Laptop Infected

christ1986 · February 4, 2017

Hi, laptop seems to be infected and running very slowly. Have run Malwarebytes and copied the FRST and Addition below.

Any help is appreciated.

Thank you

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by admin (administrator) on CHRISTHOMAS (04-02-2017 19:20:35)
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Spotify Ltd) C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Qualisys AB) C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\QDS.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Users\admin\Desktop\U1603.exe
() C:\Users\admin\Desktop\utmp\u.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-30] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-18] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (iSkySoft)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26219896 2017-01-30] (Dropbox, Inc.)
HKLM-x32\...\Run: [QDS] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\QDS.exe [851968 2016-10-05] (Qualisys AB)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2017-01-09] ()
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [Google Update] => C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-04] (Spotify Ltd)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [f.lux] => C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [0QtmShellExtension] -> {AAAAC112-3CA7-11D6-B2B7-000102D90238} => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\x64\ProjectShellExtension.dll [2016-07-15] (Qualisys AB)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [0QtmShellExtension] -> {AAAAC102-3CA7-11D6-B2B7-000102D90238} => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\ProjectShellExtension.dll [2016-07-15] (Qualisys AB)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3515164915-2860861682-270758949-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-3515164915-2860861682-270758949-1000] => 127.0.0.1:9666
Hosts: 0x3132372E302E302E31202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B795F626567696E0D0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B792070726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B795F656E640D0A
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{23f78ea8-39df-45e2-94cc-9220b0f1c01d}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{23f78ea8-39df-45e2-94cc-9220b0f1c01d}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{cadabcc7-a90e-4e5c-9d81-a91aba4112f2}: [NameServer] 8.8.8.8,8.8.4.4
ManualProxies: 1127.0.0.1:9666

Internet Explorer:
==================
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130944121275451591&GUID=D0E5267B-FB82-43E1-BFD1-8C7953BE6032
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} hxxps://uos-portal.salford.ac.uk/InternalSite/WhlCompMgr.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Handler: WSISVCUchrome - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rcq1mxie.default-1467541637927 [2016-07-03]
FF Extension: (No Name) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi\ [not found]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @citrixonline.com/appdetectorplugin -> C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @talk.google.com/O1DPlugin -> C:\Users\admin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @tools.google.com/Google Update;version=3 -> C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @tools.google.com/Google Update;version=9 -> C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-04-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=502468&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=502468&fr=yo-yhp-ch"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2017-02-04]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-10-25]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-08]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2016-06-08]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2016-09-03]
CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2016-12-11]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-01]
CHR Extension: (Google Keep - notes and lists) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-02-01]
CHR Extension: (Pocket) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-12-19]
CHR Extension: (Save to Pocket) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-08]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-05]
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\admin\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-03]
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-30] (Dropbox, Inc.)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [619328 2013-06-29] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated)
S2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [169280 2013-04-02] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-30] (RaMMicHaeL)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [468752 2014-07-28] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-04] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-04] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 SNP2UVC; C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2665496 2016-01-15] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-07-09] (Zemana Ltd.)
