2017-10-15 21:46 - 000000000 ____D C:\Users\latoe\Documents\dessins animés
2018-05-23 12:59 - 2018-01-23 16:14 - 000191592 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2018-05-23 12:46 - 2018-01-23 16:14 - 000045104 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2018-05-23 12:18 - 2018-01-23 16:14 - 001723552 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2018-05-23 12:18 - 2018-01-23 16:14 - 000189544 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2018-05-23 12:18 - 2018-01-23 16:14 - 000023032 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2018-05-23 12:16 - 2018-01-23 16:14 - 000096448 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2018-05-23 12:15 - 2018-01-23 16:14 - 001177008 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2018-05-22 09:11 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-21 19:04 - 2017-05-24 15:01 - 000001040 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-21 19:04 - 2017-05-24 15:01 - 000001036 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-21 18:57 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-21 18:56 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-21 18:56 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-21 18:56 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-05-21 18:56 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-21 18:55 - 2017-09-29 15:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-21 18:55 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-21 18:55 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-05-21 18:55 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-21 18:55 - 2017-09-29 10:45 - 000000000 ____D C:\WINDOWS\servicing
2018-05-20 03:24 - 2017-09-20 08:01 - 000000000 ____D C:\Users\latoe\AppData\Local\CrashDumps
2018-05-19 21:48 - 2018-01-24 11:57 - 000004100 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-19 21:48 - 2018-01-24 11:57 - 000003868 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2017-09-18 10:17 - 2017-09-18 10:17 - 000000600 _____ () C:\Users\LocalAdmin\AppData\Local\PUTTY.RND
 
