Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Both AVG AV and Windows defender suddenly are off and networking is turned off


  • This topic is locked This topic is locked
329 replies to this topic

#1 sitsekson

sitsekson

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 15 June 2018 - 06:42 PM

Hi, thanks in advance to all volunteers for help, i am Windows 7 user with just about enough knowledge to get myself in trouble.  This monday I noticed that my computer started behaving strangely. Actually it started a few months ago, when i used ccleaner to clean things up before duplicating my harddrive to a new SSD drive. So after that uninstalling some software that i need to reinstall become an issue, but none of that affected my workflow.


This week though, the microsoft O365 made me change my password again and i could't put in a new password on that machine anymore.  The AV software got turned off, windows update started having problems, system restore wasn't working, the works.  After messing the system up completely, i decided to go back to the isntallation that i have a few months ago and duplicate the disks again.  After i did that, however, none of the systems i described have gone away.


Not sure if i completely messed up my windows install (I didn't have the image made, but my attempts to use a reinstall of windows from Dell website have failed with errors in the installation of the USB driver updates.


Here are the logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by user (administrator) on ES7 (15-06-2018 16:28:52)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Hilti Corporation) C:\Program Files (x86)\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2900992 2009-08-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291568 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Virtual Account Numbers] => C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe [435712 2015-07-14] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\Run: [OffCAT] => C:\Users\user\AppData\Local\Microsoft\OffCAT\OffCAT_RTS.exe [365440 2016-08-01] (Microsoft Corp.)
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\MountPoints2: {d6125571-193d-11e0-a9a0-806e6f6e6963} - D:\Launcher.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Authentication Packages] msv1_0 wvauth
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{14BE6998-738F-4C93-A1F3-6E963F390B09}: [NameServer] 64.71.0.34,64.71.0.60

Internet Explorer:
==================
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM -> DefaultScope {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {7081C6DB-5CC3-40B4-92FE-444CBD6A6BB2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {7081C6DB-5CC3-40B4-92FE-444CBD6A6BB2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> DefaultScope {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL =
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {095F5571-DC4A-4899-ADAA-5DD0DBE41DF6} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {45759AFA-AAC1-4203-B6B9-0F6FCF2DDB2F} URL = hxxp://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {7081C6DB-5CC3-40B4-92FE-444CBD6A6BB2} URL =
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL =
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Virtual Account Numbers Helper -> {17424104-1444-4810-85D7-B4DA413C5A9A} -> C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll [2015-07-14] (Orbiscom Ltd. All rights reserved.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll [2015-05-13] (AVG Secure Search)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll [2015-07-14] (Orbiscom Ltd. All rights reserved.)
Toolbar: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {357A8DEC-0CAC-4D8D-9869-C2C356B844F7} hxxp://75.25.142.214/RSVideoOcx.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-13] (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ra7xr3sr.default-1477677048132 [2018-06-15]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-05] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 => not found
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.5.0.909
FF Extension: (AVG Security Toolbar) - C:\ProgramData\AVG Secure Search\FireFoxExt\18.5.0.909 [2015-05-13] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Virtual Account Numbers
FF Extension: (Virtual Account Numbers for Firefox) - C:\Program Files (x86)\Virtual Account Numbers [2015-11-02] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-03-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-03-07] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://startpage.com/eng/"
CHR DefaultSearchURL: Default -> hxxps://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english
CHR DefaultSearchKeyword: Default -> startpage.com_
CHR DefaultSuggestURL: Default -> hxxps://startpage.com/cgi-bin/csuggest?output=json&pl=chrome&lang=english&query={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2018-06-15]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-06-15]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Search by Image (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-05-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ARcltsrv; C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe [116608 2012-12-10] (Algorithmic Research Ltd.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [318328 2018-06-14] (AVG Technologies CZ, s.r.o.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-05-30] ()
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7670672 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2018-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Hilti PROFIS AutoUpdate Service; C:\Program Files (x86)\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe [213504 2015-06-19] (Hilti Corporation) [File not signed]
S2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-01-25] (Alcatel-Lucent) [File not signed]
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [29048 2018-01-17] (Microsoft)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S4 msvsmon90; c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [97552 2012-04-10] (SANDBOXIE L.T.D)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1558016 2010-02-03] (Wave Systems Corp.) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 Autodesk Network Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [X]
S4 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [220600 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [192536 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [336848 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [50776 2018-06-14] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [151504 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [103744 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [78352 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1020112 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [373944 2018-06-14] (AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2017-01-15] (Samsung Electronics Co., Ltd.)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [54216 2018-05-15] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1979296 2009-11-16] (Realtek Semiconductor Corp.)
S4 LMIRfsClientNP; no ImagePath
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [164528 2012-04-10] (SANDBOXIE L.T.D)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2017-01-15] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
R3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [38496 2011-08-25] ()
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EUBAKUP0; \??\C:\Windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\Windows\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\Windows\system32\drivers\EUFDDISK0.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-15 16:28 - 2018-06-15 16:29 - 000024979 _____ C:\Users\user\Desktop\FRST.txt
2018-06-15 16:28 - 2018-06-15 16:28 - 002413056 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2018-06-15 16:28 - 2018-06-15 16:28 - 000000000 ____D C:\FRST
2018-06-15 16:06 - 2018-06-15 16:06 - 000002161 _____ C:\Users\user\Desktop\Tweaking.com - Windows Repair.lnk
2018-06-15 16:06 - 2018-06-15 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-06-15 16:06 - 2018-06-15 16:06 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-06-15 16:05 - 2018-06-15 16:06 - 000194340 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-06-15 13:47 - 2018-06-15 13:47 - 000000000 ___HD C:\$Windows.~WS
2018-06-15 13:44 - 2018-06-15 13:44 - 019119064 _____ (Microsoft Corporation) C:\Users\user\Desktop\MediaCreationTool1803.exe
2018-06-15 11:24 - 2018-06-15 11:24 - 000001333 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 11.0.lnk
2018-06-15 11:24 - 2018-06-15 11:24 - 000001333 _____ C:\ProgramData\Desktop\EaseUS Todo Backup Free 11.0.lnk
2018-06-15 11:24 - 2018-06-15 11:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 11.0
2018-06-15 11:23 - 2018-05-10 02:42 - 000026256 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2018-06-15 11:21 - 2018-06-15 11:21 - 074752192 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\user\Desktop\tb_free.exe
2018-06-14 19:21 - 2018-03-14 10:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-06-14 19:21 - 2018-03-14 10:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-06-14 19:21 - 2018-03-14 06:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-06-14 19:20 - 2018-05-29 13:36 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-06-14 19:20 - 2018-05-29 12:40 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-06-14 19:20 - 2018-05-28 19:43 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-06-14 19:20 - 2018-05-28 19:41 - 005577408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-06-14 19:20 - 2018-05-28 19:41 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-06-14 19:20 - 2018-05-28 19:41 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-06-14 19:20 - 2018-05-28 19:41 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-06-14 19:20 - 2018-05-28 19:41 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-06-14 19:20 - 2018-05-28 19:35 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-06-14 19:20 - 2018-05-28 19:32 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-06-14 19:20 - 2018-05-28 19:32 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:25 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:03 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-06-14 19:20 - 2018-05-28 19:03 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-06-14 19:20 - 2018-05-28 19:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-06-14 19:20 - 2018-05-28 19:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-06-14 19:20 - 2018-05-28 19:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-06-14 19:20 - 2018-05-28 18:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-06-14 19:20 - 2018-05-28 18:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-06-14 19:20 - 2018-05-28 18:58 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:56 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-06-14 19:20 - 2018-05-28 18:55 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-06-14 19:20 - 2018-05-28 18:55 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-06-14 19:20 - 2018-05-28 18:54 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-06-14 19:20 - 2018-05-28 18:54 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-06-14 19:20 - 2018-05-28 17:04 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-06-14 19:20 - 2018-05-24 22:10 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-06-14 19:20 - 2018-05-24 21:59 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-06-14 19:20 - 2018-05-24 21:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-06-14 19:20 - 2018-05-24 21:46 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-06-14 19:20 - 2018-05-24 21:45 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-06-14 19:20 - 2018-05-24 21:44 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-06-14 19:20 - 2018-05-24 21:44 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-06-14 19:20 - 2018-05-24 21:44 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-06-14 19:20 - 2018-05-24 21:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-06-14 19:20 - 2018-05-24 21:38 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-06-14 19:20 - 2018-05-24 21:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-06-14 19:20 - 2018-05-24 21:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-06-14 19:20 - 2018-05-24 21:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-06-14 19:20 - 2018-05-24 21:33 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-06-14 19:20 - 2018-05-24 21:32 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-06-14 19:20 - 2018-05-24 21:32 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-06-14 19:20 - 2018-05-24 21:32 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-06-14 19:20 - 2018-05-24 21:32 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-06-14 19:20 - 2018-05-24 21:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-06-14 19:20 - 2018-05-24 21:24 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-06-14 19:20 - 2018-05-24 21:21 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-06-14 19:20 - 2018-05-24 21:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-06-14 19:20 - 2018-05-24 21:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-06-14 19:20 - 2018-05-24 21:15 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-06-14 19:20 - 2018-05-24 21:15 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-06-14 19:20 - 2018-05-24 21:14 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-06-14 19:20 - 2018-05-24 21:14 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-06-14 19:20 - 2018-05-24 21:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-06-14 19:20 - 2018-05-24 21:13 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-06-14 19:20 - 2018-05-24 21:12 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-06-14 19:20 - 2018-05-24 21:10 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-06-14 19:20 - 2018-05-24 21:10 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-06-14 19:20 - 2018-05-24 21:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-06-14 19:20 - 2018-05-24 21:08 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-06-14 19:20 - 2018-05-24 21:08 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-06-14 19:20 - 2018-05-24 21:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-06-14 19:20 - 2018-05-24 21:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-06-14 19:20 - 2018-05-24 21:06 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-06-14 19:20 - 2018-05-24 21:05 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-06-14 19:20 - 2018-05-24 21:05 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-06-14 19:20 - 2018-05-24 20:57 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-06-14 19:20 - 2018-05-24 20:57 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-06-14 19:20 - 2018-05-24 20:55 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-06-14 19:20 - 2018-05-24 20:55 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-06-14 19:20 - 2018-05-24 20:53 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-06-14 19:20 - 2018-05-24 20:53 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-06-14 19:20 - 2018-05-24 20:53 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-06-14 19:20 - 2018-05-24 20:52 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-06-14 19:20 - 2018-05-24 20:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-06-14 19:20 - 2018-05-24 20:51 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-06-14 19:20 - 2018-05-24 20:49 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-06-14 19:20 - 2018-05-24 20:48 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-06-14 19:20 - 2018-05-24 20:47 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-06-14 19:20 - 2018-05-24 20:45 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-06-14 19:20 - 2018-05-24 20:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-06-14 19:20 - 2018-05-24 20:40 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-06-14 19:20 - 2018-05-24 20:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-06-14 19:20 - 2018-05-24 20:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-06-14 19:20 - 2018-05-24 20:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-06-14 19:20 - 2018-05-24 20:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-06-14 19:20 - 2018-05-24 20:37 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-06-14 19:20 - 2018-05-24 20:29 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-06-14 19:20 - 2018-05-24 20:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-06-14 19:20 - 2018-05-24 20:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-06-14 19:20 - 2018-05-24 20:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-06-14 19:20 - 2018-05-24 20:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-06-14 19:20 - 2018-05-14 21:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-14 19:20 - 2018-05-14 20:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-06-14 19:20 - 2018-05-14 20:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-06-14 19:20 - 2018-05-14 20:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-06-14 19:20 - 2018-05-14 20:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2018-06-14 19:20 - 2018-05-14 20:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2018-06-14 19:20 - 2018-05-14 20:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2018-06-14 19:20 - 2018-05-14 20:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-06-14 19:20 - 2018-05-14 20:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-14 19:20 - 2018-05-14 20:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-06-14 19:20 - 2018-05-14 20:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2018-06-14 19:20 - 2018-05-14 20:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2018-06-14 19:20 - 2018-05-14 20:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2018-06-14 19:20 - 2018-05-14 18:20 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-14 19:20 - 2018-05-14 18:20 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-06-14 19:20 - 2018-05-11 19:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-06-14 19:20 - 2018-05-11 19:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-06-14 19:20 - 2018-05-11 19:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-06-14 19:20 - 2018-05-11 14:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-06-14 19:20 - 2018-05-11 14:19 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-06-14 19:20 - 2018-05-11 14:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-06-14 19:20 - 2018-05-10 17:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-06-14 19:20 - 2018-05-10 17:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-06-14 19:20 - 2018-05-10 17:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-06-14 19:20 - 2018-04-22 16:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-06-14 19:20 - 2018-04-22 16:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-06-14 19:20 - 2018-04-22 16:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-06-14 19:20 - 2018-04-22 16:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-06-14 19:20 - 2018-04-18 09:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-06-14 19:20 - 2018-04-18 09:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-06-14 19:20 - 2018-04-18 08:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-06-14 19:20 - 2018-04-18 08:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-06-14 19:20 - 2018-04-18 08:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-06-14 19:20 - 2018-04-18 08:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-06-14 19:20 - 2018-04-11 09:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-06-14 19:20 - 2018-04-11 09:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-06-14 19:20 - 2018-04-11 09:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-06-14 19:20 - 2018-04-11 09:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-06-14 19:20 - 2018-04-10 09:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-06-14 19:20 - 2018-04-10 09:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-06-14 19:20 - 2018-04-10 09:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-06-14 19:20 - 2018-04-10 09:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-06-14 19:20 - 2018-04-10 09:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-06-14 19:20 - 2018-04-10 09:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-06-14 19:20 - 2018-04-10 09:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-06-14 19:20 - 2018-04-10 08:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-06-14 19:20 - 2018-04-10 08:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-06-14 19:20 - 2018-04-10 08:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-06-14 19:20 - 2018-04-10 08:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-06-14 19:20 - 2018-04-07 09:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-06-14 19:20 - 2018-04-06 09:39 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-06-14 19:20 - 2018-04-06 09:38 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-06-14 19:20 - 2018-03-14 10:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-06-14 19:20 - 2018-03-14 10:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-06-14 19:20 - 2018-03-14 10:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-06-14 19:20 - 2018-03-14 10:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-06-14 19:20 - 2018-03-14 10:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-06-14 19:20 - 2018-03-14 09:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-06-14 19:20 - 2018-03-14 09:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-06-14 19:20 - 2018-03-14 09:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-06-14 19:20 - 2018-03-14 09:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-06-14 19:20 - 2018-03-14 09:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-06-14 19:20 - 2018-03-14 09:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-06-14 19:20 - 2018-03-14 09:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-06-14 19:20 - 2018-03-14 09:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-06-14 19:20 - 2018-03-14 09:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-06-14 19:20 - 2018-03-14 09:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-06-14 19:20 - 2018-03-14 09:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-06-14 19:20 - 2018-03-10 10:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-06-14 19:20 - 2018-03-09 11:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-06-14 19:20 - 2018-03-09 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-06-14 19:20 - 2018-03-09 11:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-06-14 19:20 - 2018-03-09 11:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-06-14 19:20 - 2018-03-09 11:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-06-14 19:20 - 2018-03-09 11:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-06-14 19:20 - 2018-03-09 11:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-06-14 19:20 - 2018-03-09 10:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-06-14 19:20 - 2018-03-06 11:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-06-14 19:20 - 2018-03-06 11:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-06-14 19:20 - 2018-03-06 11:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-06-14 19:20 - 2018-03-06 11:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-06-14 19:20 - 2018-03-06 11:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-06-14 19:20 - 2018-03-06 11:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-06-14 18:45 - 2018-06-14 18:45 - 000000000 ____D C:\Users\Default\AppData\Local\NVIDIA
2018-06-14 18:45 - 2018-06-14 18:45 - 000000000 ____D C:\Users\Default User\AppData\Local\NVIDIA
2018-06-14 18:44 - 2018-06-14 18:44 - 000005805 _____ C:\Windows\brndlog.txt
2018-06-14 18:38 - 2018-06-14 18:37 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-15 16:25 - 2014-04-01 10:07 - 000000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2924615952-200207337-2576731361-1000.job
2018-06-15 16:14 - 2009-07-13 21:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-15 16:14 - 2009-07-13 21:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-15 16:09 - 2018-03-23 16:51 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2018-06-15 16:06 - 2015-05-30 23:42 - 000000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2924615952-200207337-2576731361-1000.job
2018-06-15 14:40 - 2014-01-22 20:00 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-06-15 14:40 - 2011-01-05 19:39 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-15 14:40 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-15 13:47 - 2015-08-18 19:34 - 000000000 ____D C:\Windows\Panther
2018-06-15 13:39 - 2011-01-14 18:43 - 000116640 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-15 13:38 - 2009-07-13 21:45 - 000464448 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-15 13:28 - 2011-01-05 17:57 - 000000000 ____D C:\ProgramData\Dell
2018-06-15 11:30 - 2018-03-29 17:08 - 000000000 ____D C:\Windows\system32\config\regsave
2018-06-15 11:22 - 2018-03-29 15:13 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-06-15 09:41 - 2009-07-13 22:13 - 000801042 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-15 09:41 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-06-15 09:29 - 2014-12-18 10:52 - 000000000 ____D C:\Windows\system32\appraiser
2018-06-15 09:17 - 2017-10-11 03:16 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-15 09:17 - 2013-09-12 10:28 - 000000000 ____D C:\Windows\system32\MRT
2018-06-15 09:17 - 2011-01-17 15:08 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-15 04:40 - 2013-12-04 16:48 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-15 04:40 - 2013-12-04 16:48 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-15 04:40 - 2013-12-04 16:48 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-06-14 22:30 - 2016-03-02 18:33 - 000000316 _____ C:\Windows\Tasks\NetBak-ES7-user-Job1.job
2018-06-14 18:57 - 2015-04-01 09:53 - 000000000 ____D C:\Users\user\AppData\Local\Avg
2018-06-14 18:55 - 2011-01-05 17:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-14 18:46 - 2009-07-13 22:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-06-14 18:44 - 2009-07-13 21:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-06-14 18:43 - 2011-01-14 17:41 - 000000000 ____D C:\Users\user
2018-06-14 18:42 - 2015-04-01 09:51 - 000000000 ____D C:\ProgramData\AVG
2018-06-14 18:42 - 2011-01-17 15:56 - 000000000 ____D C:\Program Files (x86)\AVG
2018-06-14 18:38 - 2017-05-17 11:13 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-06-14 18:37 - 2017-11-28 03:24 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000151504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000078352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-06-14 18:36 - 2017-05-17 11:13 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2018-06-14 18:33 - 2018-03-08 13:29 - 000000000 ____D C:\Users\user\AppData\Local\GoToMeeting
2018-06-14 18:33 - 2015-05-30 23:42 - 000003650 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2924615952-200207337-2576731361-1000
2018-06-14 18:33 - 2014-04-01 10:07 - 000003554 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2924615952-200207337-2576731361-1000
2018-06-14 18:33 - 2012-09-24 16:42 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-14 18:33 - 2012-09-24 16:42 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-14 18:31 - 2015-04-23 14:05 - 000000000 ____D C:\Users\user\AppData\Local\Akamai

==================== Files in the root of some directories =======

2011-01-17 11:20 - 2011-01-17 11:20 - 000000075 _____ () C:\ProgramData\nvUnsupRes.dat
2014-05-06 11:02 - 2014-06-22 08:49 - 000000000 ____N () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-04-19 16:59 - 2012-04-19 17:08 - 000038482 _____ () C:\Users\user\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-02-26 13:21 - 2014-12-09 14:51 - 000003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 14:09 - 2013-06-19 14:09 - 000000093 _____ () C:\Users\user\AppData\Local\fusioncache.dat
2018-02-05 16:09 - 2018-02-07 18:31 - 000000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2011-05-17 16:13 - 2016-06-29 17:41 - 000007632 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2014-05-20 14:49 - 2014-05-20 14:49 - 000000138 _____ () C:\Users\user\AppData\Local\TempNCMAlogs.txt

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\ssprs.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2012-06-18 00:03