S1 CBUL32; System32\drivers\CBUL32.SYS [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 19:20 - 2017-02-04 19:23 - 00033261 _____ C:\Users\admin\Downloads\FRST.txt
2017-02-04 18:42 - 2017-02-04 19:20 - 00000000 ____D C:\FRST
2017-02-04 18:39 - 2017-02-04 18:41 - 02420736 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2017-02-04 18:28 - 2017-02-04 18:28 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-04 18:27 - 2017-02-04 19:15 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-04 18:27 - 2017-02-04 19:15 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-04 18:27 - 2017-02-04 19:15 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-04 18:27 - 2017-02-04 19:14 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-04 18:27 - 2017-02-04 18:27 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-04 18:27 - 2017-02-04 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-04 18:26 - 2017-02-04 18:26 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-04 18:26 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-04 18:10 - 2017-02-04 18:26 - 55566792 _____ (Malwarebytes ) C:\Users\admin\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-04 17:26 - 2017-02-04 18:26 - 00000000 ____D C:\Users\admin\AppData\LocalLow\BitTorrent
2017-02-03 09:13 - 2017-02-03 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-02 11:55 - 2017-02-02 11:55 - 02002621 _____ C:\Users\admin\Downloads\fulltext513.pdf
2017-02-02 11:52 - 2017-02-02 11:52 - 00776192 _____ C:\Users\admin\Downloads\Agility_training_in_young_elite_soccer_players_Pro.pdf
2017-02-02 11:51 - 2017-02-02 11:51 - 00357580 _____ C:\Users\admin\Downloads\00124278-201603000-00030.pdf
2017-02-01 16:11 - 2017-02-02 11:29 - 00017653 _____ C:\Users\admin\Desktop\TRUNK.txt
2017-02-01 11:28 - 2017-02-01 11:28 - 00016273 _____ C:\Users\admin\Desktop\AN LHM.txt
2017-01-31 19:24 - 2017-01-31 19:24 - 01133362 _____ C:\Users\admin\Downloads\00126548-201702000-00005.pdf
2017-01-30 15:58 - 2017-01-30 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic v2.0
2017-01-30 15:58 - 2017-01-30 15:58 - 00000000 ____D C:\Program Files (x86)\Screencast-O-Matic
2017-01-30 15:56 - 2017-01-30 16:00 - 00000000 ____D C:\Users\admin\AppData\Local\Screencast-O-Matic-v2
2017-01-30 15:56 - 2017-01-30 15:56 - 00000000 ____D C:\Users\admin\Documents\Screencast-O-Matic
2017-01-30 15:55 - 2017-01-30 15:59 - 17956136 _____ C:\Users\admin\Downloads\InstallScreencastOMatic-2.0.exe
2017-01-30 15:55 - 2017-01-30 15:55 - 00000000 ____D C:\Users\admin\AppData\Local\WebLaunchRecorder
2017-01-30 15:54 - 2017-01-30 15:55 - 00347584 _____ (Big Nerd Software, LLC) C:\Users\admin\Downloads\WebLaunchRecorder.exe
2017-01-30 15:16 - 2017-01-30 15:16 - 00000000 ____D C:\Users\admin\Documents\My CamStudio Videos
2017-01-30 15:15 - 2017-01-30 15:16 - 00000000 ____D C:\Users\admin\Documents\My CamStudio Temp Files
2017-01-30 15:15 - 2017-01-30 15:15 - 00000096 _____ C:\Users\admin\AppData\Roaming\version2.xml
2017-01-30 14:02 - 2017-01-30 14:02 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-30 14:02 - 2017-01-30 14:02 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-30 14:02 - 2017-01-30 14:02 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-30 14:02 - 2017-01-30 14:02 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-30 13:52 - 2017-01-30 13:53 - 00058263 _____ C:\Users\admin\Documents\Copy of RESULTS COMPARISON JAN 17 v3.xlsx