Some files in TEMP:
====================
2018-02-16 13:24 - 2018-01-19 13:14 - 000186736 _____ (RealNetworks, Inc.) C:\Users\LocalAdmin\AppData\Local\Temp\lowproc.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-07 23:31
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by LocalAdmin (17-06-2018 13:45:49)
Running from C:\Users\latoe\Downloads
Windows 10 Enterprise Version 1709 16299.492 (X64) (2018-01-24 09:59:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1277790923-1796002617-886812490-500 - Administrator - Enabled) => C:\Users\Administrator
BW07Admin (S-1-5-21-1277790923-1796002617-886812490-1002 - Administrator - Enabled) => C:\Users\BW07Admin
DefaultAccount (S-1-5-21-1277790923-1796002617-886812490-503 - Limited - Disabled)
Guest (S-1-5-21-1277790923-1796002617-886812490-501 - Limited - Disabled)
LocalAdmin (S-1-5-21-1277790923-1796002617-886812490-1003 - Administrator - Enabled) => C:\Users\LocalAdmin
WDAGUtilityAccount (S-1-5-21-1277790923-1796002617-886812490-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
ACD/Labs Freeware (HKLM-x32\...\{3DD6B5BB-14AF-44C5-B43A-4F4C41976DF0}) (Version: 0.0.0 - ACD/Labs Inc.)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Airtel Internet (HKLM-x32\...\{2EB25CE5-0F84-4B65-AFB4-4360BECDEDC1}) (Version: 1.0.0.1 - )
Belgium e-ID middleware 4.1.20 (build 1779) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A71779}) (Version: 4.1.1779 - Belgian Government)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 22.0.10.67 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 22.0.15.189 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.15.189 - Bitdefender)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 6.4.0 - BitTorrent, Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.1000.16 - Citrix Systems, Inc.)
Click Install if prompted (HKLM-x32\...\{40830C8E-936E-4E08-AE37-240FF3343927}) (Version: 1.0.6.0 - ExpressVpn) Hidden
Configuration Manager Client (HKLM\...\{8864FB91-94EE-4F16-A144-0D82A232049D}) (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.2207.101.108 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
EpiData Entry 3.1.2701.2008 (HKLM-x32\...\EpiData Entry_is1) (Version:  - EpiData Association, Odense. Denmark)
EpiData Entry Client 4.2.0.0 (HKLM\...\{AD85F1FE-E6A8-4FE3-86AC-7C0CD535C696}_is1) (Version:  - EpiData Association)
EpiData Manager 4.2.0.0 (HKLM\...\{E3EA0CC9-E1B1-4A4B-8A24-6B7767D0E1BB}_is1) (Version:  - EpiData Association)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.60.000 - SEIKO EPSON CORPORATION)
ExpressVPN (HKLM-x32\...\{B97E1AC2-1F11-43C0-90A7-22B158337D06}) (Version: 6.5.1.3605 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{e87d0eca-dc93-4f55-bf74-0d155d8c6f07}) (Version: 6.5.1.3605 - ExpressVPN)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FileZilla Client 3.30.0 (HKLM-x32\...\FileZilla Client) (Version: 3.30.0 - Tim Kosse)
FreeFileSync 8.0 (HKLM-x32\...\FreeFileSync_is1) (Version: 8.0 - www.FreeFileSync.org)
Google Chrome (HKLM\...\{A967B385-DA3A-32DD-B6F3-D169E888E661}) (Version: 63.0.3239.108 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 15.0.15188.2008 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{74696588-BE5D-4CB2-881F-6CB68C04FB29}) (Version: 12.9.18.3 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{1D839376-74B6-452F-BBFF-845F102E8A3A}) (Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (HKLM-x32\...\{010788AB-706E-4604-A46B-6785EAB64B5E}) (Version: 140.069.007 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{B445502B-2F83-4873-90F1-06059F71A46A}) (Version: 014.000.0001 - HP) Hidden
HPLJUTM276 (HKLM-x32\...\{C97E3F48-DE95-4E00-80AF-32D75C69302D}) (Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (HKLM-x32\...\{3B37F001-CAC7-4973-8693-D253BB0BB60F}) (Version: 004.000.00001 - Hewlett-Packard) Hidden
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM276LaserJetService (HKLM-x32\...\{D6610387-8E8B-48ED-AB1C-0D38DFE31C55}) (Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (HKLM-x32\...\{7DF7A3DB-90B1-48FE-B314-147E1504214D}) (Version: 004.000.00001 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{E35D0ED5-716B-4E1F-8477-54DD746DF527}) (Version: 140.040.00231 - Hewlett Packard) Hidden
hpStatusAlertsM276 (HKLM-x32\...\{FFD4184D-7EC6-476E-9A72-E83412AB9D3B}) (Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Jihosoft WhatsMate version Jihosoft WhatsMate (HKLM-x32\...\{63D14B9C-AB0C-4B20-AE64-844D38DC101E}_is1) (Version: Jihosoft WhatsMate - HONGKONG JIHO CO., LIMITED)
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Mendeley Desktop 1.17.10 (HKLM-x32\...\Mendeley Desktop) (Version: 1.17.10 - Mendeley Ltd.)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1277790923-1796002617-886812490-1003\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 45.9.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.9.0 ESR (x86 en-US)) (Version: 45.9.0 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Online Plug-in (HKLM-x32\...\{2AB290A4-6B1F-4591-AF1B-73153F10D362}) (Version: 14.4.1000.16 - Citrix Systems, Inc.) Hidden