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by user (15-06-2018 16:29:33)
Running from C:\Users\user\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-01-15 00:41:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2924615952-200207337-2576731361-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2924615952-200207337-2576731361-1006 - Limited - Enabled)
Guest (S-1-5-21-2924615952-200207337-2576731361-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2924615952-200207337-2576731361-1002 - Limited - Enabled)
user (S-1-5-21-2924615952-200207337-2576731361-1000 - Administrator - Enabled) => C:\Users\user
UpdatusUser (S-1-5-21-2924615952-200207337-2576731361-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.1 - Adobe Systems)
Adobe Acrobat 9.5.1 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_951) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Connect Add-in (HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)
Akamai NetSession Interface (HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anchor Selector for ACI 318 (HKLM-x32\...\{F59A435E-1DD8-4BF6-88FA-0721526D9B08}) (Version: 4.0.0 - Simpson Strong-Tie)
ARX CoSign Client (HKLM\...\{281E7F67-FADE-4370-AD9D-F0C7B9A776D0}) (Version: 7.50 - Algorithmic Research Ltd.)
ARX CryptoKit (HKLM\...\{F75D2B1D-5309-41DF-BC96-DFC3C3568C1D}) (Version: 4.8.15 - Algorithmic Research Ltd.)
ARX Office Signatures (HKLM\...\{669E14E8-DB85-4C14-8FC2-98029317164F}) (Version: 7.50 - Algorithmic Research Ltd.)
ARX Signature API (HKLM\...\{FFF34EF7-401C-47C8-AA8D-2375B3B936D9}) (Version: 7.50 - Algorithmic Research Ltd.)
AutoCAD 2011 Language Pack - English (HKLM\...\{5783F2D7-9030-0409-1102-0060B0CE6BBA}) (Version: 2011.0.0.2721 - Autodesk) Hidden
AutoCAD Structural Detailing 2011 (HKLM\...\{5783F2D7-9030-0409-0102-0060B0CE6BBA}) (Version: 2011.2.0.2721 - Autodesk) Hidden
AutoCAD Structural Detailing 2011 (HKLM\...\AutoCAD Structural Detailing 2011) (Version: 2011.2.0.2721 - Autodesk)
Autodesk Design Review 2013 (HKLM-x32\...\{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}) (Version: 13.2.0.82 - Autodesk, Inc.) Hidden
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.2.0.82 - Autodesk, Inc.)
Autodesk Download Manager (HKLM-x32\...\{EC92633C-8F08-470A-BCDF-3FE5FD778C8D}) (Version: 4.0.14.0 - Autodesk, Inc.)
Autodesk DWG TrueView 2015 - English (HKLM\...\DWG TrueView 2015 - English) (Version: 20.0.210.0 - Autodesk)
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.100 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Medium Image library (HKLM-x32\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.4.3056 - AVG Technologies)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.5.0.909 - AVG Technologies)
Bentley IEG License Service (HKLM-x32\...\{2924BC91-7696-4A4A-A538-7685D87544F8}) (Version: 2.0.18.3 - Bentley Systems Inc.)
Bentley OpenSTAADOEM (HKLM-x32\...\{7A231C13-1D15-4A9A-92FC-B00260CA3748}) (Version: 08.02.09.09 - Bentley Systems, Inc.)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioAPI Framework (HKLM\...\{AF7E4468-E364-4991-BC2A-6E8293E1055B}) (Version: 1.0.1 - Dell Inc.) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.02 - Broadcom Corporation)
Cbeam 2005 1.0.1 (HKLM-x32\...\Cbeam_2005_R1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CONNECTION Client (HKLM\...\{575A2E64-8F42-3B76-9925-6F160E1E1BA9}) (Version: 10.00.10.013 - Bentley Systems, Incorporated) Hidden
CONNECTION Client (HKLM-x32\...\{53134144-1007-488c-aa1b-bff78f709d69}) (Version: 10.0.10.13 - Bentley Systems, Incorporated)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Control Point 64 (HKLM\...\{7B7D73E7-79D5-4133-AB7A-E27BB5F64725}) (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM-x32\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 02.05.04.001 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM-x32\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.056 - Dell Inc.)
DeviceViewer v3.12.0.1 (HKLM-x32\...\DeviceViewer_is1) (Version: 3.12.0.1 - )
DvrClient (HKLM-x32\...\{87644CBA-0E0C-41AC-8D5E-DBF3A15C04BA}) (Version: 1.2.20 - DVR Soft)
DWG TrueView 2015 - English (HKLM\...\{5783F2D7-E028-0409-0100-0060B0CE6BBA}) (Version: 20.0.210.0 - Autodesk) Hidden
EaseUS Todo Backup Free 11.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 11.0 - CHENGDU YIWO Tech Development Co., Ltd)
EMBASSY Security Center Lite (HKLM\...\{131A2659-99A9-4A89-B012-22A898EAE9DA}) (Version: 04.01.00.044 - Wave Systems Corp) Hidden
EMBASSY Security Center Lite (HKLM-x32\...\InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}) (Version:  - ) Hidden
EMBASSY Security Setup (HKLM\...\{53333479-6A52-4816-8497-5C52B67ED339}) (Version: 04.01.00.043 - Wave Systems Corp) Hidden
EMBASSY Security Setup (HKLM-x32\...\InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}) (Version:  - ) Hidden
ESC Home Page Plugin (HKLM\...\{E738A392-F690-4A9D-808E-7BAF80E0B398}) (Version: 04.01.00.010 - Wave Systems Corp) Hidden
ESC Home Page Plugin (HKLM-x32\...\InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}) (Version:  - ) Hidden
Gemalto (HKLM\...\{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}) (Version: 01.64.00.0010 - Wave Systems Corp) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.29.1.8953 (HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\GoToMeeting) (Version: 8.29.1.8953 - LogMeIn, Inc.)
Hilti PROFIS Anchor (HKLM-x32\...\{4CFEE2F2-76FA-4E40-AEA9-1765766AA48B}) (Version: 2.7.2 - Hilti corp.)
Hilti PROFIS AutoUpdate (HKLM-x32\...\{E3FFC1C5-1157-48EC-A197-29F00BFF01DE}) (Version: 1.4.1 - Hilti corp.)
HL-4150CDN (HKLM-x32\...\{123DE6D6-9566-4777-AC81-E6D86FFA95DA}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
HTA-US 2.40 (HKLM-x32\...\{22C1A1D2-F13F-4E70-A71F-6AAD2990C355}) (Version: 2.40 - Halfen GmbH) Hidden
HTA-US 2.40 (HKLM-x32\...\HTA-US 2.40) (Version: 2.40 - Halfen GmbH)
Index Your Files 5.0.2.6 (HKLM-x32\...\{8158B832-5225-40AB-8082-54349388B323}_is1) (Version:  - Rafael Castro)
Intel® Visual Fortran Redistributables for Windows* on IA-32 (HKLM-x32\...\{81552809-3DA1-4047-91BC-F9AC755A2016}) (Version: 11.1.060 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
join.me (HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\JoinMe) (Version: 3.4.0.5369 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mathcad 15 F000 (HKLM-x32\...\{DC8F6C78-7231-44A2-B66E-6C4FCB3A3364}) (Version: 15.0.0.0 - PTC)
MFCLOC (HKLM-x32\...\{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}) (Version: 1.00.0000 - Dell Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Garage Mouse without Borders (HKLM-x32\...\{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.1.8.105 - Microsoft Garage)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Configuration Analyzer Tool 2.2 (HKLM-x32\...\{EA5C0F11-00CA-0321-0801-141002021782}) (Version: 2.2.6018.801 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Outlook 2013 (HKLM-x32\...\Office15.OUTLOOK) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Post Sign Program1.21 (HKLM-x32\...\Multi-Post Sign Program1.21) (Version:  - )
MyScript Notes for DANE-ELEC (HKLM-x32\...\{6378CFE7-D898-4C41-A7DD-4BB54ED80BB7}) (Version: 2.1.4.4 - Vision Objects)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.9 - Notepad++ Team)
NTRU TCG Software Stack (HKLM\...\{BB93D30B-B395-44BB-A9ED-A0E057F07E53}) (Version: 2.1.29 - NTRU Cryptosystems) Hidden
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Pile Cap and Group Analysis and Design (C:\Program Files (x86)\Pile Cap and Group Analysis and Design\) (HKLM-x32\...\ST6UNST #2) (Version:  - )
Powers Design Assist 2 (HKLM-x32\...\{11708ED8-DD12-4134-B80F-6391A7C10F6E}_is1) (Version: 2.3.5780.30000 - POWERS)
Preboot Manager (HKLM\...\{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}) (Version: 03.01.00.084 - Wave Systems Corp.) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Quicktools Analyzer (HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\aa5ec066984c820a) (Version: 1.4.319.0 - GDTM)
RAM Connection Upgrade 7.1.1 (HKLM-x32\...\{C3F57E2B-3EE6-4B7C-A711-A91EB2A97862}) (Version: 7.1.1 - Bentley Systems Inc.)
RAM Connection Upgrade 7.3 (HKLM-x32\...\{C91DFF17-030E-4D24-99C3-674AEE194A10}) (Version: 7.3 - Bentley Systems Inc.)
RAM Connection Upgrade 7.3.1 (HKLM-x32\...\{CC1C5948-5BA8-4DCB-85D9-3686225B7443}) (Version: 7.3.1 - Bentley Systems Inc.)
RAM Connection V8i (SELECTseries 3) Release 7.0 (HKLM-x32\...\{C98274BE-327C-43E0-87C5-FF8B149AE1AD}) (Version: 7.0 - Bentley Systems Inc.)
RAM Elements V8i (SELECTseries 3) Release 12.5 (HKLM-x32\...\{E68579EE-0ED3-4D5E-BFDB-8146933FD2A2}) (Version: 12.5.0 - Bentley Systems Inc.)
RAM Elements V8i (SELECTseries 3) Upgrade 12.5.1 (HKLM-x32\...\{E671F4EF-C0A1-494C-BB11-A2364759BB3E}) (Version: 12.5.1 - Bentley Systems Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5876 - Realtek Semiconductor Corp.)
Rectangular Spread Footing (HKLM-x32\...\Rectangular Spread Footing1.0) (Version:  - )
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Russian Phonetic YaWert - WinRus.com (HKLM\...\{3A414249-4B92-422C-904C-5FA6FF525AB1}) (Version: 1.0.3.40 - personal)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SBEDS_W_v1.1.1 (HKLM-x32\...\{087DDCD6-3A85-40DE-89D7-97658B481A1A}) (Version: 1.1.1000 - USACE Protective Design Center)
Scan Tailor (HKLM-x32\...\Scan Tailor) (Version:  - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0000-0000-0000000FF1CE}_Office15.OUTLOOK_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
STAAD Foundation Advanced V8i (HKLM-x32\...\{FE2EB351-642A-4B08-82B2-12C327C1D9CE}) (Version: 06.00.00.51 - Bentley Systems Inc.)
STAAD.foundation V8i (SELECTseries 4) Release 5.3 (HKLM-x32\...\{C3010B65-2BF1-4028-B1D0-0B3D513664AD}) (Version: 05.03.00.32 - Bentley Systems Inc.)
STAAD.Pro V8i SELECTseries 3 (HKLM-x32\...\{B86A6960-FE1A-40FA-B3B5-983097834EF7}) (Version: 20.07.08.20 - Bentley Systems, Inc.)
TBSA (HKLM-x32\...\ST6UNST #3) (Version:  - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.1548 - TeamViewer)
Trusted Drive Manager (HKLM\...\{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}) (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.20 - Tweaking.com)
Type2018 TWAIN Driver Ver.3 (HKLM-x32\...\{75426376-58A7-46A1-A868-B72A1D175F42}) (Version:  - )
Update for Skype for Business 2015 (KB4018290) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.OUTLOOK_{84C8E536-D7E9-4C97-8477-F56848459A05}) (Version:  - Microsoft)
UPEK TouchChip Fingerprint Reader (HKLM\...\{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}) (Version: 1.2.0 - Dell Inc.) Hidden
Virtual Account Numbers (HKLM-x32\...\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}) (Version: 4.0.0.2260 - Citi)
Virtual Account Numbers (HKLM-x32\...\{F9A113B7-BBB0-4388-9BAB-934C698D7419}) (Version: 1.0.6.0 - Citi) Hidden
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual Studio 2008 Shell Integrated Mode Redistributable Package (HKLM-x32\...\{26458DFF-3EE7-31E9-9761-5565795CBEA4}) (Version: 9.0.30729 - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wave Infrastructure Installer (HKLM\...\{67154CF5-2C33-41C2-A9F2-A4FBC29482AD}) (Version: 07.65.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (HKLM\...\{07D618CD-B016-438A-ADC9-A75BD23F85CE}) (Version: 05.11.00.040 - Wave Systems Corp) Hidden
Wave Support Software (HKLM-x32\...\InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}) (Version:  - ) Hidden
Weak Story Tool with Simpson Strong-Tie® Strong Frame® (HKLM-x32\...\{6E5B2F46-DF46-4BDF-8FCB-18342B2D1517}) (Version: 1.5.0.33 - Simpson)
WeakStoryTool (HKLM-x32\...\{03DFAA88-41CB-4F0D-93FA-7A23B62E4932}) (Version: 1.5.0.31 - Tipping Mar)
Win7 Library Tool v1.09 (HKLM-x32\...\Win7 Library Tool v1.09) (Version:  - Zorn Software)
Window Glass Design 5 (HKLM-x32\...\{EBDBE5C1-0B92-41F1-B553-550E3930A473}) (Version: 1.00.0000 - Standards Design Group, Inc.) Hidden
Window Glass Design 5 (HKLM-x32\...\InstallShield_{EBDBE5C1-0B92-41F1-B553-550E3930A473}) (Version: 1.00.0000 - Standards Design Group, Inc.)
Window Glass Design 5 Service Release (HKLM-x32\...\{0EAF9D1D-EFCB-4274-B086-DB1499C602B4}) (Version:  - )
Window Glass Design 5 Service Release (HKLM-x32\...\{39CC1620-1428-47BF-BD43-C62B971CBC09}) (Version:  - )
Window Glass Design 5 Service Release (HKLM-x32\...\{B1D68466-595D-4B7E-B555-2ED9B416D683}) (Version:  - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - KEYLOK (usbkey) USB  (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WINGARD MP (HKLM-x32\...\{BDF932C3-A73A-4273-AC2D-7B34F567891F}) (Version: 1.00.0000 - Applied Research Associates) Hidden
WINGARD MP (HKLM-x32\...\InstallShield_{BDF932C3-A73A-4273-AC2D-7B34F567891F}) (Version: 1.00.0000 - Applied Research Associates)
WINGARDPE5.5.1 (HKLM-x32\...\{FC7ABF98-F967-4496-87F8-117BA8141FBB}) (Version: 5.5.1 - Applied Research Associates) Hidden
WINGARDPE5.5.1 (HKLM-x32\...\InstallShield_{FC7ABF98-F967-4496-87F8-117BA8141FBB}) (Version: 5.5.1 - Applied Research Associates)
WoodWorks Design Office 9 (SR-1b) (HKLM-x32\...\{A72C73DA-D514-403D-B156-21D544FE28F9}) (Version: 9.12 - CWC)
WoodWorks Sizer 10.2 (HKLM-x32\...\{B6EDC20A-89DF-445D-88C0-CAEF88088434}) (Version: 10.2 - CWC)
WoodWorks® Design Office 10 (SR-4a) (HKLM-x32\...\{F2B5A28C-8518-4FA7-88EE-E06649002EAF}) (Version: 10.41 - CWC)
WWPA Design Suite 2.0 (HKLM-x32\...\WWPA Design Suite_is1) (Version:  - Western Wood Products Association)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{236dd471-0371-4b67-b054-8c75f4834cb8}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Structural Detailing 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\user\AppData\Local\GoToMeeting\8473\G2MOutlookAddin64.dll (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Structural Detailing 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Structural Detailing 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{DAE467D6-5C66-404A-BD99-4AC8261A733A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD Structural Detailing 2011\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-09-11] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} =>  -> No File
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} =>  -> No File
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2014-09-11] (Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2012-03-26] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1-x32: [Autodesk.DWF.ContextMenu] -> {6C18531F-CA85-45F7-8278-FF33CF0A5964} => C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\DWFShellExtension.dll [2010-01-11] (Autodesk, Inc.)
ContextMenuHandlers1-x32: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-06-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers1-x32: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-03] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2012-03-26] (Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-06-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {059D7555-8240-4CEC-94B8-AA3720C0E58C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {09E2EBC4-8079-4345-9C05-7D58D826AA0C} - System32\Tasks\{DDF54C65-36A2-43A3-9F5B-785B78FD2287} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\QuickTimeInstaller.exe -d C:\Users\user\Downloads
Task: {2AA6D7B5-8943-4FE9-B4D1-FC7524B4185C} - System32\Tasks\{4E15CCFF-36EA-4C9B-A2A7-093AB1D8EDEB} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\VS90SP1-KB2251487-x86.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2E6F87AA-7A9A-4034-81C6-B5ED0BDC85AF} - System32\Tasks\{E9C4C178-F915-4B71-B75F-F4FF818759F6} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_ApDemoSetup.zip\ApDemoSetup.exe <==== ATTENTION
Task: {31D77EF4-BCDF-4C32-8A79-5775864DE21C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3F0D8205-14CA-4748-8F4A-1AAB1D4B016E} - System32\Tasks\{3660D720-5BE9-45D9-B6A6-7220C39F2F80} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_development.zip\setup.exe <==== ATTENTION
Task: {433F77FD-5948-4B1B-93CB-C81ACA124603} - System32\Tasks\{994D7E43-9A35-439D-8E6F-93BF3088B4A6} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Desktop\setup_en.exe -d C:\Users\user\Desktop
Task: {459A12E7-0FFA-46D0-8F67-C7A1BB62E4B1} - System32\Tasks\{2915BBDB-6E3C-44F5-9F1A-5CB2357EEA9F} => C:\Windows\system32\pcalua.exe -a "C:\Users\user\Desktop\setup_en (1).exe" -d C:\Users\user\Desktop
Task: {4B445C62-2681-4F0F-B73F-3B637A53C9FC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {56EA79D0-5AF3-4A98-BA6B-64711E33838F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {5AFF3E0B-9FCD-411A-83EA-CFDCB8AF1063} - System32\Tasks\task1215886846 => C:\Users\user\AppData\Local\Temp\0.5011592961588648.exe <==== ATTENTION
Task: {6280112E-A12D-4430-90E3-DDFE37304CED} - System32\Tasks\{94F58C9C-1E21-4721-8C86-F112A0431728} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_FaxClientSetup.zip\FaxClientSetup.exe <==== ATTENTION
Task: {7002A5D0-F68C-4F17-85E2-6843174632A6} - System32\Tasks\{61001902-FEFF-4584-9C31-E13379A92AE3} => C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [2018-02-14] (Microsoft Corporation)
Task: {7BDF14F9-70B4-4F37-AC22-47E05EB24DD9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {7E311CDE-B978-4A6A-AD2F-1098579854F8} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
Task: {8625775B-EDF5-4C6D-B804-1720EE271588} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-07] (Adobe Systems Incorporated)
Task: {86FA1CC5-BA19-45DB-B513-C7333A572539} - System32\Tasks\G2MUploadTask-S-1-5-21-2924615952-200207337-2576731361-1000 => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupload.exe [2018-06-14] (LogMeIn, Inc.)
Task: {910BDCF1-2FCF-4A27-9488-4257A93F0BDD} - System32\Tasks\{595C0F70-5C10-446D-96CB-D398E3AFCF92} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft Office\Office12\OIS.EXE" -d C:\Windows\system32
Task: {9A5193A2-4A5E-410E-AF4D-84F9B2D9D3AE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {9A89154A-2BD3-4F8A-9C42-38B36D731C5A} - System32\Tasks\{DB76F220-69BC-4130-AE93-53B25B8EF9E9} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\Install_CopyTrans_Suite.exe -d C:\Users\user\Desktop
Task: {A2F59696-34CA-4485-8207-2E9C12606046} - System32\Tasks\{69E7DBEB-AC76-4E8E-8017-62EA8B2CBF7B} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe -c /x {6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC} {lang}=ENU
Task: {A48CBB1D-CE4E-4F5D-8A96-2A01BF4D0F56} - System32\Tasks\G2MUpdateTask-S-1-5-21-2924615952-200207337-2576731361-1000 => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupdate.exe [2018-06-14] (LogMeIn, Inc.)
Task: {A50D9715-4C47-4887-8DA2-E2EF44BE9254} - System32\Tasks\{A21972A0-CA7A-495C-A59F-E132009D3601} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp2_development.zip\setup.exe <==== ATTENTION
Task: {A8B4CE55-80FC-4EC5-BBA4-5D8A38B045E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {AE1FDA0A-3C6E-4932-A410-883E32427B5E} - System32\Tasks\{1C92274D-2458-4A06-BDE0-EA904E8F6BCE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall BASICR /dll OSETUP.DLL
Task: {B0C6397E-8616-4E3F-9749-F44B368CBAC7} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-14] (AVG Technologies CZ, s.r.o.)
Task: {B10E6896-6BCF-494C-AE03-C86469162AD1} - System32\Tasks\{AB8768B2-A445-480C-BB4F-83992BFC0E51} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {B16B7B48-29A9-48E6-A26A-00EA27B4643D} - System32\Tasks\Microsoft\Windows\PLA\WPPTracingSession => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "WPPTracingSession" "$(Arg0)"
Task: {B277D1E5-721A-4008-BE23-40A18B8AC82A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {B7FA2D04-A3E0-4491-9D39-15F053E0D5C7} - System32\Tasks\NetBak-ES7-user-Job2 => C:\Program Files\QNAP\NetBak\NetBak.exe