2017-01-30 13:46 - 2017-01-30 13:48 - 00063352 _____ C:\Users\admin\Documents\Copy of RESULTS COMPARISON JAN 17 v2.xlsx
2017-01-30 10:34 - 2017-01-30 10:34 - 00064809 _____ C:\Users\admin\Desktop\Mats.txt
2017-01-30 10:24 - 2017-01-30 10:24 - 00021173 _____ C:\Users\admin\Desktop\LEFT HIP MOMENT.txt
2017-01-30 09:46 - 2017-01-30 09:46 - 00000000 ____D C:\Users\admin\Documents\Camtasia Studio
2017-01-30 09:45 - 2017-01-30 09:45 - 00000000 ____D C:\Users\admin\AppData\Local\TechSmith
2017-01-29 19:39 - 2017-01-29 19:39 - 00149913 _____ C:\Users\admin\Downloads\Instructions_for_Authors.pdf
2017-01-29 18:52 - 2017-01-29 18:52 - 00011461 _____ C:\Users\admin\Downloads\table.csv
2017-01-29 18:50 - 2017-01-29 18:50 - 00190894 _____ C:\Users\admin\Downloads\1-s2.0-S0268003316301061-main.pdf
2017-01-29 18:49 - 2017-01-29 18:50 - 00129753 _____ C:\Users\admin\Downloads\1-s2.0-S026800331630105X-main.pdf
2017-01-29 17:30 - 2017-01-29 17:30 - 00327898 _____ C:\Users\admin\Downloads\Hewett TE and Johnson - Orthopedics December 2009 - ACL Prevention Progra.pdf
2017-01-29 17:27 - 2017-01-29 17:27 - 00478989 _____ C:\Users\admin\Downloads\Bakker_et_al-2017-Journal_of_Orthopaedic_Research.pdf
2017-01-29 17:24 - 2017-01-29 17:24 - 00481347 _____ C:\Users\admin\Downloads\jor23523.pdf
2017-01-26 16:42 - 2017-01-26 16:42 - 00000279 _____ C:\Users\admin\Downloads\scholar (55).enw
2017-01-26 10:04 - 2017-01-26 10:04 - 00983895 _____ C:\Users\admin\Downloads\JSCR-08-8724.pdf
2017-01-25 16:52 - 2017-01-25 16:52 - 00000490 _____ C:\Users\admin\Downloads\scholar (54).enw
2017-01-25 13:11 - 2017-01-25 13:11 - 00019248 _____ C:\Users\admin\Downloads\MDPI.ens
2017-01-25 13:01 - 2017-01-25 13:01 - 00301668 _____ C:\Users\admin\Downloads\sports-174518-peer-review.pdf
2017-01-25 10:33 - 2016-12-21 07:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 10:33 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 10:20 - 2017-01-25 10:20 - 00557592 _____ C:\Users\admin\Documents\Effect of sagittal plane mechanics on ACL strain during jump landing (Bakker et al., 2016).pdf
2017-01-25 10:19 - 2017-01-25 10:19 - 00557847 _____ C:\Users\admin\Downloads\Bakker_et_al-2016-Journal_of_Orthopaedic_Research.pdf
2017-01-24 20:16 - 2017-01-24 20:16 - 00373077 _____ C:\Users\admin\Documents\Incidence of Second ACL Injuries 2 Years After Primary ACL Reconstruction and Return to Sport (Paterno et al., 2014).pdf
2017-01-24 20:16 - 2017-01-24 20:16 - 00369831 _____ C:\Users\admin\Downloads\0363546514530088.pdf
2017-01-24 20:15 - 2017-01-24 20:15 - 00264641 _____ C:\Users\admin\Documents\Strength Asymmetry and Landing Mechanics at Return to Sport after Anterior Cruciate Ligament Reconstruction (Schmitt et al., 2015).pdf
2017-01-24 20:14 - 2017-01-24 20:14 - 00270668 _____ C:\Users\admin\Downloads\Strength_Asymmetry_and_Landing_Mechanics_at_Return.13.pdf
2017-01-24 20:12 - 2017-01-24 20:12 - 00289801 _____ C:\Users\admin\Documents\Young Athletes With Quadriceps Femoris Strength Asymmetry at Return to Sport After Anterior Cruciate Ligament Reconstruction Demonstrate Asymmetric Single-Leg Drop-Landing Mechanics (Ithurburn et al., 2015).pdf
2017-01-24 20:12 - 2017-01-24 20:12 - 00285851 _____ C:\Users\admin\Downloads\0363546515602016.pdf
2017-01-24 20:09 - 2017-01-24 20:09 - 00224679 _____ C:\Users\admin\Documents\A 'plane' explanation of anterior cruciate ligament injury mechanisms - a systematic review (Quatman et al., 2010).pdf