Opera Stable 53.0.2907.99 (HKU\S-1-5-21-1277790923-1796002617-886812490-1003\...\Opera 53.0.2907.99) (Version: 53.0.2907.99 - Opera Software)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.2 - pdfforge GmbH)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
R for Windows 3.5.0 (HKLM\...\R for Windows 3.5.0_is1) (Version: 3.5.0 - R Core Team)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6105 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 1.1.453 - RStudio)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Software Carpentry Windows Installer version 0.3 (HKLM-x32\...\{2E6818B6-DA37-4D45-8FED-88A6EED6CD08}_is1) (Version: 0.3 - Software Carpentry)
Spelling Dictionaries Support For Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Split Tunneling Driver (HKLM-x32\...\{F078B0B5-2F41-42C2-9162-B8C628D5E6FE}) (Version: 1.0.0.0 - ExpressVpn) Hidden
Stata 13 (HKLM-x32\...\{217BE429-022D-4094-960F-0376E1CBE13E}) (Version: 13.0 - StataCorp LP)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM-x32\...\{90160000-001F-0413-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TurningPoint 2008 (HKLM-x32\...\{B6FCAE72-20C8-44E8-B3CA-F9FB6B2210CF}) (Version: 4.3.2.1178 - Turning Technologies, LLC.)
Umetrics SIMCA 14.1 (HKLM\...\{15EA224C-C791-4249-A1AA-5FCCD32F93CE}) (Version: 14.1.0.2047 - MKS Umetrics AB)
Update for Skype for Business 2016 (KB3213548) 32-Bit Edition (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{BCEFD249-ED9A-4696-9022-9001BF7C7FB3}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 32-Bit Edition (HKLM-x32\...\{90160000-002A-0000-1000-0000000FF1CE}_Office16.PROPLUS_{BCEFD249-ED9A-4696-9022-9001BF7C7FB3}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 32-Bit Edition (HKLM-x32\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{BCEFD249-ED9A-4696-9022-9001BF7C7FB3}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 32-Bit Edition (HKLM-x32\...\{90160000-012B-0413-0000-0000000FF1CE}_Office16.PROPLUS_{BCEFD249-ED9A-4696-9022-9001BF7C7FB3}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
VirtualDJ 8 (HKLM-x32\...\{F6E5CB37-42C1-4FA1-A442-33D9ACD6DCFA}) (Version: 8.2.3752.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
WD Drive Utilities (HKLM-x32\...\{27c7215d-df19-4095-8f6a-eba55cab35be}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{F413FB4C-7CFF-4737-BCC3-5EE43BFB3721}) (Version: 2.0.0.25 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WHO Anthro (HKLM-x32\...\{AC66F0B8-8E0E-4106-AF80-3F8F1F93BE14}_is1) (Version: 3.2.2.1 - WHO)
WHO AnthroPlus (HKLM-x32\...\{13A42C71-87A5-41F7-B7C9-5DC7D56038FC}_is1) (Version: 1.0.4 - WHO)
Windows Driver Package - Fedict SmartCard  (11/30/2016 4.1.9) (HKLM\...\A9FBB4D4E267FA9BF2CEBF564F02DB39E147B466) (Version: 11/30/2016 4.1.9 - Fedict)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
ZDServer (HKLM-x32\...\{C8197F5F-E0DC-44f1-8AF2-1AA5A84F695D}) (Version: 1.0.1.2 - ZTE Corporation)
ZTE Mobile Broadband Device Drivers 1.0.0.16 (HKLM-x32\...\{9194B665-5134-4B6B-AD73-A5292CB072D3}_is1) (Version:  - ZTE)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125177.inf_amd64_d9d520fc51d8a7f4\igfxDTCM.dll [2017-11-07] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05BE6C5B-04ED-46E4-884B-D8A5FADE032F} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-08-23] (Realtek Semiconductor)
Task: {0B59401D-3693-45A7-8B3B-E9E458FEA501} - System32\Tasks\Opera scheduled Autoupdate 1505721614 => C:\Users\LocalAdmin\AppData\Local\Programs\Opera\launcher.exe [2018-06-12] (Opera Software)
Task: {0F2C2DE7-06C8-46F4-BC50-5BE2D2CE39A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {0F4A4299-67CA-4A48-8A17-D2620C450D51} - System32\Tasks\S-1-5-21-4030456262-320625612-449655040-101214\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {1D8ED5C7-06F3-4DDA-AA91-8A682F6A48AA} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [2018-05-23] (Bitdefender)
Task: {20A2D206-A34A-438F-A4B7-CD86746D9336} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-24] (Google Inc.)
Task: {23592BC4-AEB2-4772-B047-21CC625A5125} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-24] (Dropbox, Inc.)
Task: {283EE258-D6CE-4789-BF1A-25FCF49FA163} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-24] (Google Inc.)
Task: {2F114D72-4D56-46B4-A2B0-7379ECC84AC2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-10-19] (HP Inc.)
Task: {319C579F-3D4B-45EA-803F-8252AC55A335} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {397B5697-83A7-4FCE-B54D-87674935913A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-24] (Dropbox, Inc.)
Task: {481FC13F-2BF6-4E7E-A2C3-861FEB90FDAD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {58FD90E5-E4AC-494D-824B-478549CA9A9C} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {5B483E91-913B-42D3-876F-C863056AB0AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {BA2CAAA4-076E-424B-B6D1-CA50C250A6B4} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation)
Task: {C0C75201-728D-4FC7-B476-962FD46CA424} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {C2B89484-78A0-4C23-9B4E-DE24C08B994C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C7CE61E5-75B8-47C0-9A14-42EC945A239B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {C80EF415-3145-49D3-BDDE-022C43B3B3BB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {CFF2A3D4-4419-455A-A03B-4D9415041A91} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-05-16] (Bitdefender)