Task: {BFEB547B-2161-4753-8288-75CA1D4C1EFD} - System32\Tasks\{2F81DA72-42E1-4EA6-9EA0-8535358EF3A9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall BASICR /dll OSETUP.DLL
Task: {C010A428-E095-426A-9877-7BC988E047DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {C2BA39DC-DB0B-405C-8086-89B03583CCE8} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-06-14] (AVG Technologies CZ, s.r.o.)
Task: {C52C0684-99A7-46ED-ADFE-361DF6A9747E} - System32\Tasks\NetBak-ES7-user-Job1 => C:\Program Files\QNAP\NetBak\NetBak.exe
Task: {C90AA298-6D68-45CC-8255-B6041C117827} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CE7D6548-C447-4F97-9E89-C6E8B095E9A3} - System32\Tasks\{5DCA7706-38AA-43D4-95D1-0675D7505144} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Desktop\temp\Install.exe -d C:\Users\user\Desktop\temp <==== ATTENTION
Task: {DC37D079-096C-4DBA-8832-4DF90F74E092} - System32\Tasks\{482F4BAF-3506-47AD-8BC1-EA63AA66F67C} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\YouSendItOutlookSetup2_17_0.exe -d C:\Users\user\Downloads
Task: {E985432A-73F0-4101-8B67-D6C0DC48ECB6} - System32\Tasks\{AABEF74A-7D06-46DE-80E4-D2A48B44B0BF} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Adobe\Acrobat 9.0\Setup Files\{AC76BA86-1033-F400-BA7E-000000000004}\Setup.exe" -d "C:\Program Files (x86)\Adobe\Acrobat 9.0\Setup Files\{AC76BA86-1033-F400-BA7E-000000000004}"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2924615952-200207337-2576731361-1000.job => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2924615952-200207337-2576731361-1000.job => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupload.exe
Task: C:\Windows\Tasks\NetBak-ES7-user-Job1.job => C:\Program Files\QNAP\NetBak\NetBak.exe
Task: C:\Windows\Tasks\NetBak-ES7-user-Job2.job => C:\Program Files\QNAP\NetBak\NetBak.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-11-27 11:39 - 2015-02-03 19:21 - 000115400 ____N () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-06-15 11:23 - 2018-05-10 02:43 - 000270480 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2018-06-14 18:36 - 2018-06-14 18:36 - 000738032 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 001067248 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000595696 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
2017-02-23 09:29 - 2017-02-23 09:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-08-23 11:52 - 2010-08-23 11:52 - 000803312 ____N () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2018-01-17 10:35 - 2018-01-17 10:35 - 000050040 _____ () C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe
2018-06-15 04:39 - 2018-06-11 22:36 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libglesv2.dll
2018-06-15 04:39 - 2018-06-11 22:36 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libegl.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000481008 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2018-06-15 10:51 - 2018-06-15 10:51 - 005837040 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\18061504\algo.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000886512 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000925936 _____ () C:\Program Files (x86)\AVG\Antivirus\anen.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000983792 _____ () C:\Program Files (x86)\AVG\Antivirus\shepherdsync.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000520944 _____ () C:\Program Files (x86)\AVG\Antivirus\gui_cache.dll
2015-07-23 16:29 - 2015-07-23 16:29 - 002298672 _____ () C:\Program Files\ARX\ARX CoSign Client\CoSign.dll
2015-06-25 10:42 - 2015-06-25 10:42 - 002316080 _____ () C:\Program Files\ARX\ARX CoSign Client\proxylogon.dll
2018-06-15 11:23 - 2017-02-21 17:19 - 000083136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2018-06-15 11:23 - 2016-03-07 18:08 - 001291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2018-06-15 11:23 - 2004-10-05 03:08 - 000055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000019600 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000024720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000188560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000195728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000163472 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt_RTTO.dll
2018-06-15 11:23 - 2018-05-10 02:42 - 000055952 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000018064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000058000 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2018-06-15 11:23 - 2017-10-13 08:42 - 000703120 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuActiveOnline.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000487568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EULicenseDLL.DLL
2018-06-15 11:23 - 2018-05-10 02:41 - 000021648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\fsclog.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000264336 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AuthorizedMng.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000112272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CalcScheduleTime.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000085648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000032912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2018-06-15 11:23 - 2018-05-11 17:23 - 000070800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000169616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000539280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000078480 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000316048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSUtil.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000211088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000026256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CallbackOperator.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000074384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2018-06-15 11:23 - 2018-05-10 02:42 - 000141968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000089232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 002414736 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000217232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000162960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000029328 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2018-06-15 11:23 - 2018-05-15 14:51 - 000128656 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000026768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000024720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000034448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2018-06-15 11:23 - 2018-05-10 02:42 - 000054416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2018-06-15 11:23 - 2018-05-10 02:42 - 000066192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000026768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000072848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000243344 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000078992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000021648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2018-06-15 11:23 - 2018-05-10 02:42 - 000138384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2018-06-15 11:23 - 2018-05-10 02:42 - 000074896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlExBrowser.dll
2018-06-15 11:23 - 2018-05-10 02:42 - 000585872 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlSMOCPlusPlus.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000119952 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSearch.dll
2018-06-15 11:23 - 2018-05-10 02:42 - 000045200 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000367760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000142992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2018-06-15 11:23 - 2018-05-10 02:42 - 000149136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000052368 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000064144 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2018-06-15 11:23 - 2018-05-10 02:40 - 000091792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2018-06-15 11:23 - 2018-05-10 02:41 - 000058512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2018-06-15 11:23 - 2018-05-10 02:42 - 000220304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2018-03-13 02:36 - 2018-03-13 02:36 - 067127976 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\sharepoint.com -> hxxps://enginiousstructures.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-08-07 10:40 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.71.0.34 - 64.71.0.60
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: EFS => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TdmNotify.lnk => C:\Windows\pss\TdmNotify.lnk.CommonStartup
MSCONFIG\startupreg: 1netrbin.exe => "C:\Program Files (x86)\Network Recycle Bin Tool\netrbin.exe"
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ADSK DLMSession => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: join.me.launcher => C:\Users\user\AppData\Local\join.me.launcher\join.me.launcher.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MySELECT.exe => C:\Program Files\Common Files\Bentley Shared\CONNECTION Client\Bentley.Connect.Client.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: PROFIS AutoUpdate => "C:\Program Files (x86)\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe" -hidden
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: USCService => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
MSCONFIG\startupreg: Virtual Account Numbers => C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{27BB0367-6365-43D1-90DA-DB7A3B9CC4D8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{3E4681B7-AF64-469C-B996-E406535F94C8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6F5757B7-DC8C-4DDF-BEB6-D8E0C1C141DE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BAA4B523-F32F-4AD4-B1E4-2A4AE48811FD}] => (Allow) LPort=2869
FirewallRules: [{71D7667C-5DC3-4442-AD3F-4BA95BA7AE7C}] => (Allow) LPort=1900
FirewallRules: [{3BDDF7BD-54C8-421D-991A-F2B933AA1F3C}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdate.EXE
FirewallRules: [{4C2FB4D9-17AF-4D82-ABF6-BFDDA532F2D1}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdate.EXE
FirewallRules: [TCP Query User{85555CED-EFCC-4773-9093-F896F3DF8F72}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{2143C31F-F111-497C-A252-47A80A8E6DAC}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{0BE6C850-C63C-4084-9494-3A040A1DE5DA}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdateCheck.EXE
FirewallRules: [{6561E2F5-CC03-487C-93B9-09F6FC268C8A}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdateCheck.EXE
FirewallRules: [{8AD9237B-DC4F-40A2-8C0D-95CCC8E1CB6A}] => (Allow) C:\Program Files (x86)\ENERCALC_6\NewMessageCheck.exe
FirewallRules: [{D4E10C58-9337-41E7-9B5D-A2D28D207A92}] => (Allow) C:\Program Files (x86)\ENERCALC_6\NewMessageCheck.exe
FirewallRules: [{C8D9D88F-8CFD-46D2-8A42-213A91DB5780}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetNewsAddr.exe
FirewallRules: [{F54F380E-7313-4AAE-9863-606513CFA746}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetNewsAddr.exe
FirewallRules: [{C6E1249B-DD23-40A5-9749-042BAED384CF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{FB2AA9B0-2645-4A9D-8218-E9CAB61F48AD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{D472C0F5-E5AE-4AC8-912B-998E0B520F1C}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10.exe
FirewallRules: [{8FAEF84E-172D-46F6-A7D4-6B3837503F36}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10.exe
FirewallRules: [{C6F1F168-7E46-43F6-8AEE-6B8F6D38D868}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10WebUpdate.EXE
FirewallRules: [{6539FBE7-C817-483E-BF84-B1AFB9C32E3A}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10WebUpdate.EXE
FirewallRules: [{66F7CD1A-C0B7-46CC-954D-CC6BC7562234}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10WebUpdateCheck.exe
FirewallRules: [{BCAB9230-87AF-4788-9AE7-6733B4C4DD1E}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10WebUpdateCheck.exe
FirewallRules: [TCP Query User{0D6842B8-B989-4A6F-9190-6E7E7F636E16}C:\program files (x86)\irfanview\i_view32.exe] => (Allow) C:\program files (x86)\irfanview\i_view32.exe
FirewallRules: [UDP Query User{E1FFC503-E169-4B70-A018-55C30F90F2A2}C:\program files (x86)\irfanview\i_view32.exe] => (Allow) C:\program files (x86)\irfanview\i_view32.exe
FirewallRules: [TCP Query User{E42ECD0A-B445-4F88-8C4D-741334C9EFEC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{2BCC2F63-190D-45BE-8068-ED66DCA6C4D8}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{1772DFB9-BB36-46CC-AA8C-CC5EDF5854EC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3FD67FED-FEE1-404A-BCD0-8BDA7D476CA0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{91D46BB9-AA7D-435A-B4E3-B74042B401C7}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10.exe
FirewallRules: [{DACCE8D0-28E1-49BF-98D5-5339BD006902}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdate.EXE
FirewallRules: [{BAE84A97-CAF7-4294-A8B0-9F248F98DB63}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdateCheck.EXE
FirewallRules: [{356E56D6-9994-4AA8-8728-2897A3F88F7D}] => (Allow) C:\Program Files (x86)\ENERCALC_6\NewMessageCheck.exe
FirewallRules: [{727914AB-4A5B-4241-AF92-B783A027B257}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetNewsAddr.exe
FirewallRules: [{6697AA2C-9ADB-4B1F-A449-E0726DE26FC0}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10.exe
FirewallRules: [{A693D2B0-5115-49C1-8F08-71982C08C6F2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{1B602813-7E5D-4052-884D-0373CC0C0D93}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F0AED9C7-C63C-46C8-BC9E-B8561F0BBE35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3AEE95F3-7680-4DC5-9DB1-31724DE79160}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{515C4054-CDFE-4E67-A4E8-70D26A3D8261}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3024F415-E35E-4FA4-99F0-BB45B678F3C3}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{BF5BCA7F-5809-4662-823E-7AAC5CE73473}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{C057C122-93C3-44CD-8E53-26032C403581}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0FE07D2B-2014-4794-A322-9A154A8F185E}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdate.EXE
FirewallRules: [{003BD0D5-82BA-4722-8194-46F47E421CEF}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdateCheck.EXE
FirewallRules: [{41DA30DA-0850-4CB4-A9C9-2B6EF96FB602}] => (Allow) C:\Program Files (x86)\ENERCALC_6\NewMessageCheck.exe
FirewallRules: [{2A54A75B-57E0-4DEC-818C-5D30CEEF5E99}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetNewsAddr.exe
FirewallRules: [TCP Query User{D6341A2E-4259-450B-A2D3-E335A75D61C1}C:\users\user\appdata\local\join.me\join.me.exe] => (Allow) C:\users\user\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{17F5F028-9E63-4173-A7B3-2EA78AC01FE6}C:\users\user\appdata\local\join.me\join.me.exe] => (Allow) C:\users\user\appdata\local\join.me\join.me.exe
FirewallRules: [{6AB5284E-BD34-457F-BB20-25FE212B240C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7621E589-789E-4961-889B-86F0D7BDB11A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BF54FA8B-9A7A-470C-9222-E07B41EE2DA9}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe
FirewallRules: [UDP Query User{F06F6413-5AF5-45D2-B2C6-8573DCFAD567}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe
FirewallRules: [{598983D9-978E-4765-9DAD-C6312C3D59E1}] => (Allow) C:\Program Files (x86)\ENERCALC_6\NewMessageCheck.exe
FirewallRules: [{BE0EB10F-F9F3-4173-9D7F-583DE3371CF8}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetNewsAddr.exe
FirewallRules: [TCP Query User{C87FFFF5-90CD-4F4A-B61D-584CE707953C}C:\program files (x86)\deviceviewer\deviceviewer.exe] => (Allow) C:\program files (x86)\deviceviewer\deviceviewer.exe
FirewallRules: [UDP Query User{22811F00-0978-465A-843F-C53A422C51B0}C:\program files (x86)\deviceviewer\deviceviewer.exe] => (Allow) C:\program files (x86)\deviceviewer\deviceviewer.exe
FirewallRules: [{6E4B313B-CB59-4BE2-808B-7269B3A56A2C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D95125E8-222E-4A3A-BEA6-D365BF3DF3D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B1DA670B-8095-4BE0-AFD6-D57C87F8F6F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{69ECCCA5-9C54-497E-9571-67C34F0D992E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{52DCCC68-801B-43C6-B38D-9DA48306D80B}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10.exe
FirewallRules: [{33DD0B90-832E-456A-A264-322A8F6DA18D}] => (Allow) C:\Program Files (x86)\ENERCALC_6\ec6.exe
FirewallRules: [{F686AC09-26C3-4370-B595-48AD851E27AE}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdate.EXE
FirewallRules: [{F593501B-5E84-418A-B8BF-FD4B488565AF}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdateCheck.EXE
FirewallRules: [{50721BA8-B823-4CD6-8598-A33499AD4385}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetLatestRSSDate.exe
FirewallRules: [{892F9F5C-390E-4BFC-86E6-6D103F0A0669}] => (Allow) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
FirewallRules: [{0BD74487-744E-45FC-84D8-9EA52EA06135}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{45253E8C-62E4-4D11-ADFF-9B65515F93E3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A48BDE68-44F2-4460-B6BB-E60DF4A27653}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E162D239-26E2-4473-A46A-3F7967869414}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{00AA437A-649F-44E0-ACFA-FF582187D578}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B7C18D48-18F0-432F-B87E-F5C8DDF8F606}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{E07603F6-F636-4EB6-A5B4-B6DCA0FDF08C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{1ECD4CAF-0744-47C4-B224-64EE20F49C9E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{698EE752-67B2-4A3C-ADA3-4F9C64D84B31}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{D2E05DE6-C967-4C1D-8C4E-AA78394C80AA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{7E58ADAD-D23D-40CC-B4DA-FA3CECFD05E9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{0023FA46-8435-425B-B12E-3DBE37E65757}] => (Allow) C:\Users\user\Downloads\uTorrent.exe
FirewallRules: [{D7B712C5-82F6-4453-BE4C-D13A15615C78}] => (Allow) C:\Users\user\Downloads\uTorrent.exe
FirewallRules: [{11A2792A-AC7D-4E63-B9CC-9B888795E2F2}] => (Allow) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
FirewallRules: [{712E463E-221C-4E9C-BB6F-A0B92BD4CED9}] => (Allow) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
FirewallRules: [{ECAEB90F-D757-4A51-A69A-E011F414A643}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{CB17B864-14CB-41D0-8920-B8D3C0BDBED8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{1F08370C-4AD4-4F62-BBFF-B9B60DFF97A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9AF4D067-AC1E-43A3-8C69-AB2B5DBB8569}C:\program files\qnap\netbak\netbak.exe] => (Allow) C:\program files\qnap\netbak\netbak.exe
FirewallRules: [UDP Query User{B902956C-7FDB-4EAD-A75D-5D26C6F01582}C:\program files\qnap\netbak\netbak.exe] => (Allow) C:\program files\qnap\netbak\netbak.exe
FirewallRules: [TCP Query User{70E61364-24B5-44F4-A5BC-9A992E3C1EEA}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe
FirewallRules: [UDP Query User{4AA159C9-F66B-4BFF-9E98-FAC09CD5BFAF}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe
FirewallRules: [{FFE7F784-56D9-4E35-AA5D-E60CB844ED4A}] => (Allow) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
FirewallRules: [{1128454E-CAEE-4D5D-9336-CEC45A5C72EC}] => (Allow) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
FirewallRules: [{0C27E5A6-C444-4A94-B7BF-7F27683787B6}] => (Allow) LPort=49208
FirewallRules: [{8CE1F5AA-960B-4D1E-BA29-93B23593BE2C}] => (Allow) LPort=5000

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

The system cannot find message text for message number 0x1069 in the message file for (null).

More help is available by typing NET HELPMSG 4201.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 31%
Total physical RAM: 8125.65 MB
Available physical RAM: 5546.04 MB
Total Virtual: 16249.46 MB
Available Virtual: 13479.97 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.37 GB) (Free:292.03 GB) NTFS
Drive s: (Computer Backups) (Network) (Total:5527.85 GB) (Free:3022.03 GB) NTFS
Drive t: (Completed Projects) (Network) (Total:5527.85 GB) (Free:3022.03 GB) NTFS
Drive u: (Large Files) (Network) (Total:5527.85 GB) (Free:3022.03 GB) NTFS
Drive v: (ESbooks) (Network) (Total:5527.85 GB) (Free:3022.03 GB) NTFS
Drive w: (Public) (Network) (Total:5527.85 GB) (Free:3022.03 GB) NTFS
Drive x: (user) (Network) (Total:5527.85 GB) (Free:3022.03 GB) NTFS
Drive y: (Public) (Network) (Total:5527.85 GB) (Free:3022.03 GB) NTFS
Drive z: (Public) (Network) (Total:5527.85 GB) (Free:3022.03 GB) NTFS

\\?\Volume{d612556d-193d-11e0-a9a0-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 5B2405A8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


 


Edited by JSntgRvr, 17 July 2018 - 07:09 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:48 PM

Posted 16 June 2018 - 01:21 AM

Hi

Welcome [:)]

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

    Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
    First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
    Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
    Please read ALL instructions carefully and perform the steps fully and in the order they are written.
    If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
    Continue to read and follow my instructions until I tell you that your machine is clean.
    If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
    Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. [:)]

Let's begin... [:)]

    Highlight the entire content of the quote box below.

    Start::  
    CMD: net stop wscsvc /y
    CMD: REG add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f
    CMD: net start wscsvc
    Startbatch:
    net stop ccmexec /y
    net stop VMAuthdService /y
    net stop winmgmt /y
    c:
    cd c:\
    cd %systemroot%\system32\wbem
    rd /S /Q repository
    regsvr32 /s %systemroot%\system32\scecli.dll
    regsvr32 /s %systemroot%\system32\userenv.dll
    mofcomp cimwin32.mof
    mofcomp cimwin32.mfl
    mofcomp rsop.mof
    mofcomp rsop.mfl
    for /f %%s in ('dir /b /s *.dll') do regsvr32 /s %%s
    for /f %%s in ('dir /b *.mof') do mofcomp %%s
    for /f %%s in ('dir /b *.mfl') do mofcomp %%s
    net start winmgmt
    net start VMAuthdService
    net start ccmexec
    Endbatch:
    S3 Autodesk Network Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [X]
    S4 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    S3 EUBAKUP0; \??\C:\Windows\system32\drivers\EUBAKUP0.sys [X]
    S3 EUBKMON0; \??\C:\Windows\system32\drivers\EUBKMON0.sys [X]
    S3 EUFDDISK0; \??\C:\Windows\system32\drivers\EUFDDISK0.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    FirewallRules: [{BAA4B523-F32F-4AD4-B1E4-2A4AE48811FD}] => (Allow) LPort=2869
    FirewallRules: [{71D7667C-5DC3-4442-AD3F-4BA95BA7AE7C}] => (Allow) LPort=1900
    FirewallRules: [{0C27E5A6-C444-4A94-B7BF-7F27683787B6}] => (Allow) LPort=49208
    FirewallRules: [{8CE1F5AA-960B-4D1E-BA29-93B23593BE2C}] => (Allow) LPort=5000
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    GroupPolicy\User: Restriction ? <==== ATTENTION
    CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
    HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\ChromeHTML: ->  <==== ATTENTION
    Task: {2E6F87AA-7A9A-4034-81C6-B5ED0BDC85AF} - System32\Tasks\{E9C4C178-F915-4B71-B75F-F4FF818759F6} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_ApDemoSetup.zip\ApDemoSetup.exe <==== ATTENTION
    Task: {3F0D8205-14CA-4748-8F4A-1AAB1D4B016E} - System32\Tasks\{3660D720-5BE9-45D9-B6A6-7220C39F2F80} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_development.zip\setup.exe <==== ATTENTION
    Task: {5AFF3E0B-9FCD-411A-83EA-CFDCB8AF1063} - System32\Tasks\task1215886846 => C:\Users\user\AppData\Local\Temp\0.5011592961588648.exe <==== ATTENTION
    Task: {6280112E-A12D-4430-90E3-DDFE37304CED} - System32\Tasks\{94F58C9C-1E21-4721-8C86-F112A0431728} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_FaxClientSetup.zip\FaxClientSetup.exe <==== ATTENTION
    Task: {A50D9715-4C47-4887-8DA2-E2EF44BE9254} - System32\Tasks\{A21972A0-CA7A-495C-A59F-E132009D3601} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp2_development.zip\setup.exe <==== ATTENTION
    Task: {CE7D6548-C447-4F97-9E89-C6E8B095E9A3} - System32\Tasks\{5DCA7706-38AA-43D4-95D1-0675D7505144} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Desktop\temp\Install.exe -d C:\Users\user\Desktop\temp <==== ATTENTION
    URLSearchHook: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
    BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No File
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
    Toolbar: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    Toolbar: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
    Toolbar: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} =>  -> No File
    ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} =>  -> No File
    ContextMenuHandlers1-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
    ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
    2014-05-20 14:49 - 2014-05-20 14:49 - 000000138 _____ () C:\Users\user\AppData\Local\TempNCMAlogs.txt
    CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\user\AppData\Local\GoToMeeting\8473\G2MOutlookAddin64.dll (LogMeIn, Inc.)
    Task: {2E6F87AA-7A9A-4034-81C6-B5ED0BDC85AF} - System32\Tasks\{E9C4C178-F915-4B71-B75F-F4FF818759F6} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_ApDemoSetup.zip\ApDemoSetup.exe <==== ATTENTION
    Task: {3F0D8205-14CA-4748-8F4A-1AAB1D4B016E} - System32\Tasks\{3660D720-5BE9-45D9-B6A6-7220C39F2F80} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_development.zip\setup.exe <==== ATTENTION
    Task: {5AFF3E0B-9FCD-411A-83EA-CFDCB8AF1063} - System32\Tasks\task1215886846 => C:\Users\user\AppData\Local\Temp\0.5011592961588648.exe <==== ATTENTION
    Task: {6280112E-A12D-4430-90E3-DDFE37304CED} - System32\Tasks\{94F58C9C-1E21-4721-8C86-F112A0431728} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_FaxClientSetup.zip\FaxClientSetup.exe <==== ATTENTION
    Task: {86FA1CC5-BA19-45DB-B513-C7333A572539} - System32\Tasks\G2MUploadTask-S-1-5-21-2924615952-200207337-2576731361-1000 => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupload.exe [2018-06-14] (LogMeIn, Inc.)
    Task: {A48CBB1D-CE4E-4F5D-8A96-2A01BF4D0F56} - System32\Tasks\G2MUpdateTask-S-1-5-21-2924615952-200207337-2576731361-1000 => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupdate.exe [2018-06-14] (LogMeIn, Inc.)
    Task: {A50D9715-4C47-4887-8DA2-E2EF44BE9254} - System32\Tasks\{A21972A0-CA7A-495C-A59F-E132009D3601} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp2_development.zip\setup.exe <==== ATTENTION
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2924615952-200207337-2576731361-1000.job => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2924615952-200207337-2576731361-1000.job => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupload.exe
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: join.me.launcher => C:\Users\user\AppData\Local\join.me.launcher\join.me.launcher.exe
    2014-05-20 14:49 - 2014-05-20 14:49 - 000000138 _____ () C:\Users\user\AppData\Local\TempNCMAlogs.txt
    Task: {2E6F87AA-7A9A-4034-81C6-B5ED0BDC85AF} - System32\Tasks\{E9C4C178-F915-4B71-B75F-F4FF818759F6} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_ApDemoSetup.zip\ApDemoSetup.exe <==== ATTENTION
    Task: {3F0D8205-14CA-4748-8F4A-1AAB1D4B016E} - System32\Tasks\{3660D720-5BE9-45D9-B6A6-7220C39F2F80} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_development.zip\setup.exe <==== ATTENTION
    Task: {5AFF3E0B-9FCD-411A-83EA-CFDCB8AF1063} - System32\Tasks\task1215886846 => C:\Users\user\AppData\Local\Temp\0.5011592961588648.exe <==== ATTENTION
    Task: {6280112E-A12D-4430-90E3-DDFE37304CED} - System32\Tasks\{94F58C9C-1E21-4721-8C86-F112A0431728} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_FaxClientSetup.zip\FaxClientSetup.exe <==== ATTENTION
    Task: {A50D9715-4C47-4887-8DA2-E2EF44BE9254} - System32\Tasks\{A21972A0-CA7A-495C-A59F-E132009D3601} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp2_development.zip\setup.exe <==== ATTENTION
    EMPTYTEMP:
    Reboot:
    End::

    Right click on the highlighted text and select Copy.
    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

    Download AdwCleaner and move it to your Desktop
    Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    Accept the EULA (I accept), then click on Scan
    Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
    Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Please re-scan with FRST.