Task: {D299188B-1852-4522-93FA-5E866FB8EF29} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DA0ECEE3-60FD-4995-BAF8-C3D2F5CDD84C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {DE109537-9A7D-4ACD-98AD-5E62775D480F} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-10-20] (Hewlett Packard)
Task: {F8073E93-D95B-4FF3-A09B-CFC554A04B06} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Maintenance
Task: {FBE034D4-C082-4A0C-BF1F-D7C2CE80B953} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-10-19] (HP Inc.)
Task: {FD2F89C4-F7B7-4B94-A342-2482105F9E86} - System32\Tasks\LaunchChromeTask111 => C:\Program Files\FileZilla FTP Client\FileZilla.exe [2018-01-08] (FileZilla Project)
Task: {FDFBA798-4BD0-4BE2-AB3B-9DFE6DFF1BA2} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-05-14 17:03 - 2018-05-14 17:03 - 000992704 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02551_002\ashttpbr.mdl
2018-05-14 17:03 - 2018-05-14 17:03 - 000543344 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02551_002\ashttpdsp.mdl
2018-05-14 17:03 - 2018-05-14 17:03 - 003228632 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02551_002\ashttpph.mdl
2018-05-14 17:03 - 2018-05-14 17:03 - 001527808 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02551_002\ashttprbl.mdl
2017-05-25 18:22 - 2017-05-25 18:22 - 000268248 _____ () C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe
2018-02-07 17:42 - 2018-02-07 17:42 - 000339168 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2017-10-02 00:53 - 2013-11-18 09:34 - 000432384 _____ () C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
2018-02-07 17:45 - 2018-02-07 17:45 - 008457344 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2018-06-17 11:11 - 2018-05-30 09:22 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-06-17 11:11 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-08 15:00 - 2018-01-08 15:00 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-10-02 00:53 - 2013-11-18 09:34 - 000426752 _____ () C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
2018-06-15 09:51 - 2018-06-08 08:00 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-06-15 09:51 - 2018-06-08 07:56 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-02 00:53 - 2013-07-11 13:12 - 000450304 _____ () C:\Program Files (x86)\Airtel Internet\CancelAutoPlay.exe
2018-02-07 17:45 - 2018-02-07 17:45 - 006164864 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\libxvclient.dll
2018-02-07 17:46 - 2018-02-07 17:46 - 000080512 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.NetworkUtils.dll
2018-02-07 17:42 - 2018-02-07 17:42 - 000303104 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.SplitTunnel.dll
2018-02-07 17:46 - 2018-02-07 17:46 - 000441472 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2017-09-26 23:22 - 2017-09-26 23:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2018-06-06 20:51 - 2018-06-04 12:18 - 001107272 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-06-06 20:51 - 2018-06-04 12:18 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-05-24 15:03 - 2018-06-04 12:21 - 000106816 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000025408 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000042312 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000700736 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000137032 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 001845600 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000123200 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-05-24 02:00 - 2018-06-04 12:20 - 000112448 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000031040 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000399168 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-05-24 02:00 - 2018-06-04 12:21 - 000049984 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000027456 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000131392 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000120648 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000028000 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000182080 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000036672 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000032576 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000055104 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000064320 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-07 20:08 - 2018-06-04 12:21 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000152384 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-05-24 02:00 - 2018-06-04 12:20 - 000091448 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000035136 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-05-24 02:00 - 2018-06-04 12:21 - 000067392 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-05-24 02:00 - 2018-06-04 12:21 - 000030528 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000355648 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-06-06 20:51 - 2018-06-04 12:18 