    Double-click to run it.
    Make sure that under Optional Scans, there is a checkmark on Addition.txt.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The tool will also produce another log (Addition.txt ). Please attach this to your reply.


Edited by JSntgRvr, 17 July 2018 - 07:11 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 sitsekson

sitsekson
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 18 June 2018 - 11:05 AM

Hi JSntgRvr, thanks for your time and attention.  I was away this weekend, but here's what i got after following your instructions.

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by user (18-06-2018 08:36:33) Run:1
Running from C:\Documents and Settings\user\Desktop
Loaded Profiles: user & UpdatusUser (Available Profiles: user & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
CMD: net stop wscsvc /y
CMD: REG add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f
CMD: net start wscsvc
Startbatch:
net stop ccmexec /y
net stop VMAuthdService /y
net stop winmgmt /y
c:
cd c:\
cd %systemroot%\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %%s in ('dir /b /s *.dll') do regsvr32 /s %%s
for /f %%s in ('dir /b *.mof') do mofcomp %%s
for /f %%s in ('dir /b *.mfl') do mofcomp %%s
net start winmgmt
net start VMAuthdService
net start ccmexec
Endbatch:
S3 Autodesk Network Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [X]
S4 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EUBAKUP0; \??\C:\Windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\Windows\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\Windows\system32\drivers\EUFDDISK0.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
FirewallRules: [{BAA4B523-F32F-4AD4-B1E4-2A4AE48811FD}] => (Allow) LPort=2869
FirewallRules: [{71D7667C-5DC3-4442-AD3F-4BA95BA7AE7C}] => (Allow) LPort=1900
FirewallRules: [{0C27E5A6-C444-4A94-B7BF-7F27683787B6}] => (Allow) LPort=49208
FirewallRules: [{8CE1F5AA-960B-4D1E-BA29-93B23593BE2C}] => (Allow) LPort=5000
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\ChromeHTML: ->  <==== ATTENTION
Task: {2E6F87AA-7A9A-4034-81C6-B5ED0BDC85AF} - System32\Tasks\{E9C4C178-F915-4B71-B75F-F4FF818759F6} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_ApDemoSetup.zip\ApDemoSetup.exe <==== ATTENTION
Task: {3F0D8205-14CA-4748-8F4A-1AAB1D4B016E} - System32\Tasks\{3660D720-5BE9-45D9-B6A6-7220C39F2F80} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_development.zip\setup.exe <==== ATTENTION
Task: {5AFF3E0B-9FCD-411A-83EA-CFDCB8AF1063} - System32\Tasks\task1215886846 => C:\Users\user\AppData\Local\Temp\0.5011592961588648.exe <==== ATTENTION
Task: {6280112E-A12D-4430-90E3-DDFE37304CED} - System32\Tasks\{94F58C9C-1E21-4721-8C86-F112A0431728} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_FaxClientSetup.zip\FaxClientSetup.exe <==== ATTENTION
Task: {A50D9715-4C47-4887-8DA2-E2EF44BE9254} - System32\Tasks\{A21972A0-CA7A-495C-A59F-E132009D3601} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp2_development.zip\setup.exe <==== ATTENTION
Task: {CE7D6548-C447-4F97-9E89-C6E8B095E9A3} - System32\Tasks\{5DCA7706-38AA-43D4-95D1-0675D7505144} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Desktop\temp\Install.exe -d C:\Users\user\Desktop\temp <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} =>  -> No File
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} =>  -> No File
ContextMenuHandlers1-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
2014-05-20 14:49 - 2014-05-20 14:49 - 000000138 _____ () C:\Users\user\AppData\Local\TempNCMAlogs.txt
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\user\AppData\Local\GoToMeeting\8473\G2MOutlookAddin64.dll (LogMeIn, Inc.)
Task: {2E6F87AA-7A9A-4034-81C6-B5ED0BDC85AF} - System32\Tasks\{E9C4C178-F915-4B71-B75F-F4FF818759F6} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_ApDemoSetup.zip\ApDemoSetup.exe <==== ATTENTION
Task: {3F0D8205-14CA-4748-8F4A-1AAB1D4B016E} - System32\Tasks\{3660D720-5BE9-45D9-B6A6-7220C39F2F80} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_development.zip\setup.exe <==== ATTENTION
Task: {5AFF3E0B-9FCD-411A-83EA-CFDCB8AF1063} - System32\Tasks\task1215886846 => C:\Users\user\AppData\Local\Temp\0.5011592961588648.exe <==== ATTENTION
Task: {6280112E-A12D-4430-90E3-DDFE37304CED} - System32\Tasks\{94F58C9C-1E21-4721-8C86-F112A0431728} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_FaxClientSetup.zip\FaxClientSetup.exe <==== ATTENTION
Task: {86FA1CC5-BA19-45DB-B513-C7333A572539} - System32\Tasks\G2MUploadTask-S-1-5-21-2924615952-200207337-2576731361-1000 => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupload.exe [2018-06-14] (LogMeIn, Inc.)
Task: {A48CBB1D-CE4E-4F5D-8A96-2A01BF4D0F56} - System32\Tasks\G2MUpdateTask-S-1-5-21-2924615952-200207337-2576731361-1000 => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupdate.exe [2018-06-14] (LogMeIn, Inc.)
Task: {A50D9715-4C47-4887-8DA2-E2EF44BE9254} - System32\Tasks\{A21972A0-CA7A-495C-A59F-E132009D3601} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp2_development.zip\setup.exe <==== ATTENTION
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2924615952-200207337-2576731361-1000.job => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2924615952-200207337-2576731361-1000.job => C:\Users\user\AppData\Local\GoToMeeting\8953\g2mupload.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: join.me.launcher => C:\Users\user\AppData\Local\join.me.launcher\join.me.launcher.exe
2014-05-20 14:49 - 2014-05-20 14:49 - 000000138 _____ () C:\Users\user\AppData\Local\TempNCMAlogs.txt
Task: {2E6F87AA-7A9A-4034-81C6-B5ED0BDC85AF} - System32\Tasks\{E9C4C178-F915-4B71-B75F-F4FF818759F6} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_ApDemoSetup.zip\ApDemoSetup.exe <==== ATTENTION
Task: {3F0D8205-14CA-4748-8F4A-1AAB1D4B016E} - System32\Tasks\{3660D720-5BE9-45D9-B6A6-7220C39F2F80} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_development.zip\setup.exe <==== ATTENTION
Task: {5AFF3E0B-9FCD-411A-83EA-CFDCB8AF1063} - System32\Tasks\task1215886846 => C:\Users\user\AppData\Local\Temp\0.5011592961588648.exe <==== ATTENTION
Task: {6280112E-A12D-4430-90E3-DDFE37304CED} - System32\Tasks\{94F58C9C-1E21-4721-8C86-F112A0431728} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_FaxClientSetup.zip\FaxClientSetup.exe <==== ATTENTION
Task: {A50D9715-4C47-4887-8DA2-E2EF44BE9254} - System32\Tasks\{A21972A0-CA7A-495C-A59F-E132009D3601} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp2_development.zip\setup.exe <==== ATTENTION
EMPTYTEMP:
Reboot:

*****************


========= net stop wscsvc /y =========

The Security Center service is stopping.
The Security Center service was stopped successfully.


========= End of CMD: =========


========= REG add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f =========

The operation completed successfully.


========= End of CMD: =========


========= net start wscsvc =========

The Security Center service is starting.
The Security Center service was started successfully.


========= End of CMD: =========


========= Batch: =========
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The following services are dependent on the Windows Management Instrumentation service.
Stopping the Windows Management Instrumentation service will also stop these services.

   Security Center
   IP Helper

The Security Center service is stopping.
The Security Center service was stopped successfully.

The IP Helper service is stopping.
The IP Helper service was stopped successfully.

The Windows Management Instrumentation service is stopping.
The Windows Management Instrumentation service was stopped successfully.

Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: cimwin32.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
File 'cimwin32.mfl' not found!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: rsop.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
File 'rsop.mfl' not found!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: aeinv.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: AuditRsop.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: authfwcfg.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File authfwcfg.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: auxiliarydisplayapi.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File auxiliarydisplayapi.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: auxiliarydisplaycpl.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File auxiliarydisplaycpl.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: auxiliarydisplaydriverlib.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File auxiliarydisplaydriverlib.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: auxiliarydisplayservices.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File auxiliarydisplayservices.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: bcd.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File bcd.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: BthMtpEnum.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File BthMtpEnum.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: cimdmtf.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: cimwin32.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: cli.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: cliegaliases.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: DevicePairingHandler.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File DevicePairingHandler.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: dimsjob.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File dimsjob.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: dimsroam.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File dimsroam.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: dot3.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File dot3.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: drvinst.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File drvinst.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: DShowRdpFilter.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File DShowRdpFilter.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: dsprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: eaimeapi.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File eaimeapi.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: fdPHost.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File fdPHost.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: fdrespub.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File fdrespub.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: fdSSDP.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File fdSSDP.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: fdWNet.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File fdWNet.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: fdWSD.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File fdWSD.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: filetrace.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File filetrace.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: firewallapi.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File firewallapi.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: FunDisc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File FunDisc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: fwcfg.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File fwcfg.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: hbaapi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: hnetcfg.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: IMAPIv2-Base.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File IMAPIv2-Base.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: IMAPIv2-FileSystemSupport.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File IMAPIv2-FileSystemSupport.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: IMAPIv2-LegacyShim.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File IMAPIv2-LegacyShim.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: interop.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: IPBusEnum.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File IPBusEnum.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: ipsecsvc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File ipsecsvc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: irda.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File irda.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: irmon.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File irmon.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: iscsidsc.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: iscsihba.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: iscsiprf.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: iscsirem.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File iscsirem.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: kerberos.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: krnlprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: l2gpstore.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File l2gpstore.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: L2SecHC.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: lltdio.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File lltdio.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: lltdsvc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File lltdsvc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: lsasrv.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File lsasrv.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: mblctr.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File mblctr.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: Microsoft-Windows-OfflineFiles.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File Microsoft-Windows-OfflineFiles.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: Microsoft-Windows-Remote-FileSystem.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File Microsoft-Windows-Remote-FileSystem.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: mmc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File mmc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: mountmgr.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File mountmgr.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: mpsdrv.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File mpsdrv.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: mpssvc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File mpssvc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: msfeeds.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File msfeeds.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: msfeedsbs.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File msfeedsbs.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: msi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: msiscsi.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File msiscsi.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: mstsc.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: mstscax.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: msv1_0.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: mswmdm.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File mswmdm.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: NAPCLIENTPROV.MOF
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: NAPCLIENTSCHEMA.MOF
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: nci.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: ncprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: ncsi.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File ncsi.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: ndistrace.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: netprofm.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File netprofm.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: networkitemfactory.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File networkitemfactory.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: networkmap.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File networkmap.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: newdev.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File newdev.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: nlasvc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File nlasvc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: nlsvc.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: nshipsec.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File nshipsec.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: ntevt.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: ntfs.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File ntfs.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: OfflineFilesWmiProvider.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: OfflineFilesWmiProvider_Uninstall.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: onex.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File onex.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: p2p-collab.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File p2p-collab.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: p2p-crp.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File p2p-crp.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: p2p-mesh.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File p2p-mesh.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: p2p-pnrp.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File p2p-pnrp.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: partmgr.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File partmgr.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: pnpsetup.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File pnpsetup.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: PNPXAssoc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File PNPXAssoc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: PolicMan.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: polproc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File polproc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: polprocl.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: polprou.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File polprou.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: polstore.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File polstore.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: portabledeviceapi.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File portabledeviceapi.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: portabledeviceclassextension.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File portabledeviceclassextension.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: portabledeviceconnectapi.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File portabledeviceconnectapi.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: portabledevicetypes.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File portabledevicetypes.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: portabledevicewiacompat.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File portabledevicewiacompat.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: portabledevicewmdrm.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File portabledevicewmdrm.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: powermeterprovider.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: powerpolicyprovider.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: ppcRsopCompSchema.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: ppcRsopUserSchema.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: PrintFilterPipelineSvc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File PrintFilterPipelineSvc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: profileassociationprovider.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: qmgr.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File qmgr.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: RacWmiProv.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: rdpcore.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File rdpcore.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: rdpencom.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File rdpencom.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: rdpendp.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: regevent.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: rsop.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: rspndr.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File rspndr.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: samsrv.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File samsrv.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: scersop.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: schannel.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File schannel.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: SchedSvc.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: scm.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: scrcons.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: sdbus.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File sdbus.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: secrcw32.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: SensorsClassExtension.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File SensorsClassExtension.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: sensorscpl.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File sensorscpl.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: ServiceModel.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: ServiceModel35.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: services.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File services.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: setupapi.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File setupapi.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: smtpcons.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: sppwmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: sr.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: ssdpsrv.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: sstpsvc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File sstpsvc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: stortrace.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File stortrace.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: subscrpt.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: system.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: tcpip.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File tcpip.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: tscfgwmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: tsmf.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File tsmf.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: tspkg.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File tspkg.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: umb.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File umb.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: umbus.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File umbus.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: umpass.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File umpass.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: umpnpmgr.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File umpnpmgr.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: UserProfileWmiProvider.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: vds.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: vss.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WBEMCons.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wcncsvc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wcncsvc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: Wdf01000.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: Wdf01000Uninstall.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wdigest.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wdigest.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WFAPIGP.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File WFAPIGP.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WFP.MOF
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File WFP.MOF does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wfs.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wfs.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WgxInstalledGame.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: whqlprov.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File whqlprov.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: win32_encryptablevolume.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: Win32_EncryptableVolumeUninstall.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File Win32_EncryptableVolumeUninstall.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: win32_printer.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: Win32_Tpm.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wininit.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wininit.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: winipsec.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File winipsec.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: winlogon.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File winlogon.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: Winsat.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File Winsat.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WinsatUninstall.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File WinsatUninstall.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wlan.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wlan.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WLanHC.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wmipcima.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wmipdfs.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wmipdskq.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WmiPerfClass.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WmiPerfInst.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wmipicmp.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wmipiprt.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wmipjobj.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wmipsess.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wmitimep.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WMI_Tracing.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wmp.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wmp.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wmpnetwk.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wpc.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wpc.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wpcsprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wpcuninst.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wpdbusenum.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wpdbusenum.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wpdcomp.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wpdcomp.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wpdfs.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wpdfs.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wpdmtp.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wpdmtp.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wpdshext.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wpdshext.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WPDShServiceObj.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File WPDShServiceObj.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wpdsp.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wpdsp.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wpdwcn.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wpdwcn.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wpd_ci.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wpd_ci.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wscenter.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wscmisetup.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wscmisetup.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WSDApi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WsmAuto.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File WsmAuto.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WUDFx.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: WUDFxUninstall.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: wzcdlg.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File wzcdlg.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 6.1.7600.16385
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: xwizards.mof
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File xwizards.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
File Not Found
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.


========= End of Batch: =========

"HKLM\System\CurrentControlSet\Services\Autodesk Network Licensing Service" => removed successfully
Autodesk Network Licensing Service => service removed successfully
"HKLM\System\CurrentControlSet\Services\gusvc" => removed successfully
gusvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\dgderdrv" => removed successfully
dgderdrv => service removed successfully
"HKLM\System\CurrentControlSet\Services\EUBAKUP0" => removed successfully
EUBAKUP0 => service removed successfully
"HKLM\System\CurrentControlSet\Services\EUBKMON0" => removed successfully
EUBKMON0 => service removed successfully
"HKLM\System\CurrentControlSet\Services\EUFDDISK0" => removed successfully
EUFDDISK0 => service removed successfully
"HKLM\System\CurrentControlSet\Services\LMIInfo" => removed successfully
LMIInfo => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAA4B523-F32F-4AD4-B1E4-2A4AE48811FD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71D7667C-5DC3-4442-AD3F-4BA95BA7AE7C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C27E5A6-C444-4A94-B7BF-7F27683787B6}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8CE1F5AA-960B-4D1E-BA29-93B23593BE2C}" => not found
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\ChromeHTML" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E6F87AA-7A9A-4034-81C6-B5ED0BDC85AF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E6F87AA-7A9A-4034-81C6-B5ED0BDC85AF}" => removed successfully
C:\Windows\System32\Tasks\{E9C4C178-F915-4B71-B75F-F4FF818759F6} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E9C4C178-F915-4B71-B75F-F4FF818759F6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F0D8205-14CA-4748-8F4A-1AAB1D4B016E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F0D8205-14CA-4748-8F4A-1AAB1D4B016E}" => removed successfully
C:\Windows\System32\Tasks\{3660D720-5BE9-45D9-B6A6-7220C39F2F80} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3660D720-5BE9-45D9-B6A6-7220C39F2F80}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AFF3E0B-9FCD-411A-83EA-CFDCB8AF1063}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AFF3E0B-9FCD-411A-83EA-CFDCB8AF1063}" => removed successfully
C:\Windows\System32\Tasks\task1215886846 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task1215886846" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6280112E-A12D-4430-90E3-DDFE37304CED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6280112E-A12D-4430-90E3-DDFE37304CED}" => removed successfully
C:\Windows\System32\Tasks\{94F58C9C-1E21-4721-8C86-F112A0431728} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{94F58C9C-1E21-4721-8C86-F112A0431728}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A50D9715-4C47-4887-8DA2-E2EF44BE9254}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A50D9715-4C47-4887-8DA2-E2EF44BE9254}" => removed successfully
C:\Windows\System32\Tasks\{A21972A0-CA7A-495C-A59F-E132009D3601} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A21972A0-CA7A-495C-A59F-E132009D3601}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE7D6548-C447-4F97-9E89-C6E8B095E9A3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7D6548-C447-4F97-9E89-C6E8B095E9A3}" => removed successfully
C:\Windows\System32\Tasks\{5DCA7706-38AA-43D4-95D1-0675D7505144} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5DCA7706-38AA-43D4-95D1-0675D7505144}" => removed successfully
"HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => removed successfully
"HKLM\Software\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => removed successfully
"HKLM\Software\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => not found
"HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found
"HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => removed successfully
HKLM\Software\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => not found
"HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => removed successfully
HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\linkscanner" => removed successfully
HKLM\Software\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\off0" => removed successfully
HKLM\Software\Classes\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\off1" => removed successfully
"HKLM\Software\Classes\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Glary Utilities" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Glary Utilities" => removed successfully
"HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7}" => removed successfully
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Glary Utilities" => removed successfully
HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
C:\Users\user\AppData\Local\TempNCMAlogs.txt => moved successfully
"HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E6F87AA-7A9A-4034-81C6-B5ED0BDC85AF} => not found
"C:\Windows\System32\Tasks\{E9C4C178-F915-4B71-B75F-F4FF818759F6}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E9C4C178-F915-4B71-B75F-F4FF818759F6} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F0D8205-14CA-4748-8F4A-1AAB1D4B016E} => not found
"C:\Windows\System32\Tasks\{3660D720-5BE9-45D9-B6A6-7220C39F2F80}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3660D720-5BE9-45D9-B6A6-7220C39F2F80} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AFF3E0B-9FCD-411A-83EA-CFDCB8AF1063} => not found
"C:\Windows\System32\Tasks\task1215886846" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task1215886846 => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6280112E-A12D-4430-90E3-DDFE37304CED} => not found
"C:\Windows\System32\Tasks\{94F58C9C-1E21-4721-8C86-F112A0431728}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{94F58C9C-1E21-4721-8C86-F112A0431728} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86FA1CC5-BA19-45DB-B513-C7333A572539}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86FA1CC5-BA19-45DB-B513-C7333A572539}" => removed successfully
C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2924615952-200207337-2576731361-1000 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\G2MUploadTask-S-1-5-21-2924615952-200207337-2576731361-1000" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A48CBB1D-CE4E-4F5D-8A96-2A01BF4D0F56}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A48CBB1D-CE4E-4F5D-8A96-2A01BF4D0F56}" => removed successfully
C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2924615952-200207337-2576731361-1000 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\G2MUpdateTask-S-1-5-21-2924615952-200207337-2576731361-1000" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A50D9715-4C47-4887-8DA2-E2EF44BE9254} => not found
"C:\Windows\System32\Tasks\{A21972A0-CA7A-495C-A59F-E132009D3601}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A21972A0-CA7A-495C-A59F-E132009D3601} => not found
C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2924615952-200207337-2576731361-1000.job => moved successfully
C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2924615952-200207337-2576731361-1000.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\join.me.launcher" => removed successfully
"C:\Users\user\AppData\Local\TempNCMAlogs.txt" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E6F87AA-7A9A-4034-81C6-B5ED0BDC85AF} => not found
"C:\Windows\System32\Tasks\{E9C4C178-F915-4B71-B75F-F4FF818759F6}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E9C4C178-F915-4B71-B75F-F4FF818759F6} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F0D8205-14CA-4748-8F4A-1AAB1D4B016E} => not found
"C:\Windows\System32\Tasks\{3660D720-5BE9-45D9-B6A6-7220C39F2F80}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3660D720-5BE9-45D9-B6A6-7220C39F2F80} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AFF3E0B-9FCD-411A-83EA-CFDCB8AF1063} => not found
"C:\Windows\System32\Tasks\task1215886846" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task1215886846 => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6280112E-A12D-4430-90E3-DDFE37304CED} => not found
"C:\Windows\System32\Tasks\{94F58C9C-1E21-4721-8C86-F112A0431728}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{94F58C9C-1E21-4721-8C86-F112A0431728} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A50D9715-4C47-4887-8DA2-E2EF44BE9254} => not found
"C:\Windows\System32\Tasks\{A21972A0-CA7A-495C-A59F-E132009D3601}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A21972A0-CA7A-495C-A59F-E132009D3601} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24105495 B
Java, Flash, Steam htmlcache => 609 B
Windows/system/drivers => 263842983 B
Edge => 0 B
Chrome => 35158905 B
Firefox => 19857879 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 53181 B
systemprofile32 => 68937 B
LocalService => 1087812 B
NetworkService => 66228 B
user => 562680029 B
UpdatusUser => 66228 B
test => 0 B

RecycleBin => 6393 B
EmptyTemp: => 865 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:38:24 ====


# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-15.3
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-18-2018
# Duration: 00:00:04
# OS:       Windows 7 Professional
# Cleaned:  66
# Failed:   0


***** [ Services ] *****

Deleted       AVG Security Toolbar Service

***** [ Folders ] *****

Deleted       C:\ProgramData\AVG_UPDATE_0916AV
Deleted       C:\Program Files (x86)\myfree codec
Deleted       C:\ProgramData\AVG Security Toolbar
Deleted       C:\Users\user\AppData\Local\AVG Security Toolbar
Deleted       C:\Users\user\AppData\LocalLow\AVG Security Toolbar
Deleted       C:\ProgramData\AVG Secure Search
Deleted       C:\Program Files (x86)\AVG Secure Search
Deleted       C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
Deleted       C:\Users\user\AppData\Local\AVG Secure Search
Deleted       C:\Users\user\AppData\LocalLow\AVG Secure Search
Deleted       C:\Program Files (x86)\AVG\AVG10\Toolbar

***** [ Files ] *****

Deleted       C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKU\S-1-5-18\Software\Auslogics
Deleted       HKCU\Software\Auslogics
Deleted       HKU\.DEFAULT\Software\Auslogics
Deleted       HKLM\Software\Wow6432Node\Conduit
Deleted       HKCU\Software\Zugo
Deleted       HKCU\Software\YahooPartnerToolbar
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2924615952-200207337-2576731361-1000\Software\AVG Security Toolbar
Deleted       HKU\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar
Deleted       HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Deleted       HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
Deleted       HKLM\Software\Wow6432Node\AVG Security Toolbar
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Deleted       HKU\S-1-5-18\Software\AVG Secure Search
Deleted       HKCU\Software\AVG Secure Search
Deleted       HKU\.DEFAULT\Software\AVG Secure Search
Deleted       HKLM\Software\Wow6432Node\AVG Secure Search
Deleted       HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh
Deleted       HKLM\Software\Wow6432Node\Classes\protocols\handler\viprotocol
Deleted       HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\ViProtocol.DLL
Deleted       HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\ScriptHelper.EXE
Deleted       HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Deleted       HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Deleted       HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted       HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Deleted       HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Deleted       HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted       HKLM\Software\Classes\Search.BrowserWndAPI
Deleted       HKLM\Software\Classes\Search.PugiObj
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\services\AVG Security Toolbar Service

***** [ Chromium (and derivatives) ] *****

Deleted       AVG Security Toolbar

***** [ Chromium URLs ] *****

Deleted       Ixquick HTTP
Deleted       Ask
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [7143 octets] - [18/06/2018 08:43:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


 

Attached Files


Edited by JSntgRvr, 17 July 2018 - 07:12 PM.


#4 sitsekson

sitsekson
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 18 June 2018 - 11:07 AM

The previous post was too long so i am reposting the FRST after fix and adware cleaning. See below.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by user (administrator) on ES7 (18-06-2018 08:48:08)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
(Hilti Corporation) C:\Program Files (x86)\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2900992 2009-08-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291568 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Virtual Account Numbers] => C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe [435712 2015-07-14] (Orbiscom Ltd. All rights reserved.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\Run: [OffCAT] => C:\Users\user\AppData\Local\Microsoft\OffCAT\OffCAT_RTS.exe [365440 2016-08-01] (Microsoft Corp.)
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\MountPoints2: {d6125571-193d-11e0-a9a0-806e6f6e6963} - D:\Launcher.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Authentication Packages] msv1_0 wvauth

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{14BE6998-738F-4C93-A1F3-6E963F390B09}: [NameServer] 64.71.0.34,64.71.0.60

Internet Explorer:
==================
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {7081C6DB-5CC3-40B4-92FE-444CBD6A6BB2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {7081C6DB-5CC3-40B4-92FE-444CBD6A6BB2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> DefaultScope {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL =
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {095F5571-DC4A-4899-ADAA-5DD0DBE41DF6} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {45759AFA-AAC1-4203-B6B9-0F6FCF2DDB2F} URL = hxxp://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {7081C6DB-5CC3-40B4-92FE-444CBD6A6BB2} URL =
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Virtual Account Numbers Helper -> {17424104-1444-4810-85D7-B4DA413C5A9A} -> C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll [2015-07-14] (Orbiscom Ltd. All rights reserved.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll No File
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll [2015-07-14] (Orbiscom Ltd. All rights reserved.)
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {357A8DEC-0CAC-4D8D-9869-C2C356B844F7} hxxp://75.25.142.214/RSVideoOcx.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/RACtrl.cab

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ra7xr3sr.default-1477677048132 [2018-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-05] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 => not found
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.5.0.909 => not found
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Virtual Account Numbers
FF Extension: (Virtual Account Numbers for Firefox) - C:\Program Files (x86)\Virtual Account Numbers [2015-11-02] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-03-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-03-07] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://startpage.com/eng/"
CHR DefaultSearchURL: Default -> hxxps://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english
CHR DefaultSearchKeyword: Default -> startpage.com_
CHR DefaultSuggestURL: Default -> hxxps://startpage.com/cgi-bin/csuggest?output=json&pl=chrome&lang=english&query={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2018-06-18]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-06-15]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Search by Image (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ARcltsrv; C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe [116608 2012-12-10] (Algorithmic Research Ltd.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [318328 2018-06-14] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7670672 2018-06-14] (AVG Technologies CZ, s.r.o.)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2018-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Hilti PROFIS AutoUpdate Service; C:\Program Files (x86)\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe [213504 2015-06-19] (Hilti Corporation) [File not signed]
S2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-01-25] (Alcatel-Lucent) [File not signed]
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [29048 2018-01-17] (Microsoft)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S4 msvsmon90; c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [97552 2012-04-10] (SANDBOXIE L.T.D)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1558016 2010-02-03] (Wave Systems Corp.) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [220600 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [192536 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [336848 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [50776 2018-06-14] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [151504 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [103744 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [78352 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1020112 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [373944 2018-06-14] (AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2017-01-15] (Samsung Electronics Co., Ltd.)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [54216 2018-05-15] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1979296 2009-11-16] (Realtek Semiconductor Corp.)
S4 LMIRfsClientNP; no ImagePath
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [164528 2012-04-10] (SANDBOXIE L.T.D)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2017-01-15] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
R3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [38496 2011-08-25] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-18 08:43 - 2018-06-18 08:44 - 000000000 ____D C:\AdwCleaner
2018-06-18 08:43 - 2018-06-18 08:43 - 007372496 _____ (Malwarebytes) C:\Users\user\Desktop\adwcleaner_7.2.0.exe
2018-06-18 08:36 - 2018-06-18 08:38 - 000114672 _____ C:\Users\user\Desktop\Fixlog.txt
2018-06-15 16:29 - 2018-06-15 16:29 - 000071041 _____ C:\Users\user\Desktop\Addition.txt
2018-06-15 16:28 - 2018-06-18 08:48 - 000021041 _____ C:\Users\user\Desktop\FRST.txt
2018-06-15 16:28 - 2018-06-18 08:48 - 000000000 ____D C:\FRST
2018-06-15 16:28 - 2018-06-15 16:28 - 002413056 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2018-06-15 16:06 - 2018-06-15 16:06 - 000002161 _____ C:\Users\user\Desktop\Tweaking.com - Windows Repair.lnk
2018-06-15 16:06 - 2018-06-15 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-06-15 16:06 - 2018-06-15 16:06 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-06-15 16:05 - 2018-06-15 16:06 - 000194340 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-06-15 13:47 - 2018-06-15 13:47 - 000000000 ___HD C:\$Windows.~WS
2018-06-15 13:44 - 2018-06-15 13:44 - 019119064 _____ (Microsoft Corporation) C:\Users\user\Desktop\MediaCreationTool1803.exe
2018-06-15 11:24 - 2018-06-15 11:24 - 000001333 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 11.0.lnk
2018-06-15 11:24 - 2018-06-15 11:24 - 000001333 _____ C:\ProgramData\Desktop\EaseUS Todo Backup Free 11.0.lnk
2018-06-15 11:24 - 2018-06-15 11:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 11.0
2018-06-15 11:23 - 2018-05-10 02:42 - 000026256 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2018-06-15 11:21 - 2018-06-15 11:21 - 074752192 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\user\Desktop\tb_free.exe
2018-06-14 19:21 - 2018-03-14 10:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-06-14 19:21 - 2018-03-14 10:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-06-14 19:21 - 2018-03-14 06:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-06-14 19:20 - 2018-05-29 13:36 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-06-14 19:20 - 2018-05-29 12:40 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-06-14 19:20 - 2018-05-28 19:43 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-06-14 19:20 - 2018-05-28 19:41 - 005577408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-06-14 19:20 - 2018-05-28 19:41 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-06-14 19:20 - 2018-05-28 19:41 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-06-14 19:20 - 2018-05-28 19:41 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-06-14 19:20 - 2018-05-28 19:41 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-06-14 19:20 - 2018-05-28 19:35 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-06-14 19:20 - 2018-05-28 19:32 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-06-14 19:20 - 2018-05-28 19:32 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:25 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:03 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-06-14 19:20 - 2018-05-28 19:03 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-06-14 19:20 - 2018-05-28 19:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-06-14 19:20 - 2018-05-28 19:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-06-14 19:20 - 2018-05-28 19:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-06-14 19:20 - 2018-05-28 18:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-06-14 19:20 - 2018-05-28 18:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-06-14 19:20 - 2018-05-28 18:58 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:56 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-06-14 19:20 - 2018-05-28 18:55 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-06-14 19:20 - 2018-05-28 18:55 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-06-14 19:20 - 2018-05-28 18:54 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-06-14 19:20 - 2018-05-28 18:54 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-06-14 19:20 - 2018-05-28 17:04 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-06-14 19:20 - 2018-05-24 22:10 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-06-14 19:20 - 2018-05-24 21:59 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-06-14 19:20 - 2018-05-24 21:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-06-14 19:20 - 2018-05-24 21:46 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-06-14 19:20 - 2018-05-24 21:45 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-06-14 19:20 - 2018-05-24 21:44 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-06-14 19:20 - 2018-05-24 21:44 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-06-14 19:20 - 2018-05-24 21:44 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-06-14 19:20 - 2018-05-24 21:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-06-14 19:20 - 2018-05-24 21:38 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-06-14 19:20 - 2018-05-24 21:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-06-14 19:20 - 2018-05-24 21:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-06-14 19:20 - 2018-05-24 21:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-06-14 19:20 - 2018-05-24 21:33 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-06-14 19:20 - 2018-05-24 21:32 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-06-14 19:20 - 2018-05-24 21:32 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-06-14 19:20 - 2018-05-24 21:32 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-06-14 19:20 - 2018-05-24 21:32 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-06-14 19:20 - 2018-05-24 21:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-06-14 19:20 - 2018-05-24 21:24 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-06-14 19:20 - 2018-05-24 21:21 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-06-14 19:20 - 2018-05-24 21:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-06-14 19:20 - 2018-05-24 21:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-06-14 19:20 - 2018-05-24 21:15 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-06-14 19:20 - 2018-05-24 21:15 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-06-14 19:20 - 2018-05-24 21:14 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-06-14 19:20 - 2018-05-24 21:14 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-06-14 19:20 - 2018-05-24 21:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-06-14 19:20 - 2018-05-24 21:13 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-06-14 19:20 - 2018-05-24 21:12 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-06-14 19:20 - 2018-05-24 21:10 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-06-14 19:20 - 2018-05-24 21:10 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-06-14 19:20 - 2018-05-24 21:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-06-14 19:20 - 2018-05-24 21:08 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-06-14 19:20 - 2018-05-24 21:08 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-06-14 19:20 - 2018-05-24 21:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-06-14 19:20 - 2018-05-24 21:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-06-14 19:20 - 2018-05-24 21:06 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-06-14 19:20 - 2018-05-24 21:05 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-06-14 19:20 - 2018-05-24 21:05 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-06-14 19:20 - 2018-05-24 20:57 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-06-14 19:20 - 2018-05-24 20:57 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-06-14 19:20 - 2018-05-24 20:55 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-06-14 19:20 - 2018-05-24 20:55 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-06-14 19:20 - 2018-05-24 20:53 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-06-14 19:20 - 2018-05-24 20:53 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-06-14 19:20 - 2018-05-24 20:53 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-06-14 19:20 - 2018-05-24 20:52 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-06-14 19:20 - 2018-05-24 20:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-06-14 19:20 - 2018-05-24 20:51 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-06-14 19:20 - 2018-05-24 20:49 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-06-14 19:20 - 2018-05-24 20:48 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-06-14 19:20 - 2018-05-24 20:47 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-06-14 19:20 - 2018-05-24 20:45 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-06-14 19:20 - 2018-05-24 20:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-06-14 19:20 - 2018-05-24 20:40 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-06-14 19:20 - 2018-05-24 20:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-06-14 19:20 - 2018-05-24 20:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-06-14 19:20 - 2018-05-24 20:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-06-14 19:20 - 2018-05-24 20:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-06-14 19:20 - 2018-05-24 20:37 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-06-14 19:20 - 2018-05-24 20:29 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-06-14 19:20 - 2018-05-24 20:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-06-14 19:20 - 2018-05-24 20:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-06-14 19:20 - 2018-05-24 20:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-06-14 19:20 - 2018-05-24 20:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-06-14 19:20 - 2018-05-14 21:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-14 19:20 - 2018-05-14 20:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-06-14 19:20 - 2018-05-14 20:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-06-14 19:20 - 2018-05-14 20:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-06-14 19:20 - 2018-05-14 20:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2018-06-14 19:20 - 2018-05-14 20:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2018-06-14 19:20 - 2018-05-14 20:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2018-06-14 19:20 - 2018-05-14 20:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-06-14 19:20 - 2018-05-14 20:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-14 19:20 - 2018-05-14 20:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-06-14 19:20 - 2018-05-14 20:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2018-06-14 19:20 - 2018-05-14 20:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2018-06-14 19:20 - 2018-05-14 20:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2018-06-14 19:20 - 2018-05-14 18:20 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-14 19:20 - 2018-05-14 18:20 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-06-14 19:20 - 2018-05-11 19:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-06-14 19:20 - 2018-05-11 19:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-06-14 19:20 - 2018-05-11 19:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-06-14 19:20 - 2018-05-11 14:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-06-14 19:20 - 2018-05-11 14:19 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-06-14 19:20 - 2018-05-11 14:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-06-14 19:20 - 2018-05-10 17:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-06-14 19:20 - 2018-05-10 17:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-06-14 19:20 - 2018-05-10 17:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-06-14 19:20 - 2018-04-22 16:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-06-14 19:20 - 2018-04-22 16:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-06-14 19:20 - 2018-04-22 16:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-06-14 19:20 - 2018-04-22 16:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-06-14 19:20 - 2018-04-18 09:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-06-14 19:20 - 2018-04-18 09:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-06-14 19:20 - 2018-04-18 08:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-06-14 19:20 - 2018-04-18 08:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-06-14 19:20 - 2018-04-18 08:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-06-14 19:20 - 2018-04-18 08:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-06-14 19:20 - 2018-04-11 09:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-06-14 19:20 - 2018-04-11 09:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-06-14 19:20 - 2018-04-11 09:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-06-14 19:20 - 2018-04-11 09:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-06-14 19:20 - 2018-04-10 09:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-06-14 19:20 - 2018-04-10 09:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-06-14 19:20 - 2018-04-10 09:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-06-14 19:20 - 2018-04-10 09:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-06-14 19:20 - 2018-04-10 09:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-06-14 19:20 - 2018-04-10 09:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-06-14 19:20 - 2018-04-10 09:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-06-14 19:20 - 2018-04-10 08:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-06-14 19:20 - 2018-04-10 08:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-06-14 19:20 - 2018-04-10 08:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-06-14 19:20 - 2018-04-10 08:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-06-14 19:20 - 2018-04-07 09:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-06-14 19:20 - 2018-04-06 09:39 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-06-14 19:20 - 2018-04-06 09:38 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-06-14 19:20 - 2018-03-14 10:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-06-14 19:20 - 2018-03-14 10:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-06-14 19:20 - 2018-03-14 10:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-06-14 19:20 - 2018-03-14 10:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-06-14 19:20 - 2018-03-14 10:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-06-14 19:20 - 2018-03-14 09:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-06-14 19:20 - 2018-03-14 09:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-06-14 19:20 - 2018-03-14 09:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-06-14 19:20 - 2018-03-14 09:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-06-14 19:20 - 2018-03-14 09:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-06-14 19:20 - 2018-03-14 09:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-06-14 19:20 - 2018-03-14 09:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-06-14 19:20 - 2018-03-14 09:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-06-14 19:20 - 2018-03-14 09:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-06-14 19:20 - 2018-03-14 09:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-06-14 19:20 - 2018-03-14 09:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-06-14 19:20 - 2018-03-10 10:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-06-14 19:20 - 2018-03-09 11:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-06-14 19:20 - 2018-03-09 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-06-14 19:20 - 2018-03-09 11:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-06-14 19:20 - 2018-03-09 11:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-06-14 19:20 - 2018-03-09 11:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-06-14 19:20 - 2018-03-09 11:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-06-14 19:20 - 2018-03-09 11:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-06-14 19:20 - 2018-03-09 10:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-06-14 19:20 - 2018-03-06 11:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-06-14 19:20 - 2018-03-06 11:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-06-14 19:20 - 2018-03-06 11:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-06-14 19:20 - 2018-03-06 11:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-06-14 19:20 - 2018-03-06 11:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-06-14 19:20 - 2018-03-06 11:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-06-14 18:45 - 2018-06-14 18:45 - 000000000 ____D C:\Users\Default\AppData\Local\NVIDIA
2018-06-14 18:45 - 2018-06-14 18:45 - 000000000 ____D C:\Users\Default User\AppData\Local\NVIDIA
2018-06-14 18:44 - 2018-06-14 18:44 - 000005805 _____ C:\Windows\brndlog.txt
2018-06-14 18:38 - 2018-06-14 18:37 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-18 08:45 - 2014-01-22 20:00 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-06-18 08:45 - 2011-01-05 19:39 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-18 08:45 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-18 08:44 - 2018-02-07 17:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-18 08:44 - 2009-07-13 21:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-18 08:44 - 2009-07-13 21:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-18 08:41 - 2012-06-08 15:42 - 000000008 __RSH C:\Users\user\ntuser.pol
2018-06-18 08:41 - 2011-01-14 17:41 - 000000000 ____D C:\Users\user
2018-06-18 08:38 - 2015-09-28 18:48 - 000000000 ____D C:\Users\user\AppData\LocalLow\Temp
2018-06-18 08:37 - 2009-07-13 22:13 - 000801042 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-18 08:37 - 2009-07-13 20:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-06-18 08:37 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-06-18 08:35 - 2011-01-05 17:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-17 22:30 - 2016-03-02 18:33 - 000000316 _____ C:\Windows\Tasks\NetBak-ES7-user-Job1.job
2018-06-16 12:00 - 2016-01-20 11:59 - 000000316 _____ C:\Windows\Tasks\NetBak-ES7-user-Job2.job
2018-06-15 16:09 - 2018-03-23 16:51 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2018-06-15 13:47 - 2015-08-18 19:34 - 000000000 ____D C:\Windows\Panther
2018-06-15 13:39 - 2011-01-14 18:43 - 000116640 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-15 13:38 - 2009-07-13 21:45 - 000464448 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-15 13:28 - 2011-01-05 17:57 - 000000000 ____D C:\ProgramData\Dell
2018-06-15 11:30 - 2018-03-29 17:08 - 000000000 ____D C:\Windows\system32\config\regsave
2018-06-15 11:22 - 2018-03-29 15:13 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-06-15 09:29 - 2014-12-18 10:52 - 000000000 ____D C:\Windows\system32\appraiser
2018-06-15 09:17 - 2017-10-11 03:16 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-15 09:17 - 2013-09-12 10:28 - 000000000 ____D C:\Windows\system32\MRT
2018-06-15 09:17 - 2011-01-17 15:08 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-15 04:40 - 2013-12-04 16:48 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-15 04:40 - 2013-12-04 16:48 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-15 04:40 - 2013-12-04 16:48 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-06-14 18:57 - 2015-04-01 09:53 - 000000000 ____D C:\Users\user\AppData\Local\Avg
2018-06-14 18:46 - 2009-07-13 22:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-06-14 18:44 - 2009-07-13 21:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-06-14 18:42 - 2015-04-01 09:51 - 000000000 ____D C:\ProgramData\AVG
2018-06-14 18:42 - 2011-01-17 15:56 - 000000000 ____D C:\Program Files (x86)\AVG
2018-06-14 18:38 - 2017-05-17 11:13 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-06-14 18:37 - 2017-11-28 03:24 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000151504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000078352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-06-14 18:36 - 2017-05-17 11:13 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2018-06-14 18:33 - 2018-03-08 13:29 - 000000000 ____D C:\Users\user\AppData\Local\GoToMeeting
2018-06-14 18:33 - 2012-09-24 16:42 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-14 18:33 - 2012-09-24 16:42 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-14 18:31 - 2015-04-23 14:05 - 000000000 ____D C:\Users\user\AppData\Local\Akamai

==================== Files in the root of some directories =======

2011-01-17 11:20 - 2011-01-17 11:20 - 000000075 _____ () C:\ProgramData\nvUnsupRes.dat
2014-05-06 11:02 - 2014-06-22 08:49 - 000000000 ____N () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-04-19 16:59 - 2012-04-19 17:08 - 000038482 _____ () C:\Users\user\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-02-26 13:21 - 2014-12-09 14:51 - 000003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 14:09 - 2013-06-19 14:09 - 000000093 _____ () C:\Users\user\AppData\Local\fusioncache.dat
2018-02-05 16:09 - 2018-02-07 18:31 - 000000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2011-05-17 16:13 - 2016-06-29 17:41 - 000007632 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\ssprs.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2012-06-18 00:03

==================== End of FRST.txt ============================



 


Edited by JSntgRvr, 17 July 2018 - 07:14 PM.


#5 sitsekson

sitsekson
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 18 June 2018 - 03:55 PM

Hi,

 

BTW, after following the steps in your last email, there are no improvements.  The windows defender is still off and can't be turned on (nothing happens when try to turn it on from the bottom right of the screen notification area andwhen i go through the CP to turn it on, the error message says that it is blocked by group policy, code 0x0800704ec).  

 

The MS outlook 2013 still doesn't move past looking for credential tiles windows security window.

 

Thanks



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:48 PM

Posted 18 June 2018 - 07:47 PM

    Highlight the entire content of the quote box below.