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-06-06 20:51 - 2018-06-04 12:19 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-06-06 20:51 - 2018-06-04 12:18 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-01-11 21:25 - 2018-06-04 12:21 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-05-24 15:03 - 2018-06-04 12:21 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-06-06 20:51 - 2018-06-04 12:19 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-06-06 20:51 - 2018-06-04 12:19 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-05-24 15:03 - 2018-06-04 12:21 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-05-24 15:03 - 2018-06-04 12:21 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-06-06 20:51 - 2018-06-04 12:20 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\latoe\Documents\PRIERE_CASSER_MAGIE_SORCELLERIE_LIENS NEGATIFS.pdf:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1277790923-1796002617-886812490-1003\...\ugent.be -> ugent.be
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 13:47 - 2018-06-17 13:30 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1277790923-1796002617-886812490-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\Themes\IMG_20160528_143356.jpg
DNS Servers: 195.130.130.2 - 195.130.131.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8EBCEB7B-B74D-4089-B987-5CCE5D8A48EB}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{6A02E1A6-EB40-40F9-9976-881E84EB70E4}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{FF13AD9C-3C93-4BBB-A72B-1DDBB7D3C135}] => (Allow) C:\Users\LocalAdmin\AppData\Local\Programs\Opera\49.0.2725.64\opera.exe
FirewallRules: [{E851FA56-0DFB-4108-8F10-53593637FEAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D6BBD3D7-6E53-4D89-A8CC-035B287829A8}] => (Allow) C:\Users\latoe\AppData\Local\Temp\7zS5039\HPDiagnosticCoreUI.exe
FirewallRules: [{057FE357-1EC3-473B-B20E-A58AF527E789}] => (Allow) C:\Users\latoe\AppData\Local\Temp\7zS5039\HPDiagnosticCoreUI.exe
FirewallRules: [{886F78D1-97D1-4CAD-A764-9C68CDC5176C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{8A7AE854-28D1-4DDE-BB24-1FC46561328F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{99356A16-86A3-4918-966F-399721D7A54F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{80CBA622-0F87-446F-9C08-3B1F0FFD3D3E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{913CED0A-BD0F-4376-A30D-1B0F30ECF3D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D97C8834-7D79-4192-A0B5-592A37C6F7AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{94422D99-FBDA-447B-88FF-84EE23235C6F}] => (Block) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{104703FA-A6D6-47D0-AE2C-ADA24FFF1132}] => (Block) C:\Program Files\Java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{441D39E4-01F9-4B30-B3D7-E82D021C321C}] => (Block) C:\Program Files (x86)\Java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{13809E26-E689-482A-8315-1F26B3D14C2B}] => (Block) C:\Program Files\Java\jre1.8.0_131\bin\java.exe
FirewallRules: [{1360339C-5AF8-4F97-8690-781BCE97548E}] => (Block) C:\Program Files (x86)\Java\jre1.8.0_131\bin\java.exe
FirewallRules: [{9A14305B-4ECF-4FB9-94FD-6C266B831A69}] => (Block) C:\Program Files\Java\jre1.8.0_131\bin\rmiregistry.exe
FirewallRules: [{4ACA50BA-9DD7-4797-87E2-AADB2887D5A2}] => (Block) C:\Program Files (x86)\Java\jre1.8.0_131\bin\rmiregistry.exe
FirewallRules: [{C0D0A728-F64E-4FE9-B053-1D4795DDE304}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{72DBADDB-92C1-4EB6-B708-B4CD5D9EE332}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{9370D3FE-E654-4E16-8DD5-BA8E92ACBC42}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{988C1FCE-5BF8-4DE9-BB16-E89F0A53F6DE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{0D144144-0318-4D3B-8E79-DB51F5793C18}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{A247676E-113A-452D-A219-8F48243AF441}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{19E01E14-07D3-43AD-8703-3A9C61FC63E6}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FA6EDDF3-7F00-4279-9DD9-EC97D146A8B5}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D82A0153-C6D3-4D2B-8CE1-F9A8A75F03DC}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CBF23DD5-976B-4134-9B51-A20AA685DFD2}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FF9E7D38-F753-4626-B2CB-D5510272AABE}] => (Allow) C:\Users\latoe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{0919D5FE-67C9-4919-9100-FD0ACA492D0C}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{AA491DA9-4A0D-4CFF-8FEB-E049613D0A4B}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{331CD013-1629-4E37-B74C-9CE6359F7A6B}] => (Block) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{126BC440-A317-42A9-AEB8-8CFE8595576D}] => (Block) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{5E26713A-129E-4B9C-B9B5-26A914703756}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{45695D13-071E-40FC-94C4-55EE6D5C2A7F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{FBC4F405-E2B8-49EF-9093-59F5ECC25AC9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8284218E-7751-4890-A452-B77D11C10BF3}] => (Allow) C:\Users\LocalAdmin\AppData\Local\Programs\Opera\53.0.2907.99\opera.exe
 