    Start::
    C:\Windows\SysWOW64\ssprs.dll
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    FirewallRules: [{7020A349-DF86-4694-9D83-AD2FD9745782}] => (Allow) LPort=49214
    FirewallRules: [{1A6DBEAF-4C00-49A5-80C3-63457F8A88E3}] => (Allow) LPort=5000
    CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
    Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll No File
    End::

    Right click on the highlighted text and select Copy.
    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
 
RQKuhw1.pngRogueKiller

    Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    Wait for the scan to complete
    On completion, the results will be displayed
    Check every single entry (threat found), and click on the Remove Selected button
    On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    This will open the report in Notepad. Copy/paste its content in your next reply


Edited by JSntgRvr, 17 July 2018 - 07:14 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 sitsekson

sitsekson
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 18 June 2018 - 08:47 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by user (18-06-2018 18:06:48) Run:2
Running from C:\Users\user\Desktop
Loaded Profiles: user & user_i (Available Profiles: user & UpdatusUser & user_i)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Windows\SysWOW64\ssprs.dll
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FirewallRules: [{7020A349-DF86-4694-9D83-AD2FD9745782}] => (Allow) LPort=49214
FirewallRules: [{1A6DBEAF-4C00-49A5-80C3-63457F8A88E3}] => (Allow) LPort=5000
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll No File

*****************

C:\Windows\SysWOW64\ssprs.dll => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7020A349-DF86-4694-9D83-AD2FD9745782}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A6DBEAF-4C00-49A5-80C3-63457F8A88E3}" => not found
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully

==== End of Fixlog 18:06:52 ====

RogueKiller V12.12.23.0 (x64) [Jun 18 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 06/18/2018 18:16:27 (Duration : 00:30:36)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[Tr.Gen] (X64) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Update -> Found
[Tr.Gen] (X86) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Update -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1003\Software\MyFree Codec -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1003\Software\MyFree Codec -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1003\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_JUNE2013_TB : "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB [x] -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1003\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_JUNE2013_TB : "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB [x] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen3][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 5 ¤¤¤
[PUP.Gen2][Firefox:Addon] ra7xr3sr.default-1477677048132 : AVG Security Toolbar [avg@toolbar] -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://startpage.com/eng/] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [startpage.com_] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://startpage.com/cgi-bin/csuggest?output=json&pl=chrome&lang=english&query={searchTerms}] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SSD PLUS 480 GB ATA Device +++++
--- User ---
[MBR] 9181b5f043b671f1701b63a34f2b35a2
[BSP] ad5449b32c2aa69b830716ca04908dd6 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 750 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1617920 | Size: 457080 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk Cruzer Glide USB Device +++++
--- User ---
[MBR] 26faee8dab6716ad86b131ce497412c1
[BSP] 89a724a17f2c15e6e441ab4d3c37914e : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 14954 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

 


Edited by JSntgRvr, 17 July 2018 - 07:15 PM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:48 PM

Posted 18 June 2018 - 08:53 PM

    Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
    Ran by user (18-06-2018 18:06:48) Run:2
    Running from C:\Users\user\Desktop
    Loaded Profiles: user & user_i (Available Profiles: user & UpdatusUser & user_i)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    C:\Windows\SysWOW64\ssprs.dll
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    FirewallRules: [{7020A349-DF86-4694-9D83-AD2FD9745782}] => (Allow) LPort=49214
    FirewallRules: [{1A6DBEAF-4C00-49A5-80C3-63457F8A88E3}] => (Allow) LPort=5000
    CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
    Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll No File

    *****************

    C:\Windows\SysWOW64\ssprs.dll => moved successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7020A349-DF86-4694-9D83-AD2FD9745782}" => not found
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A6DBEAF-4C00-49A5-80C3-63457F8A88E3}" => not found
    CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
    "HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully

    ==== End of Fixlog 18:06:52 ====

    RogueKiller V12.12.23.0 (x64) [Jun 18 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : user [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Scan -- Date : 06/18/2018 18:16:27 (Duration : 00:30:36)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 16 ¤¤¤
    [Tr.Gen] (X64) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Update -> Found
    [Tr.Gen] (X86) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Update -> Found
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1003\Software\MyFree Codec -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1003\Software\MyFree Codec -> Found
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1003\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_JUNE2013_TB : "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB [x] -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1003\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_JUNE2013_TB : "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB [x] -> Found
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2924615952-200207337-2576731361-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 1 ¤¤¤
    [PUP.Gen3][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml -> Found

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 5 ¤¤¤
    [PUP.Gen2][Firefox:Addon] ra7xr3sr.default-1477677048132 : AVG Security Toolbar [avg@toolbar] -> Found
    [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://startpage.com/eng/] -> Found
    [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [startpage.com_] -> Found
    [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english] -> Found
    [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://startpage.com/cgi-bin/csuggest?output=json&pl=chrome&lang=english&query={searchTerms}] -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SanDisk SSD PLUS 480 GB ATA Device +++++
    --- User ---
    [MBR] 9181b5f043b671f1701b63a34f2b35a2
    [BSP] ad5449b32c2aa69b830716ca04908dd6 : HP|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 750 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1617920 | Size: 457080 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SanDisk Cruzer Glide USB Device +++++
    --- User ---
    [MBR] 26faee8dab6716ad86b131ce497412c1
    [BSP] 89a724a17f2c15e6e441ab4d3c37914e : Legit.Unknown|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 14954 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


Were the RogueKiller findings removed?


Edited by JSntgRvr, 17 July 2018 - 07:16 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 sitsekson

sitsekson
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 19 June 2018 - 09:02 AM

Yes, the RogueKiller findings were removed, albeit after i copied and pasted the results.  Sorry.


Here are the results of the latest actions you requested that i follow:


Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by user (19-06-2018 06:56:21) Run:3
Running from C:\Users\user\Desktop
Loaded Profiles: user & UpdatusUser & user_i (Available Profiles: user & UpdatusUser & user_i)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Windows\SysWOW64\ssprs.dll
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FirewallRules: [{7020A349-DF86-4694-9D83-AD2FD9745782}] => (Allow) LPort=49214
FirewallRules: [{1A6DBEAF-4C00-49A5-80C3-63457F8A88E3}] => (Allow) LPort=5000
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll No File

*****************

"C:\Windows\SysWOW64\ssprs.dll" => not found
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7020A349-DF86-4694-9D83-AD2FD9745782}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A6DBEAF-4C00-49A5-80C3-63457F8A88E3}" => not found
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233}" => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found

==== End of Fixlog 06:56:31 ====

I am rerunning the Roguekiller and will post the results after its done (its taking a while)


Edited by JSntgRvr, 17 July 2018 - 07:17 PM.


#10 sitsekson

sitsekson
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 19 June 2018 - 12:40 PM

RogueKiller V12.12.23.0 (x64) [Jun 18 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 06/19/2018 07:03:40 (Duration : 00:30:55)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SSD PLUS 480 GB ATA Device +++++
--- User ---
[MBR] 9181b5f043b671f1701b63a34f2b35a2
[BSP] ad5449b32c2aa69b830716ca04908dd6 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 750 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1617920 | Size: 457080 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk Cruzer Glide USB Device +++++
--- User ---
[MBR] 26faee8dab6716ad86b131ce497412c1
[BSP] 89a724a17f2c15e6e441ab4d3c37914e : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 14954 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


Edited by JSntgRvr, 17 July 2018 - 07:18 PM.


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:48 PM

Posted 19 June 2018 - 02:56 PM

How is it doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 sitsekson

sitsekson
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 19 June 2018 - 06:36 PM

well, it's going OK, i still have a problem turning on the Windows Defender, my outlook 2013 doesn't work and can't be uninstalled or repaired, and MS office acts kind of weird.  On reboot i got a blue screen of death...  Perhaps, i had more windows damage that you could help me with.  I tried to download the Dell Windows 7 reinstallation, but i get an error when i ran it.

 

Any other ideas?

 

Thanks



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:48 PM

Posted 19 June 2018 - 07:46 PM

We weren't able to see the event viewer in the addition.txt before, lets perform another scan.

 

 

  • Right-click FRST  and select run as Administrator.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

Please download MiniToolBox and run it.

Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Click Go and post the result.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 sitsekson

sitsekson
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 19 June 2018 - 08:07 PM

Hi, attached please see the Dell USB Recover disk error log if it is of any help.  Thank you.

Attached Files



#15 sitsekson

sitsekson
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 19 June 2018 - 08:10 PM

Thanks, here you go:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.06.2018
Ran by user (administrator) on ES7 (19-06-2018 18:03:13)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & UpdatusUser & user_i)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
(Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe
(Hilti Corporation) C:\Program Files (x86)\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
() C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2900992 2009-08-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291568 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Virtual Account Numbers] => C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe [435712 2015-07-14] (Orbiscom Ltd. All rights reserved.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\Run: [OffCAT] => C:\Users\user\AppData\Local\Microsoft\OffCAT\OffCAT_RTS.exe [365440 2016-08-01] (Microsoft Corp.)
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Authentication Packages] msv1_0 wvauth

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{14BE6998-738F-4C93-A1F3-6E963F390B09}: [NameServer] 64.71.0.34,64.71.0.60

Internet Explorer:
==================
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {7081C6DB-5CC3-40B4-92FE-444CBD6A6BB2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {7081C6DB-5CC3-40B4-92FE-444CBD6A6BB2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> DefaultScope {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL =
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {095F5571-DC4A-4899-ADAA-5DD0DBE41DF6} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {45759AFA-AAC1-4203-B6B9-0F6FCF2DDB2F} URL = hxxp://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {7081C6DB-5CC3-40B4-92FE-444CBD6A6BB2} URL =
SearchScopes: HKU\S-1-5-21-2924615952-200207337-2576731361-1000 -> {94CE400D-A949-44B4-BB05-6C2FD7443CC1} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Virtual Account Numbers Helper -> {17424104-1444-4810-85D7-B4DA413C5A9A} -> C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll [2015-07-14] (Orbiscom Ltd. All rights reserved.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-03-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll [2015-07-14] (Orbiscom Ltd. All rights reserved.)
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {357A8DEC-0CAC-4D8D-9869-C2C356B844F7} hxxp://75.25.142.214/RSVideoOcx.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/RACtrl.cab

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ra7xr3sr.default-1477677048132 [2018-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-05] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 => not found
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.5.0.909 => not found
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Virtual Account Numbers
FF Extension: (Virtual Account Numbers for Firefox) - C:\Program Files (x86)\Virtual Account Numbers [2015-11-02] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-03-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-03-07] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2018-06-19]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-06-15]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Search by Image (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-07] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeWMP/wmpChromeupdates.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ARcltsrv; C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe [116608 2012-12-10] (Algorithmic Research Ltd.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [318328 2018-06-14] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7670672 2018-06-14] (AVG Technologies CZ, s.r.o.)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2018-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Hilti PROFIS AutoUpdate Service; C:\Program Files (x86)\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe [213504 2015-06-19] (Hilti Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-01-25] (Alcatel-Lucent) [File not signed]
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [29048 2018-01-17] (Microsoft)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S4 msvsmon90; c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [97552 2012-04-10] (SANDBOXIE L.T.D)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1558016 2010-02-03] (Wave Systems Corp.) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [220600 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [192536 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [336848 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [50776 2018-06-14] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [151504 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [103744 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [78352 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1020112 2018-06-14] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-06-14] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [373944 2018-06-14] (AVG Technologies CZ, s.r.o.)
R2 BASFND; C:\Program Files\Broadcom\WMI\BASFND.sys [15200 2009-07-07] (Broadcom Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2017-01-15] (Samsung Electronics Co., Ltd.)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [54216 2018-05-15] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1979296 2009-11-16] (Realtek Semiconductor Corp.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-19] (Malwarebytes)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [164528 2012-04-10] (SANDBOXIE L.T.D)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2017-01-15] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
R3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [38496 2011-08-25] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-19 18:03 - 2018-06-19 18:03 - 000892416 _____ (Farbar) C:\Users\user\Desktop\MiniToolBox.exe
2018-06-19 18:03 - 2018-06-19 18:03 - 000000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2018-06-19 16:38 - 2018-06-19 16:38 - 647484171 _____ C:\Windows\MEMORY.DMP
2018-06-19 16:38 - 2018-06-19 16:38 - 000347856 _____ C:\Windows\Minidump\061918-18096-01.dmp
2018-06-19 16:38 - 2018-06-19 16:38 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2018-06-18 18:16 - 2018-06-19 07:03 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-06-18 18:15 - 2018-06-18 18:54 - 000000000 ____D C:\ProgramData\RogueKiller
2018-06-18 18:15 - 2018-06-18 18:15 - 000000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-06-18 18:15 - 2018-06-18 18:15 - 000000860 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2018-06-18 18:15 - 2018-06-18 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-06-18 18:15 - 2018-06-18 18:15 - 000000000 ____D C:\Program Files\RogueKiller
2018-06-18 16:48 - 2018-06-18 16:48 - 000000000 ____D C:\Users\user_i\AppData\Roaming\AVG
2018-06-18 16:48 - 2018-06-18 16:48 - 000000000 ____D C:\Users\user_i\AppData\Local\CEF
2018-06-18 16:47 - 2018-06-18 16:47 - 000000000 ____D C:\Users\user_i\AppData\Local\Avg
2018-06-18 16:46 - 2018-06-18 16:46 - 000116640 _____ C:\Users\user_i\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-18 16:45 - 2018-06-18 18:08 - 000000000 ____D C:\Users\user_i\AppData\Local\Google
2018-06-18 16:45 - 2018-06-18 16:45 - 000001415 _____ C:\Users\user_i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-18 16:45 - 2018-06-18 16:45 - 000000020 ___SH C:\Users\user_i\ntuser.ini
2018-06-18 16:45 - 2018-06-18 16:45 - 000000000 ___RD C:\Users\user_i\Virtual Machines
2018-06-18 16:45 - 2018-06-18 16:45 - 000000000 ____D C:\Users\user_i\AppData\Roaming\Adobe
2018-06-18 16:45 - 2018-06-18 16:45 - 000000000 ____D C:\Users\user_i
2018-06-18 16:45 - 2018-06-14 18:45 - 000000000 ____D C:\Users\user_i\AppData\Local\NVIDIA
2018-06-18 16:45 - 2012-10-25 08:44 - 000000000 ____D C:\Users\user_i\AppData\Roaming\TuneUp Software
2018-06-18 16:45 - 2011-01-17 10:56 - 000000000 ____D C:\Users\user_i\AppData\Local\Microsoft Help
2018-06-18 16:45 - 2009-07-14 00:45 - 000000000 ____D C:\Users\user_i\AppData\Roaming\Media Center Programs
2018-06-18 16:03 - 2018-06-18 16:04 - 017337589 _____ C:\Users\user\Desktop\cd140201.zip
2018-06-18 15:28 - 2018-06-18 15:29 - 000000000 ____D C:\Program Files\PSTools
2018-06-18 15:28 - 2018-06-18 15:28 - 002823905 _____ C:\Users\user\Desktop\PSTools.zip
2018-06-18 11:32 - 2018-06-19 16:38 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-18 11:32 - 2018-06-18 11:35 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-18 11:32 - 2018-06-18 11:32 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-18 11:32 - 2018-06-18 11:32 - 000001869 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2018-06-18 11:32 - 2018-06-18 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-18 11:32 - 2018-06-18 11:32 - 000000000 ____D C:\ProgramData\MB2Migration
2018-06-18 11:32 - 2018-06-18 11:32 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-18 08:43 - 2018-06-18 08:44 - 000000000 ____D C:\AdwCleaner
2018-06-18 08:36 - 2018-06-19 06:56 - 000002092 _____ C:\Users\user\Desktop\Fixlog.txt
2018-06-15 16:29 - 2018-06-18 08:48 - 000060389 _____ C:\Users\user\Desktop\Addition.txt
2018-06-15 16:28 - 2018-06-19 18:03 - 002413056 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2018-06-15 16:28 - 2018-06-19 18:03 - 000020839 _____ C:\Users\user\Desktop\FRST.txt
2018-06-15 16:28 - 2018-06-19 18:03 - 000000000 ____D C:\FRST
2018-06-15 16:06 - 2018-06-15 16:06 - 000002161 _____ C:\Users\user\Desktop\Tweaking.com - Windows Repair.lnk
2018-06-15 16:06 - 2018-06-15 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-06-15 16:06 - 2018-06-15 16:06 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-06-15 16:05 - 2018-06-15 16:06 - 000194340 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-06-15 13:47 - 2018-06-15 13:47 - 000000000 ___HD C:\$Windows.~WS
2018-06-15 13:44 - 2018-06-15 13:44 - 019119064 _____ (Microsoft Corporation) C:\Users\user\Desktop\MediaCreationTool1803.exe
2018-06-15 11:24 - 2018-06-15 11:24 - 000001333 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 11.0.lnk
2018-06-15 11:24 - 2018-06-15 11:24 - 000001333 _____ C:\ProgramData\Desktop\EaseUS Todo Backup Free 11.0.lnk
2018-06-15 11:24 - 2018-06-15 11:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 11.0
2018-06-15 11:23 - 2018-05-10 02:42 - 000026256 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2018-06-15 11:21 - 2018-06-15 11:21 - 074752192 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\user\Desktop\tb_free.exe
2018-06-14 19:21 - 2018-03-14 10:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-06-14 19:21 - 2018-03-14 10:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-06-14 19:21 - 2018-03-14 06:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-06-14 19:21 - 2018-03-14 06:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-06-14 19:20 - 2018-05-29 13:36 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-06-14 19:20 - 2018-05-29 12:40 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-06-14 19:20 - 2018-05-28 19:43 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-06-14 19:20 - 2018-05-28 19:41 - 005577408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-06-14 19:20 - 2018-05-28 19:41 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-06-14 19:20 - 2018-05-28 19:41 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-06-14 19:20 - 2018-05-28 19:41 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-06-14 19:20 - 2018-05-28 19:41 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-06-14 19:20 - 2018-05-28 19:35 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-06-14 19:20 - 2018-05-28 19:32 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-06-14 19:20 - 2018-05-28 19:32 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:25 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 19:03 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-06-14 19:20 - 2018-05-28 19:03 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-06-14 19:20 - 2018-05-28 19:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-06-14 19:20 - 2018-05-28 19:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-06-14 19:20 - 2018-05-28 19:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-06-14 19:20 - 2018-05-28 18:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-06-14 19:20 - 2018-05-28 18:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-06-14 19:20 - 2018-05-28 18:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-06-14 19:20 - 2018-05-28 18:58 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-06-14 19:20 - 2018-05-28 18:56 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-06-14 19:20 - 2018-05-28 18:55 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-06-14 19:20 - 2018-05-28 18:55 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-06-14 19:20 - 2018-05-28 18:54 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-06-14 19:20 - 2018-05-28 18:54 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-06-14 19:20 - 2018-05-28 17:04 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-06-14 19:20 - 2018-05-24 22:10 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-06-14 19:20 - 2018-05-24 21:59 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-06-14 19:20 - 2018-05-24 21:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-06-14 19:20 - 2018-05-24 21:46 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-06-14 19:20 - 2018-05-24 21:45 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-06-14 19:20 - 2018-05-24 21:44 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-06-14 19:20 - 2018-05-24 21:44 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-06-14 19:20 - 2018-05-24 21:44 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-06-14 19:20 - 2018-05-24 21:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-06-14 19:20 - 2018-05-24 21:38 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-06-14 19:20 - 2018-05-24 21:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-06-14 19:20 - 2018-05-24 21:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-06-14 19:20 - 2018-05-24 21:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-06-14 19:20 - 2018-05-24 21:33 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-06-14 19:20 - 2018-05-24 21:32 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-06-14 19:20 - 2018-05-24 21:32 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-06-14 19:20 - 2018-05-24 21:32 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-06-14 19:20 - 2018-05-24 21:32 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-06-14 19:20 - 2018-05-24 21:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-06-14 19:20 - 2018-05-24 21:24 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-06-14 19:20 - 2018-05-24 21:21 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-06-14 19:20 - 2018-05-24 21:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-06-14 19:20 - 2018-05-24 21:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-06-14 19:20 - 2018-05-24 21:15 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-06-14 19:20 - 2018-05-24 21:15 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-06-14 19:20 - 2018-05-24 21:14 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-06-14 19:20 - 2018-05-24 21:14 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-06-14 19:20 - 2018-05-24 21:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-06-14 19:20 - 2018-05-24 21:13 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-06-14 19:20 - 2018-05-24 21:12 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-06-14 19:20 - 2018-05-24 21:10 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-06-14 19:20 - 2018-05-24 21:10 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-06-14 19:20 - 2018-05-24 21:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-06-14 19:20 - 2018-05-24 21:08 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-06-14 19:20 - 2018-05-24 21:08 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-06-14 19:20 - 2018-05-24 21:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-06-14 19:20 - 2018-05-24 21:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-06-14 19:20 - 2018-05-24 21:06 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-06-14 19:20 - 2018-05-24 21:05 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-06-14 19:20 - 2018-05-24 21:05 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-06-14 19:20 - 2018-05-24 20:57 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-06-14 19:20 - 2018-05-24 20:57 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-06-14 19:20 - 2018-05-24 20:55 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-06-14 19:20 - 2018-05-24 20:55 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-06-14 19:20 - 2018-05-24 20:53 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-06-14 19:20 - 2018-05-24 20:53 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-06-14 19:20 - 2018-05-24 20:53 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-06-14 19:20 - 2018-05-24 20:52 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-06-14 19:20 - 2018-05-24 20:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-06-14 19:20 - 2018-05-24 20:51 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-06-14 19:20 - 2018-05-24 20:49 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-06-14 19:20 - 2018-05-24 20:48 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-06-14 19:20 - 2018-05-24 20:47 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-06-14 19:20 - 2018-05-24 20:45 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-06-14 19:20 - 2018-05-24 20:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-06-14 19:20 - 2018-05-24 20:40 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-06-14 19:20 - 2018-05-24 20:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-06-14 19:20 - 2018-05-24 20:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-06-14 19:20 - 2018-05-24 20:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-06-14 19:20 - 2018-05-24 20:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-06-14 19:20 - 2018-05-24 20:37 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-06-14 19:20 - 2018-05-24 20:29 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-06-14 19:20 - 2018-05-24 20:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-06-14 19:20 - 2018-05-24 20:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-06-14 19:20 - 2018-05-24 20:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-06-14 19:20 - 2018-05-24 20:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-06-14 19:20 - 2018-05-14 21:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-14 19:20 - 2018-05-14 20:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-06-14 19:20 - 2018-05-14 20:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-06-14 19:20 - 2018-05-14 20:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-06-14 19:20 - 2018-05-14 20:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2018-06-14 19:20 - 2018-05-14 20:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2018-06-14 19:20 - 2018-05-14 20:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2018-06-14 19:20 - 2018-05-14 20:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-06-14 19:20 - 2018-05-14 20:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-14 19:20 - 2018-05-14 20:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-06-14 19:20 - 2018-05-14 20:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2018-06-14 19:20 - 2018-05-14 20:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2018-06-14 19:20 - 2018-05-14 20:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2018-06-14 19:20 - 2018-05-14 18:20 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-14 19:20 - 2018-05-14 18:20 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-06-14 19:20 - 2018-05-11 19:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-06-14 19:20 - 2018-05-11 19:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-06-14 19:20 - 2018-05-11 19:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-06-14 19:20 - 2018-05-11 14:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-06-14 19:20 - 2018-05-11 14:19 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-06-14 19:20 - 2018-05-11 14:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-06-14 19:20 - 2018-05-10 17:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-06-14 19:20 - 2018-05-10 17:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-06-14 19:20 - 2018-05-10 17:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-06-14 19:20 - 2018-04-22 17:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-06-14 19:20 - 2018-04-22 16:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-06-14 19:20 - 2018-04-22 16:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-06-14 19:20 - 2018-04-22 16:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-06-14 19:20 - 2018-04-22 16:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-06-14 19:20 - 2018-04-18 09:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-06-14 19:20 - 2018-04-18 09:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-06-14 19:20 - 2018-04-18 08:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-06-14 19:20 - 2018-04-18 08:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-06-14 19:20 - 2018-04-18 08:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-06-14 19:20 - 2018-04-18 08:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-06-14 19:20 - 2018-04-11 09:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-06-14 19:20 - 2018-04-11 09:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-06-14 19:20 - 2018-04-11 09:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-06-14 19:20 - 2018-04-11 09:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-06-14 19:20 - 2018-04-10 09:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-06-14 19:20 - 2018-04-10 09:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-06-14 19:20 - 2018-04-10 09:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-06-14 19:20 - 2018-04-10 09:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-06-14 19:20 - 2018-04-10 09:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-06-14 19:20 - 2018-04-10 09:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-06-14 19:20 - 2018-04-10 09:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-06-14 19:20 - 2018-04-10 08:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-06-14 19:20 - 2018-04-10 08:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-06-14 19:20 - 2018-04-10 08:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-06-14 19:20 - 2018-04-10 08:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-06-14 19:20 - 2018-04-07 09:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-06-14 19:20 - 2018-04-06 09:39 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-06-14 19:20 - 2018-04-06 09:38 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-06-14 19:20 - 2018-03-14 10:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-06-14 19:20 - 2018-03-14 10:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-06-14 19:20 - 2018-03-14 10:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-06-14 19:20 - 2018-03-14 10:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-06-14 19:20 - 2018-03-14 10:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-06-14 19:20 - 2018-03-14 09:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-06-14 19:20 - 2018-03-14 09:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-06-14 19:20 - 2018-03-14 09:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-06-14 19:20 - 2018-03-14 09:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-06-14 19:20 - 2018-03-14 09:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-06-14 19:20 - 2018-03-14 09:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-06-14 19:20 - 2018-03-14 09:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-06-14 19:20 - 2018-03-14 09:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-06-14 19:20 - 2018-03-14 09:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-06-14 19:20 - 2018-03-14 09:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-06-14 19:20 - 2018-03-14 09:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-06-14 19:20 - 2018-03-10 10:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-06-14 19:20 - 2018-03-09 11:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-06-14 19:20 - 2018-03-09 11:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-06-14 19:20 - 2018-03-09 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-06-14 19:20 - 2018-03-09 11:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-06-14 19:20 - 2018-03-09 11:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-06-14 19:20 - 2018-03-09 11:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-06-14 19:20 - 2018-03-09 11:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-06-14 19:20 - 2018-03-09 11:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-06-14 19:20 - 2018-03-09 10:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-06-14 19:20 - 2018-03-06 11:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-06-14 19:20 - 2018-03-06 11:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-06-14 19:20 - 2018-03-06 11:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-06-14 19:20 - 2018-03-06 11:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-06-14 19:20 - 2018-03-06 11:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-06-14 19:20 - 2018-03-06 11:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-06-14 19:20 - 2018-01-25 07:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-06-14 18:45 - 2018-06-14 18:45 - 000000000 ____D C:\Users\Default\AppData\Local\NVIDIA
2018-06-14 18:45 - 2018-06-14 18:45 - 000000000 ____D C:\Users\Default User\AppData\Local\NVIDIA
2018-06-14 18:44 - 2018-06-14 18:44 - 000005805 _____ C:\Windows\brndlog.txt
2018-06-14 18:38 - 2018-06-14 18:37 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-19 16:47 - 2009-07-13 21:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-19 16:47 - 2009-07-13 21:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-19 16:43 - 2009-07-13 22:13 - 000801042 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-19 16:43 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-06-19 16:38 - 2015-09-15 18:23 - 000000000 ____D C:\Windows\Minidump
2018-06-19 16:38 - 2014-01-22 20:00 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-06-19 16:38 - 2011-01-05 19:39 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-19 16:38 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-18 22:30 - 2016-03-02 18:33 - 000000316 _____ C:\Windows\Tasks\NetBak-ES7-user-Job1.job
2018-06-18 16:47 - 2017-05-29 12:14 - 000000000 ____D C:\SBEDS_W_v1.1.1
2018-06-18 16:45 - 2009-07-13 21:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-06-18 16:04 - 2014-02-01 17:35 - 017942528 _____ C:\Users\user\Desktop\cd140201.iso
2018-06-18 11:32 - 2015-03-04 18:15 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-06-18 11:32 - 2014-01-08 16:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-18 08:44 - 2018-02-07 17:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-18 08:41 - 2012-06-08 15:42 - 000000008 __RSH C:\Users\user\ntuser.pol
2018-06-18 08:41 - 2011-01-14 17:41 - 000000000 ____D C:\Users\user
2018-06-18 08:38 - 2015-09-28 18:48 - 000000000 ____D C:\Users\user\AppData\LocalLow\Temp
2018-06-18 08:37 - 2009-07-13 20:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-06-18 08:35 - 2011-01-05 17:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-16 12:00 - 2016-01-20 11:59 - 000000316 _____ C:\Windows\Tasks\NetBak-ES7-user-Job2.job
2018-06-15 16:09 - 2018-03-23 16:51 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2018-06-15 13:47 - 2015-08-18 19:34 - 000000000 ____D C:\Windows\Panther
2018-06-15 13:39 - 2011-01-14 18:43 - 000116640 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-15 13:38 - 2009-07-13 21:45 - 000464448 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-15 13:28 - 2011-01-05 17:57 - 000000000 ____D C:\ProgramData\Dell
2018-06-15 11:30 - 2018-03-29 17:08 - 000000000 ____D C:\Windows\system32\config\regsave
2018-06-15 11:22 - 2018-03-29 15:13 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-06-15 09:29 - 2014-12-18 10:52 - 000000000 ____D C:\Windows\system32\appraiser
2018-06-15 09:17 - 2017-10-11 03:16 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-15 09:17 - 2013-09-12 10:28 - 000000000 ____D C:\Windows\system32\MRT
2018-06-15 09:17 - 2011-01-17 15:08 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-15 04:40 - 2013-12-04 16:48 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-15 04:40 - 2013-12-04 16:48 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-15 04:40 - 2013-12-04 16:48 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-06-14 18:57 - 2015-04-01 09:53 - 000000000 ____D C:\Users\user\AppData\Local\Avg
2018-06-14 18:46 - 2009-07-13 22:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-06-14 18:42 - 2015-04-01 09:51 - 000000000 ____D C:\ProgramData\AVG
2018-06-14 18:42 - 2011-01-17 15:56 - 000000000 ____D C:\Program Files (x86)\AVG
2018-06-14 18:38 - 2017-05-17 11:13 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-06-14 18:37 - 2017-11-28 03:24 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000151504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000078352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-06-14 18:37 - 2017-05-17 11:13 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-06-14 18:36 - 2017-05-17 11:13 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-06-14 18:35 - 2017-05-17 11:13 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2018-06-14 18:33 - 2018-03-08 13:29 - 000000000 ____D C:\Users\user\AppData\Local\GoToMeeting
2018-06-14 18:33 - 2012-09-24 16:42 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-14 18:33 - 2012-09-24 16:42 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-14 18:31 - 2015-04-23 14:05 - 000000000 ____D C:\Users\user\AppData\Local\Akamai

==================== Files in the root of some directories =======

2011-01-17 11:20 - 2011-01-17 11:20 - 000000075 _____ () C:\ProgramData\nvUnsupRes.dat
2014-05-06 11:02 - 2014-06-22 08:49 - 000000000 ____N () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-04-19 16:59 - 2012-04-19 17:08 - 000038482 _____ () C:\Users\user\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-02-26 13:21 - 2014-12-09 14:51 - 000003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 14:09 - 2013-06-19 14:09 - 000000093 _____ () C:\Users\user\AppData\Local\fusioncache.dat
2018-02-05 16:09 - 2018-02-07 18:31 - 000000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2011-05-17 16:13 - 2016-06-29 17:41 - 000007632 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-06-18 18:15 - 2018-05-28 19:35 - 001665336 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2012-06-18 00:03

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.06.2018
Ran by user (19-06-2018 18:04:04)
Running from C:\Users\user\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-01-15 00:41:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2924615952-200207337-2576731361-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2924615952-200207337-2576731361-1006 - Limited - Enabled)
Guest (S-1-5-21-2924615952-200207337-2576731361-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2924615952-200207337-2576731361-1002 - Limited - Enabled)
user (S-1-5-21-2924615952-200207337-2576731361-1000 - Administrator - Enabled) => C:\Users\user
user_i (S-1-5-21-2924615952-200207337-2576731361-1007 - Administrator - Enabled) => C:\Users\user_i
UpdatusUser (S-1-5-21-2924615952-200207337-2576731361-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.1 - Adobe Systems)
Adobe Acrobat 9.5.1 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_951) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Connect Add-in (HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)
Akamai NetSession Interface (HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anchor Selector for ACI 318 (HKLM-x32\...\{F59A435E-1DD8-4BF6-88FA-0721526D9B08}) (Version: 4.0.0 - Simpson Strong-Tie)
ARX CoSign Client (HKLM\...\{281E7F67-FADE-4370-AD9D-F0C7B9A776D0}) (Version: 7.50 - Algorithmic Research Ltd.)
ARX CryptoKit (HKLM\...\{F75D2B1D-5309-41DF-BC96-DFC3C3568C1D}) (Version: 4.8.15 - Algorithmic Research Ltd.)
ARX Office Signatures (HKLM\...\{669E14E8-DB85-4C14-8FC2-98029317164F}) (Version: 7.50 - Algorithmic Research Ltd.)
ARX Signature API (HKLM\...\{FFF34EF7-401C-47C8-AA8D-2375B3B936D9}) (Version: 7.50 - Algorithmic Research Ltd.)
AutoCAD 2011 Language Pack - English (HKLM\...\{5783F2D7-9030-0409-1102-0060B0CE6BBA}) (Version: 2011.0.0.2721 - Autodesk) Hidden
AutoCAD Structural Detailing 2011 (HKLM\...\{5783F2D7-9030-0409-0102-0060B0CE6BBA}) (Version: 2011.2.0.2721 - Autodesk) Hidden
AutoCAD Structural Detailing 2011 (HKLM\...\AutoCAD Structural Detailing 2011) (Version: 2011.2.0.2721 - Autodesk)
Autodesk Design Review 2013 (HKLM-x32\...\{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}) (Version: 13.2.0.82 - Autodesk, Inc.) Hidden
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.2.0.82 - Autodesk, Inc.)
Autodesk Download Manager (HKLM-x32\...\{EC92633C-8F08-470A-BCDF-3FE5FD778C8D}) (Version: 4.0.14.0 - Autodesk, Inc.)
Autodesk DWG TrueView 2015 - English (HKLM\...\DWG TrueView 2015 - English) (Version: 20.0.210.0 - Autodesk)
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.100 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Medium Image library (HKLM-x32\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.4.3056 - AVG Technologies)
Bentley IEG License Service (HKLM-x32\...\{2924BC91-7696-4A4A-A538-7685D87544F8}) (Version: 2.0.18.3 - Bentley Systems Inc.)
Bentley OpenSTAADOEM (HKLM-x32\...\{7A231C13-1D15-4A9A-92FC-B00260CA3748}) (Version: 08.02.09.09 - Bentley Systems, Inc.)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioAPI Framework (HKLM\...\{AF7E4468-E364-4991-BC2A-6E8293E1055B}) (Version: 1.0.1 - Dell Inc.) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.02 - Broadcom Corporation)
Cbeam 2005 1.0.1 (HKLM-x32\...\Cbeam_2005_R1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CONNECTION Client (HKLM\...\{575A2E64-8F42-3B76-9925-6F160E1E1BA9}) (Version: 10.00.10.013 - Bentley Systems, Incorporated) Hidden
CONNECTION Client (HKLM-x32\...\{53134144-1007-488c-aa1b-bff78f709d69}) (Version: 10.0.10.13 - Bentley Systems, Incorporated)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Control Point 64 (HKLM\...\{7B7D73E7-79D5-4133-AB7A-E27BB5F64725}) (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM-x32\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 02.05.04.001 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM-x32\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.056 - Dell Inc.)
DeviceViewer v3.12.0.1 (HKLM-x32\...\DeviceViewer_is1) (Version: 3.12.0.1 - )
DvrClient (HKLM-x32\...\{87644CBA-0E0C-41AC-8D5E-DBF3A15C04BA}) (Version: 1.2.20 - DVR Soft)
DWG TrueView 2015 - English (HKLM\...\{5783F2D7-E028-0409-0100-0060B0CE6BBA}) (Version: 20.0.210.0 - Autodesk) Hidden
EaseUS Todo Backup Free 11.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 11.0 - CHENGDU YIWO Tech Development Co., Ltd)
EMBASSY Security Center Lite (HKLM\...\{131A2659-99A9-4A89-B012-22A898EAE9DA}) (Version: 04.01.00.044 - Wave Systems Corp) Hidden
EMBASSY Security Center Lite (HKLM-x32\...\InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}) (Version:  - ) Hidden
EMBASSY Security Setup (HKLM\...\{53333479-6A52-4816-8497-5C52B67ED339}) (Version: 04.01.00.043 - Wave Systems Corp) Hidden
EMBASSY Security Setup (HKLM-x32\...\InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}) (Version:  - ) Hidden
ESC Home Page Plugin (HKLM\...\{E738A392-F690-4A9D-808E-7BAF80E0B398}) (Version: 04.01.00.010 - Wave Systems Corp) Hidden
ESC Home Page Plugin (HKLM-x32\...\InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}) (Version:  - ) Hidden
Gemalto (HKLM\...\{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}) (Version: 01.64.00.0010 - Wave Systems Corp) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.29.1.8953 (HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\GoToMeeting) (Version: 8.29.1.8953 - LogMeIn, Inc.)
Hilti PROFIS Anchor (HKLM-x32\...\{4CFEE2F2-76FA-4E40-AEA9-1765766AA48B}) (Version: 2.7.2 - Hilti corp.)
Hilti PROFIS AutoUpdate (HKLM-x32\...\{E3FFC1C5-1157-48EC-A197-29F00BFF01DE}) (Version: 1.4.1 - Hilti corp.)
HL-4150CDN (HKLM-x32\...\{123DE6D6-9566-4777-AC81-E6D86FFA95DA}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
HTA-US 2.40 (HKLM-x32\...\{22C1A1D2-F13F-4E70-A71F-6AAD2990C355}) (Version: 2.40 - Halfen GmbH) Hidden
HTA-US 2.40 (HKLM-x32\...\HTA-US 2.40) (Version: 2.40 - Halfen GmbH)
Index Your Files 5.0.2.6 (HKLM-x32\...\{8158B832-5225-40AB-8082-54349388B323}_is1) (Version:  - Rafael Castro)
Intel® Visual Fortran Redistributables for Windows* on IA-32 (HKLM-x32\...\{81552809-3DA1-4047-91BC-F9AC755A2016}) (Version: 11.1.060 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
join.me (HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\JoinMe) (Version: 3.4.0.5369 - LogMeIn, Inc.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Mathcad 15 F000 (HKLM-x32\...\{DC8F6C78-7231-44A2-B66E-6C4FCB3A3364}) (Version: 15.0.0.0 - PTC)
MFCLOC (HKLM-x32\...\{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}) (Version: 1.00.0000 - Dell Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Garage Mouse without Borders (HKLM-x32\...\{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.1.8.105 - Microsoft Garage)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Configuration Analyzer Tool 2.2 (HKLM-x32\...\{EA5C0F11-00CA-0321-0801-141002021782}) (Version: 2.2.6018.801 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Outlook 2013 (HKLM-x32\...\Office15.OUTLOOK) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Post Sign Program1.21 (HKLM-x32\...\Multi-Post Sign Program1.21) (Version:  - )
MyScript Notes for DANE-ELEC (HKLM-x32\...\{6378CFE7-D898-4C41-A7DD-4BB54ED80BB7}) (Version: 2.1.4.4 - Vision Objects)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.9 - Notepad++ Team)
NTRU TCG Software Stack (HKLM\...\{BB93D30B-B395-44BB-A9ED-A0E057F07E53}) (Version: 2.1.29 - NTRU Cryptosystems) Hidden
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Pile Cap and Group Analysis and Design (C:\Program Files (x86)\Pile Cap and Group Analysis and Design\) (HKLM-x32\...\ST6UNST #2) (Version:  - )
Powers Design Assist 2 (HKLM-x32\...\{11708ED8-DD12-4134-B80F-6391A7C10F6E}_is1) (Version: 2.3.5780.30000 - POWERS)
Preboot Manager (HKLM\...\{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}) (Version: 03.01.00.084 - Wave Systems Corp.) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Quicktools Analyzer (HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\aa5ec066984c820a) (Version: 1.4.319.0 - GDTM)
RAM Connection Upgrade 7.1.1 (HKLM-x32\...\{C3F57E2B-3EE6-4B7C-A711-A91EB2A97862}) (Version: 7.1.1 - Bentley Systems Inc.)
RAM Connection Upgrade 7.3 (HKLM-x32\...\{C91DFF17-030E-4D24-99C3-674AEE194A10}) (Version: 7.3 - Bentley Systems Inc.)
RAM Connection Upgrade 7.3.1 (HKLM-x32\...\{CC1C5948-5BA8-4DCB-85D9-3686225B7443}) (Version: 7.3.1 - Bentley Systems Inc.)
RAM Connection V8i (SELECTseries 3) Release 7.0 (HKLM-x32\...\{C98274BE-327C-43E0-87C5-FF8B149AE1AD}) (Version: 7.0 - Bentley Systems Inc.)
RAM Elements V8i (SELECTseries 3) Release 12.5 (HKLM-x32\...\{E68579EE-0ED3-4D5E-BFDB-8146933FD2A2}) (Version: 12.5.0 - Bentley Systems Inc.)
RAM Elements V8i (SELECTseries 3) Upgrade 12.5.1 (HKLM-x32\...\{E671F4EF-C0A1-494C-BB11-A2364759BB3E}) (Version: 12.5.1 - Bentley Systems Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5876 - Realtek Semiconductor Corp.)
Rectangular Spread Footing (HKLM-x32\...\Rectangular Spread Footing1.0) (Version:  - )
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RogueKiller version 12.12.23.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.23.0 - Adlice Software)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Russian Phonetic YaWert - WinRus.com (HKLM\...\{3A414249-4B92-422C-904C-5FA6FF525AB1}) (Version: 1.0.3.40 - personal)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SBEDS_W_v1.1.1 (HKLM-x32\...\{087DDCD6-3A85-40DE-89D7-97658B481A1A}) (Version: 1.1.1000 - USACE Protective Design Center)
Scan Tailor (HKLM-x32\...\Scan Tailor) (Version:  - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0000-0000-0000000FF1CE}_Office15.OUTLOOK_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
STAAD Foundation Advanced V8i (HKLM-x32\...\{FE2EB351-642A-4B08-82B2-12C327C1D9CE}) (Version: 06.00.00.51 - Bentley Systems Inc.)
STAAD.foundation V8i (SELECTseries 4) Release 5.3 (HKLM-x32\...\{C3010B65-2BF1-4028-B1D0-0B3D513664AD}) (Version: 05.03.00.32 - Bentley Systems Inc.)
STAAD.Pro V8i SELECTseries 3 (HKLM-x32\...\{B86A6960-FE1A-40FA-B3B5-983097834EF7}) (Version: 20.07.08.20 - Bentley Systems, Inc.)
TBSA (HKLM-x32\...\ST6UNST #3) (Version:  - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.1548 - TeamViewer)
Trusted Drive Manager (HKLM\...\{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}) (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.20 - Tweaking.com)
Type2018 TWAIN Driver Ver.3 (HKLM-x32\...\{75426376-58A7-46A1-A868-B72A1D175F42}) (Version:  - )
Update for Skype for Business 2015 (KB4018290) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.OUTLOOK_{84C8E536-D7E9-4C97-8477-F56848459A05}) (Version:  - Microsoft)
UPEK TouchChip Fingerprint Reader (HKLM\...\{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}) (Version: 1.2.0 - Dell Inc.) Hidden
Virtual Account Numbers (HKLM-x32\...\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}) (Version: 4.0.0.2260 - Citi)
Virtual Account Numbers (HKLM-x32\...\{F9A113B7-BBB0-4388-9BAB-934C698D7419}) (Version: 1.0.6.0 - Citi) Hidden
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual Studio 2008 Shell Integrated Mode Redistributable Package (HKLM-x32\...\{26458DFF-3EE7-31E9-9761-5565795CBEA4}) (Version: 9.0.30729 - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wave Infrastructure Installer (HKLM\...\{67154CF5-2C33-41C2-A9F2-A4FBC29482AD}) (Version: 07.65.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (HKLM\...\{07D618CD-B016-438A-ADC9-A75BD23F85CE}) (Version: 05.11.00.040 - Wave Systems Corp) Hidden
Wave Support Software (HKLM-x32\...\InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}) (Version:  - ) Hidden
Weak Story Tool with Simpson Strong-Tie® Strong Frame® (HKLM-x32\...\{6E5B2F46-DF46-4BDF-8FCB-18342B2D1517}) (Version: 1.5.0.33 - Simpson)
WeakStoryTool (HKLM-x32\...\{03DFAA88-41CB-4F0D-93FA-7A23B62E4932}) (Version: 1.5.0.31 - Tipping Mar)
Win7 Library Tool v1.09 (HKLM-x32\...\Win7 Library Tool v1.09) (Version:  - Zorn Software)
Window Glass Design 5 (HKLM-x32\...\{EBDBE5C1-0B92-41F1-B553-550E3930A473}) (Version: 1.00.0000 - Standards Design Group, Inc.) Hidden
Window Glass Design 5 (HKLM-x32\...\InstallShield_{EBDBE5C1-0B92-41F1-B553-550E3930A473}) (Version: 1.00.0000 - Standards Design Group, Inc.)
Window Glass Design 5 Service Release (HKLM-x32\...\{0EAF9D1D-EFCB-4274-B086-DB1499C602B4}) (Version:  - )
Window Glass Design 5 Service Release (HKLM-x32\...\{39CC1620-1428-47BF-BD43-C62B971CBC09}) (Version:  - )
Window Glass Design 5 Service Release (HKLM-x32\...\{B1D68466-595D-4B7E-B555-2ED9B416D683}) (Version:  - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - KEYLOK (usbkey) USB  (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WINGARD MP (HKLM-x32\...\{BDF932C3-A73A-4273-AC2D-7B34F567891F}) (Version: 1.00.0000 - Applied Research Associates) Hidden
WINGARD MP (HKLM-x32\...\InstallShield_{BDF932C3-A73A-4273-AC2D-7B34F567891F}) (Version: 1.00.0000 - Applied Research Associates)
WINGARDPE5.5.1 (HKLM-x32\...\{FC7ABF98-F967-4496-87F8-117BA8141FBB}) (Version: 5.5.1 - Applied Research Associates) Hidden
WINGARDPE5.5.1 (HKLM-x32\...\InstallShield_{FC7ABF98-F967-4496-87F8-117BA8141FBB}) (Version: 5.5.1 - Applied Research Associates)
WoodWorks Design Office 9 (SR-1b) (HKLM-x32\...\{A72C73DA-D514-403D-B156-21D544FE28F9}) (Version: 9.12 - CWC)
WoodWorks Sizer 10.2 (HKLM-x32\...\{B6EDC20A-89DF-445D-88C0-CAEF88088434}) (Version: 10.2 - CWC)
WoodWorks® Design Office 10 (SR-4a) (HKLM-x32\...\{F2B5A28C-8518-4FA7-88EE-E06649002EAF}) (Version: 10.41 - CWC)
WWPA Design Suite 2.0 (HKLM-x32\...\WWPA Design Suite_is1) (Version:  - Western Wood Products Association)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{236dd471-0371-4b67-b054-8c75f4834cb8}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Structural Detailing 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Structural Detailing 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Structural Detailing 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{DAE467D6-5C66-404A-BD99-4AC8261A733A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2924615952-200207337-2576731361-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD Structural Detailing 2011\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-09-11] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2014-09-11] (Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2012-03-26] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1-x32: [Autodesk.DWF.ContextMenu] -> {6C18531F-CA85-45F7-8278-FF33CF0A5964} => C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\DWFShellExtension.dll [2010-01-11] (Autodesk, Inc.)
ContextMenuHandlers1-x32: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-06-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1-x32: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-03] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2012-03-26] (Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-06-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {059D7555-8240-4CEC-94B8-AA3720C0E58C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {09E2EBC4-8079-4345-9C05-7D58D826AA0C} - System32\Tasks\{DDF54C65-36A2-43A3-9F5B-785B78FD2287} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\QuickTimeInstaller.exe -d C:\Users\user\Downloads
Task: {2AA6D7B5-8943-4FE9-B4D1-FC7524B4185C} - System32\Tasks\{4E15CCFF-36EA-4C9B-A2A7-093AB1D8EDEB} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\VS90SP1-KB2251487-x86.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {31D77EF4-BCDF-4C32-8A79-5775864DE21C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {433F77FD-5948-4B1B-93CB-C81ACA124603} - System32\Tasks\{994D7E43-9A35-439D-8E6F-93BF3088B4A6} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Desktop\setup_en.exe -d C:\Users\user\Desktop
Task: {459A12E7-0FFA-46D0-8F67-C7A1BB62E4B1} - System32\Tasks\{2915BBDB-6E3C-44F5-9F1A-5CB2357EEA9F} => C:\Windows\system32\pcalua.exe -a "C:\Users\user\Desktop\setup_en (1).exe" -d C:\Users\user\Desktop
Task: {4B445C62-2681-4F0F-B73F-3B637A53C9FC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {56EA79D0-5AF3-4A98-BA6B-64711E33838F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {7002A5D0-F68C-4F17-85E2-6843174632A6} - System32\Tasks\{61001902-FEFF-4584-9C31-E13379A92AE3} => C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [2018-02-14] (Microsoft Corporation)
Task: {7BDF14F9-70B4-4F37-AC22-47E05EB24DD9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {7E311CDE-B978-4A6A-AD2F-1098579854F8} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
Task: {8625775B-EDF5-4C6D-B804-1720EE271588} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-07] (Adobe Systems Incorporated)
Task: {910BDCF1-2FCF-4A27-9488-4257A93F0BDD} - System32\Tasks\{595C0F70-5C10-446D-96CB-D398E3AFCF92} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft Office\Office12\OIS.EXE" -d C:\Windows\system32
Task: {9A5193A2-4A5E-410E-AF4D-84F9B2D9D3AE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {9A89154A-2BD3-4F8A-9C42-38B36D731C5A} - System32\Tasks\{DB76F220-69BC-4130-AE93-53B25B8EF9E9} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\Install_CopyTrans_Suite.exe -d C:\Users\user\Desktop
Task: {A2F59696-34CA-4485-8207-2E9C12606046} - System32\Tasks\{69E7DBEB-AC76-4E8E-8017-62EA8B2CBF7B} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe -c /x {6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC} {lang}=ENU
Task: {A8B4CE55-80FC-4EC5-BBA4-5D8A38B045E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {AE1FDA0A-3C6E-4932-A410-883E32427B5E} - System32\Tasks\{1C92274D-2458-4A06-BDE0-EA904E8F6BCE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall BASICR /dll OSETUP.DLL
Task: {B0C6397E-8616-4E3F-9749-F44B368CBAC7} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-14] (AVG Technologies CZ, s.r.o.)
Task: {B10E6896-6BCF-494C-AE03-C86469162AD1} - System32\Tasks\{AB8768B2-A445-480C-BB4F-83992BFC0E51} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {B16B7B48-29A9-48E6-A26A-00EA27B4643D} - System32\Tasks\Microsoft\Windows\PLA\WPPTracingSession => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "WPPTracingSession" "$(Arg0)"
Task: {B277D1E5-721A-4008-BE23-40A18B8AC82A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {B7FA2D04-A3E0-4491-9D39-15F053E0D5C7} - System32\Tasks\NetBak-ES7-user-Job2 => C:\Program Files\QNAP\NetBak\NetBak.exe
Task: {BFEB547B-2161-4753-8288-75CA1D4C1EFD} - System32\Tasks\{2F81DA72-42E1-4EA6-9EA0-8535358EF3A9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall BASICR /dll OSETUP.DLL
Task: {C010A428-E095-426A-9877-7BC988E047DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {C2BA39DC-DB0B-405C-8086-89B03583CCE8} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-06-14] (AVG Technologies CZ, s.r.o.)
Task: {C52C0684-99A7-46ED-ADFE-361DF6A9747E} - System32\Tasks\NetBak-ES7-user-Job1 => C:\Program Files\QNAP\NetBak\NetBak.exe
Task: {C90AA298-6D68-45CC-8255-B6041C117827} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DC37D079-096C-4DBA-8832-4DF90F74E092} - System32\Tasks\{482F4BAF-3506-47AD-8BC1-EA63AA66F67C} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\YouSendItOutlookSetup2_17_0.exe -d C:\Users\user\Downloads
Task: {E985432A-73F0-4101-8B67-D6C0DC48ECB6} - System32\Tasks\{AABEF74A-7D06-46DE-80E4-D2A48B44B0BF} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Adobe\Acrobat 9.0\Setup Files\{AC76BA86-1033-F400-BA7E-000000000004}\Setup.exe" -d "C:\Program Files (x86)\Adobe\Acrobat 9.0\Setup Files\{AC76BA86-1033-F400-BA7E-000000000004}"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\NetBak-ES7-user-Job1.job => C:\Program Files\QNAP\NetBak\NetBak.exe
Task: C:\Windows\Tasks\NetBak-ES7-user-Job2.job => C:\Program Files\QNAP\NetBak\NetBak.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-11-27 11:39 - 2015-02-03 19:21 - 000115400 ____N () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-06-18 11:32 - 2018-06-18 11:35 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000738032 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 001067248 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000595696 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
2017-02-23 09:29 - 2017-02-23 09:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-15 13:13 - 2015-04-15 13:13 - 000222720 ____N () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-01-17 10:35 - 2018-01-17 10:35 - 000050040 _____ () C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe
2018-06-14 18:36 - 2018-06-14 18:36 - 000481008 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2018-06-19 10:08 - 2018-06-19 10:08 - 005838576 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\18061904\algo.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000886512 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000925936 _____ () C:\Program Files (x86)\AVG\Antivirus\anen.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000983792 _____ () C:\Program Files (x86)\AVG\Antivirus\shepherdsync.dll
2018-06-14 18:36 - 2018-06-14 18:36 - 000520944 _____ () C:\Program Files (x86)\AVG\Antivirus\gui_cache.dll
2015-07-23 16:29 - 2015-07-23 16:29 - 002298672 _____ () C:\Program Files\ARX\ARX CoSign Client\CoSign.dll
2015-06-25 10:42 - 2015-06-25 10:42 - 002316080 _____ () C:\Program Files\ARX\ARX CoSign Client\proxylogon.dll
2018-03-13 02:36 - 2018-03-13 02:36 - 067127976 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2924615952-200207337-2576731361-1000\...\sharepoint.com -> hxxps://enginiousstructures.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-08-07 10:40 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2924615952-200207337-2576731361-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.71.0.34 - 64.71.0.60
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: EFS => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TdmNotify.lnk => C:\Windows\pss\TdmNotify.lnk.CommonStartup
MSCONFIG\startupreg: 1netrbin.exe => "C:\Program Files (x86)\Network Recycle Bin Tool\netrbin.exe"
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ADSK DLMSession => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MySELECT.exe => C:\Program Files\Common Files\Bentley Shared\CONNECTION Client\Bentley.Connect.Client.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: PROFIS AutoUpdate => "C:\Program Files (x86)\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe" -hidden
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: USCService => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
MSCONFIG\startupreg: Virtual Account Numbers => C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{27BB0367-6365-43D1-90DA-DB7A3B9CC4D8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{3E4681B7-AF64-469C-B996-E406535F94C8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{6F5757B7-DC8C-4DDF-BEB6-D8E0C1C141DE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3BDDF7BD-54C8-421D-991A-F2B933AA1F3C}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdate.EXE
FirewallRules: [{4C2FB4D9-17AF-4D82-ABF6-BFDDA532F2D1}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdate.EXE
FirewallRules: [TCP Query User{85555CED-EFCC-4773-9093-F896F3DF8F72}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{2143C31F-F111-497C-A252-47A80A8E6DAC}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{0BE6C850-C63C-4084-9494-3A040A1DE5DA}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdateCheck.EXE
FirewallRules: [{6561E2F5-CC03-487C-93B9-09F6FC268C8A}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdateCheck.EXE
FirewallRules: [{8AD9237B-DC4F-40A2-8C0D-95CCC8E1CB6A}] => (Allow) C:\Program Files (x86)\ENERCALC_6\NewMessageCheck.exe
FirewallRules: [{D4E10C58-9337-41E7-9B5D-A2D28D207A92}] => (Allow) C:\Program Files (x86)\ENERCALC_6\NewMessageCheck.exe
FirewallRules: [{C8D9D88F-8CFD-46D2-8A42-213A91DB5780}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetNewsAddr.exe
FirewallRules: [{F54F380E-7313-4AAE-9863-606513CFA746}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetNewsAddr.exe
FirewallRules: [{C6E1249B-DD23-40A5-9749-042BAED384CF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{FB2AA9B0-2645-4A9D-8218-E9CAB61F48AD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{D472C0F5-E5AE-4AC8-912B-998E0B520F1C}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10.exe
FirewallRules: [{8FAEF84E-172D-46F6-A7D4-6B3837503F36}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10.exe
FirewallRules: [{C6F1F168-7E46-43F6-8AEE-6B8F6D38D868}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10WebUpdate.EXE
FirewallRules: [{6539FBE7-C817-483E-BF84-B1AFB9C32E3A}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10WebUpdate.EXE
FirewallRules: [{66F7CD1A-C0B7-46CC-954D-CC6BC7562234}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10WebUpdateCheck.exe
FirewallRules: [{BCAB9230-87AF-4788-9AE7-6733B4C4DD1E}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10WebUpdateCheck.exe
FirewallRules: [TCP Query User{0D6842B8-B989-4A6F-9190-6E7E7F636E16}C:\program files (x86)\irfanview\i_view32.exe] => (Allow) C:\program files (x86)\irfanview\i_view32.exe
FirewallRules: [UDP Query User{E1FFC503-E169-4B70-A018-55C30F90F2A2}C:\program files (x86)\irfanview\i_view32.exe] => (Allow) C:\program files (x86)\irfanview\i_view32.exe
FirewallRules: [TCP Query User{E42ECD0A-B445-4F88-8C4D-741334C9EFEC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{2BCC2F63-190D-45BE-8068-ED66DCA6C4D8}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{1772DFB9-BB36-46CC-AA8C-CC5EDF5854EC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3FD67FED-FEE1-404A-BCD0-8BDA7D476CA0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{91D46BB9-AA7D-435A-B4E3-B74042B401C7}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10.exe
FirewallRules: [{DACCE8D0-28E1-49BF-98D5-5339BD006902}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdate.EXE
FirewallRules: [{BAE84A97-CAF7-4294-A8B0-9F248F98DB63}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdateCheck.EXE
FirewallRules: [{356E56D6-9994-4AA8-8728-2897A3F88F7D}] => (Allow) C:\Program Files (x86)\ENERCALC_6\NewMessageCheck.exe
FirewallRules: [{727914AB-4A5B-4241-AF92-B783A027B257}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetNewsAddr.exe
FirewallRules: [{6697AA2C-9ADB-4B1F-A449-E0726DE26FC0}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10.exe
FirewallRules: [{A693D2B0-5115-49C1-8F08-71982C08C6F2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{1B602813-7E5D-4052-884D-0373CC0C0D93}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F0AED9C7-C63C-46C8-BC9E-B8561F0BBE35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3AEE95F3-7680-4DC5-9DB1-31724DE79160}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{515C4054-CDFE-4E67-A4E8-70D26A3D8261}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3024F415-E35E-4FA4-99F0-BB45B678F3C3}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{BF5BCA7F-5809-4662-823E-7AAC5CE73473}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{C057C122-93C3-44CD-8E53-26032C403581}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0FE07D2B-2014-4794-A322-9A154A8F185E}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdate.EXE
FirewallRules: [{003BD0D5-82BA-4722-8194-46F47E421CEF}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdateCheck.EXE
FirewallRules: [{41DA30DA-0850-4CB4-A9C9-2B6EF96FB602}] => (Allow) C:\Program Files (x86)\ENERCALC_6\NewMessageCheck.exe
FirewallRules: [{2A54A75B-57E0-4DEC-818C-5D30CEEF5E99}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetNewsAddr.exe
FirewallRules: [TCP Query User{D6341A2E-4259-450B-A2D3-E335A75D61C1}C:\users\user\appdata\local\join.me\join.me.exe] => (Allow) C:\users\user\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{17F5F028-9E63-4173-A7B3-2EA78AC01FE6}C:\users\user\appdata\local\join.me\join.me.exe] => (Allow) C:\users\user\appdata\local\join.me\join.me.exe
FirewallRules: [{6AB5284E-BD34-457F-BB20-25FE212B240C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7621E589-789E-4961-889B-86F0D7BDB11A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BF54FA8B-9A7A-470C-9222-E07B41EE2DA9}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe
FirewallRules: [UDP Query User{F06F6413-5AF5-45D2-B2C6-8573DCFAD567}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe
FirewallRules: [{598983D9-978E-4765-9DAD-C6312C3D59E1}] => (Allow) C:\Program Files (x86)\ENERCALC_6\NewMessageCheck.exe
FirewallRules: [{BE0EB10F-F9F3-4173-9D7F-583DE3371CF8}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetNewsAddr.exe
FirewallRules: [TCP Query User{C87FFFF5-90CD-4F4A-B61D-584CE707953C}C:\program files (x86)\deviceviewer\deviceviewer.exe] => (Allow) C:\program files (x86)\deviceviewer\deviceviewer.exe
FirewallRules: [UDP Query User{22811F00-0978-465A-843F-C53A422C51B0}C:\program files (x86)\deviceviewer\deviceviewer.exe] => (Allow) C:\program files (x86)\deviceviewer\deviceviewer.exe
FirewallRules: [{6E4B313B-CB59-4BE2-808B-7269B3A56A2C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D95125E8-222E-4A3A-BEA6-D365BF3DF3D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B1DA670B-8095-4BE0-AFD6-D57C87F8F6F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{69ECCCA5-9C54-497E-9571-67C34F0D992E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{52DCCC68-801B-43C6-B38D-9DA48306D80B}] => (Allow) C:\Program Files (x86)\RetainPro_10\RP10.exe
FirewallRules: [{33DD0B90-832E-456A-A264-322A8F6DA18D}] => (Allow) C:\Program Files (x86)\ENERCALC_6\ec6.exe
FirewallRules: [{F686AC09-26C3-4370-B595-48AD851E27AE}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdate.EXE
FirewallRules: [{F593501B-5E84-418A-B8BF-FD4B488565AF}] => (Allow) C:\Program Files (x86)\ENERCALC_6\EC6WebUpdateCheck.EXE
FirewallRules: [{50721BA8-B823-4CD6-8598-A33499AD4385}] => (Allow) C:\Program Files (x86)\ENERCALC_6\GetLatestRSSDate.exe
FirewallRules: [{892F9F5C-390E-4BFC-86E6-6D103F0A0669}] => (Allow) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
FirewallRules: [{0BD74487-744E-45FC-84D8-9EA52EA06135}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{45253E8C-62E4-4D11-ADFF-9B65515F93E3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A48BDE68-44F2-4460-B6BB-E60DF4A27653}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E162D239-26E2-4473-A46A-3F7967869414}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{00AA437A-649F-44E0-ACFA-FF582187D578}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B7C18D48-18F0-432F-B87E-F5C8DDF8F606}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{E07603F6-F636-4EB6-A5B4-B6DCA0FDF08C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{1ECD4CAF-0744-47C4-B224-64EE20F49C9E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{698EE752-67B2-4A3C-ADA3-4F9C64D84B31}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{D2E05DE6-C967-4C1D-8C4E-AA78394C80AA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{7E58ADAD-D23D-40CC-B4DA-FA3CECFD05E9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{0023FA46-8435-425B-B12E-3DBE37E65757}] => (Allow) C:\Users\user\Downloads\uTorrent.exe
FirewallRules: [{D7B712C5-82F6-4453-BE4C-D13A15615C78}] => (Allow) C:\Users\user\Downloads\uTorrent.exe
FirewallRules: [{11A2792A-AC7D-4E63-B9CC-9B888795E2F2}] => (Allow) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
FirewallRules: [{712E463E-221C-4E9C-BB6F-A0B92BD4CED9}] => (Allow) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
FirewallRules: [{ECAEB90F-D757-4A51-A69A-E011F414A643}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{CB17B864-14CB-41D0-8920-B8D3C0BDBED8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{1F08370C-4AD4-4F62-BBFF-B9B60DFF97A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9AF4D067-AC1E-43A3-8C69-AB2B5DBB8569}C:\program files\qnap\netbak\netbak.exe] => (Allow) C:\program files\qnap\netbak\netbak.exe
FirewallRules: [UDP Query User{B902956C-7FDB-4EAD-A75D-5D26C6F01582}C:\program files\qnap\netbak\netbak.exe] => (Allow) C:\program files\qnap\netbak\netbak.exe
FirewallRules: [TCP Query User{70E61364-24B5-44F4-A5BC-9A992E3C1EEA}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe
FirewallRules: [UDP Query User{4AA159C9-F66B-4BFF-9E98-FAC09CD5BFAF}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe
FirewallRules: [{FFE7F784-56D9-4E35-AA5D-E60CB844ED4A}] => (Allow) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
FirewallRules: [{1128454E-CAEE-4D5D-9336-CEC45A5C72EC}] => (Allow) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
FirewallRules: [{105704A9-308A-47C4-96A2-D8B3A2B9A2D7}] => (Allow) LPort=49234
FirewallRules: [{CD5B73B2-C816-4BB1-96BC-1B9B69AA973A}] => (Allow) LPort=5000

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

The system cannot find message text for message number 0x1069 in the message file for (null).

More help is available by typing NET HELPMSG 4201.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 32%
Total physical RAM: 8125.65 MB
Available physical RAM: 5458.71 MB
Total Virtual: 16249.46 MB
Available Virtual: 13362.35 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.37 GB) (Free:290.81 GB) NTFS
Drive e: (CHNTPW 1402) (Removable) (Total:14.59 GB) (Free:14.57 GB) FAT32
Drive s: (Computer Backups) (Network) (Total:5527.85 GB) (Free:3004.38 GB) NTFS
Drive t: (Completed Projects) (Network) (Total:5527.85 GB) (Free:3004.38 GB) NTFS
Drive u: (Large Files) (Network) (Total:5527.85 GB) (Free:3004.38 GB) NTFS
Drive v: (ESbooks) (Network) (Total:5527.85 GB) (Free:3004.38 GB) NTFS
Drive w: (Public) (Network) (Total:5527.85 GB) (Free:3004.38 GB) NTFS
Drive x: (user) (Network) (Total:5527.85 GB) (Free:3004.38 GB) NTFS
Drive y: (Public) (Network) (Total:5527.85 GB) (Free:3004.38 GB) NTFS
Drive z: (Public) (Network) (Total:5527.85 GB) (Free:3004.38 GB) NTFS

\\?\Volume{d612556d-193d-11e0-a9a0-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 5B2405A8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 2FF9970C)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

==================== End of Addition.txt ============================

instead of posting the results of minibox log, i am attaching it, as a file


Edited by JSntgRvr, 17 July 2018 - 07:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users