==================== Restore Points =========================
 
01-06-2018 08:51:37 Scheduled Checkpoint
10-06-2018 19:57:23 Scheduled Checkpoint
15-06-2018 09:48:33 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: ExpressVPN Tap Adapter
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/17/2018 01:34:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: De openprocedure voor de BITS-service in DLL-bestand C:\Windows\System32\bitsperf.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode.
 
Error: (06/17/2018 01:31:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: De openprocedure voor de WmiApRpl-service in DLL-bestand C:\WINDOWS\system32\wbem\wmiaprpl.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode.
 
Error: (06/17/2018 01:27:54 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
 
Error: (06/16/2018 05:41:25 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
 
Error: (06/16/2018 09:15:19 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
 
Error: (06/15/2018 07:52:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma explorer.exe, versie 10.0.16299.492 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Beveiliging en onderhoud van het Configuratiescherm.
 
Proces-id: 22e8
 
Starttijd: 01d404d1015aacf8
 
Eindtijd: 1850
 
Toepassingspad: C:\Windows\explorer.exe
 
Rapport-id: 0ce56760-ea89-4524-9672-c506f27c3e1e
 
Volledige pakketnaam met fout: 
 
Relatieve toepassings-id van pakket met fout:
 
Error: (06/15/2018 07:46:24 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: De openprocedure voor de WmiApRpl-service in DLL-bestand C:\WINDOWS\system32\wbem\wmiaprpl.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode.
 
Error: (06/15/2018 07:46:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: De openprocedure voor de BITS-service in DLL-bestand C:\Windows\System32\bitsperf.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode.
 
 
System errors:
=============
Error: (06/17/2018 01:44:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (06/17/2018 01:38:23 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: NT AUTHORITY)
Description: 0 mislukt. 
Naam groepsbeleidobject: Private.Scripts
Pad naar bestandssysteem groepsbeleidobject: \\UGent.be\SysVol\UGent.be\Policies\{DA9EE71C-4270-4DFB-8FC7-7FC11804E982}\Machine
Scriptnaam: \\UGent.be\SysVol\UGent.be\DICT\scripts\Startup\Startup1.bat
 
Error: (06/17/2018 01:38:01 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: Het groepsbeleid is niet verwerkt door een gebrek aan netwerkconnectiviteit met een domeincontroller. Dit kan een tijdelijke situatie zijn. Er wordt een bericht weergegeven wanneer er verbinding is gemaakt met de domeincontroller en het groepsbeleid is verwerkt. Als er na enkele uren nog geen bericht is weergegeven, neemt u contact op met de beheerder.
 
Error: (06/17/2018 01:32:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: De server {E60687F7-01A1-40AA-86AC-DB1CBF673334} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (06/17/2018 01:32:21 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: De server {B91D5831-B1BD-4608-8198-D72E155020F7} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (06/17/2018 01:31:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Launch niet verleend aan Local voor de COM-servertoepassing met CLSID 
{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}
 en APPID 
{AD65A69D-3831-40D7-9629-9B0B50A93843}
 aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (06/17/2018 01:31:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (06/17/2018 01:30:07 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Deze computer kan geen beveiligde sessie met een domeincontroller in domein
UGENT starten om de volgende reden(en): 
U kunt niet worden aangemeld met deze referentie, omdat uw domein niet beschikbaar is. Zorg dat uw apparaat is verbonden met het netwerk van uw organisatie en probeer het opnieuw. Als u eerder bij dit apparaat bent aangemeld met een andere referentie, kunt u zich daarmee aanmelden.
 
 
Dit leidt mogelijk tot authenticatieproblemen. Controleer of deze computer met
het netwerk is verbonden. Raadpleeg de domeinadministrator wanneer het probleem
blijft bestaan.
 
 
 
Extra informatie
 
Als deze computer een domeincontroller voor het opgegeven domein is, start
deze de beveiligde sessie met de emulator van de primaire domeincontroller
in het betreffende domein. Als dit niet het geval is, start deze computer
de beveiligde sessie met een willekeurige domeincontroller in het opgegeven
domein.
 
 
Windows Defender:
===================================
Date: 2018-01-24 13:05:01.511
Description: 
Real-timebeveiligingsonderdeel van Windows Defender Antivirus heeft een fout aangetroffen en is niet uitgevoerd.
Onderdeel: Systeem voor netwerkinspectie
Foutcode: 0x8007045b
Foutbeschrijving: A system shutdown is in progress. 
Reden: Antimalwarebeveiliging werkt niet meer wegens een onbekende reden. In sommige gevallen kan het probleem worden verholpen door de service opnieuw te starten.
 
Date: 2018-01-24 13:05:01.511
Description: 
Real-timebeveiligingsonderdeel van Windows Defender Antivirus heeft een fout aangetroffen en is niet uitgevoerd.
Onderdeel: Gedragscontrole
Foutcode: 0x8007045b
Foutbeschrijving: A system shutdown is in progress. 
Reden: Antimalwarebeveiliging werkt niet meer wegens een onbekende reden. In sommige gevallen kan het probleem worden verholpen door de service opnieuw te starten.
 
Date: 2018-01-24 13:05:01.511
Description: 
Real-timebeveiligingsonderdeel van Windows Defender Antivirus heeft een fout aangetroffen en is niet uitgevoerd.
Onderdeel: Bij toegang
Foutcode: 0x8007045b
Foutbeschrijving: A system shutdown is in progress. 
Reden: Antimalwarebeveiliging werkt niet meer wegens een onbekende reden. In sommige gevallen kan het probleem worden verholpen door de service opnieuw te starten.
 
CodeIntegrity:
===================================
 
Date: 2018-06-17 13:31:08.021
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-06-16 17:43:15.197
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-06-16 09:17:23.411
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-06-15 19:46:18.099
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-23 23:06:45.835
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-21 19:06:08.023
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-04-28 05:23:59.877
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-04-16 04:09:08.071
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6300U CPU @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 7860.17 MB
Available physical RAM: 4202.22 MB
Total Virtual: 9076.17 MB
Available Virtual: 5278.59 MB
 
==================== Drives ================================
 
Drive c: (BW07C134) (Fixed) (Total:464.84 GB) (Free:130.48 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
\\?\Volume{a00408a8-0000-0000-0000-003674000000}\ () (Fixed) (Total:0.92 GB) (Free:0.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: A00408A8)
Partition 1: (Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=938 MB) - (Type=27)
 
==================== End of Addition.txt ============================

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 PM

Posted 17 June 2018 - 08:51 AM

Hi,


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Any remaining issues?

#5 kassan07

kassan07
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 19 June 2018 - 02:16 AM

Dear Nasdaq, 

Thanks again. 

please find below the fixlog.

Best regards

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by LocalAdmin (19-06-2018 08:53:16) Run:1
Running from C:\Users\latoe\Downloads
Loaded Profiles: LocalAdmin (Available Profiles: BW07Admin & LocalAdmin & Administrator & latoe)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <====
ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => removed successfully
ATTENTION => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35929812 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 17076406 B
Edge => 55136 B
Chrome => 460861713 B
Firefox => 0 B
Opera => 17016844 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2190658868 B
NetworkService => 104458328 B
BW07Admin => 9366 B
LocalAdmin => 30007033 B
Administrator => 9216 B
latoe => 21212410 B
 
RecycleBin => 2623 B
EmptyTemp: => 2.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:59:47 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 PM

Posted 19 June 2018 - 08:52 AM

Hi,
That key is protected by the operating system.

A any remaining issues?

#7 kassan07

kassan07
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 20 June 2018 - 12:26 PM

Hello, 

No remaining problem. Thanks a lot!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 PM

Posted 21 June 2018 - 06:58 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users