2017-01-24 20:08 - 2017-01-24 20:08 - 00224880 _____ C:\Users\admin\Downloads\art%3A10.2165%2F11534950-000000000-00000.pdf
2017-01-24 20:05 - 2017-01-24 20:05 - 00384137 _____ C:\Users\admin\Downloads\0363546512459638.pdf
2017-01-24 20:05 - 2017-01-24 20:05 - 00376843 _____ C:\Users\admin\Documents\Current concepts for injury prevention in athletes after anterior cruciate ligament reconstruction (Hewett et al., 2013).pdf
2017-01-24 20:04 - 2017-01-24 20:04 - 01097845 _____ C:\Users\admin\Downloads\nihms444682.pdf
2017-01-24 20:03 - 2017-01-24 20:04 - 00565625 _____ C:\Users\admin\Documents\Critical components of neuromuscular training to reduce ACL injury risk in female athletes - meta-regression analysis (Sugimoto et al., 2016).pdf
2017-01-24 20:03 - 2017-01-24 20:03 - 00563238 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Sugimoto-1259-66 (1).pdf
2017-01-24 20:01 - 2017-01-24 20:01 - 00469395 _____ C:\Users\admin\Documents\Preventive Neuromuscular Training for Young Female Athletes - Comparison of Coach and Athlete Compliance Rates (Sugimoto et al., 2016).pdf
2017-01-24 20:00 - 2017-01-24 20:00 - 00466173 _____ C:\Users\admin\Downloads\1062-6050-51%2E12%2E20 (1).pdf
2017-01-24 20:00 - 2017-01-24 20:00 - 00414915 _____ C:\Users\admin\Documents\Compliance With Neuromuscular Training and Anterior Cruciate Ligament Injury Risk Reduction in Female Athletes - A Meta-Analysis (Sugimoto et al., 2012).pdf
2017-01-24 19:59 - 2017-01-24 19:59 - 00413648 _____ C:\Users\admin\Downloads\1062-6050-47%2E6%2E10.pdf
2017-01-24 16:16 - 2017-01-24 16:16 - 00391450 _____ C:\Users\admin\Downloads\2016-Commonwealth-Youth-Weightlifting-Championships.pdf
2017-01-24 16:16 - 2017-01-24 16:16 - 00040747 _____ C:\Users\admin\Downloads\Welsh20Open20201620final20positions.xlsx
2017-01-23 09:43 - 2017-01-25 18:17 - 00013408 _____ C:\Users\admin\Documents\NSCA 23-01-17.xlsx
2017-01-23 09:28 - 2017-01-23 09:28 - 00016927 _____ C:\Users\admin\Desktop\Irene Knee Flexion.txt
2017-01-22 20:58 - 2017-01-22 20:58 - 00353290 _____ C:\Users\admin\Downloads\1-s2.0-S2095254616300850-main.pdf
2017-01-22 20:57 - 2017-01-22 20:57 - 00466173 _____ C:\Users\admin\Downloads\1062-6050-51%2E12%2E20.pdf
2017-01-22 20:56 - 2017-01-22 20:56 - 00491272 _____ C:\Users\admin\Downloads\1-s2.0-S2095254617300066-main.pdf
2017-01-22 20:46 - 2017-01-22 20:46 - 00131381 _____ C:\Users\admin\Downloads\Rapid_Hamstring_Quadriceps_Force_Capacity_in_Male.29.pdf
2017-01-22 19:46 - 2017-01-22 19:46 - 01009781 _____ C:\Users\admin\Downloads\1062-6050-49%2E5%2E09.pdf
2017-01-22 19:46 - 2017-01-22 19:46 - 00056119 _____ C:\Users\admin\Downloads\1062-6050-51%2E1%2E04.pdf
2017-01-22 19:45 - 2017-01-22 19:45 - 00067212 _____ C:\Users\admin\Downloads\1062-6050-51%2E12%2E14.pdf
2017-01-22 18:20 - 2017-01-22 18:20 - 00616840 _____ C:\Users\admin\Downloads\art%3A10.1007%2Fs40279-015-0453-1.pdf
2017-01-22 18:19 - 2017-01-22 18:19 - 00334127 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-McCunn-1354 (2).pdf
2017-01-22 18:18 - 2017-01-22 18:18 - 00336233 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1354 (3).pdf
2017-01-22 18:18 - 2017-01-22 18:18 - 00336233 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1354 (2).pdf
2017-01-22 18:18 - 2017-01-22 18:18 - 00336233 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1354 (1).pdf
2017-01-22 18:05 - 2017-01-22 18:05 - 01004539 _____ C:\Users\admin\Downloads\BJSM Whiteley Screening and Likelihood Ratio Infographic.pdf
2017-01-22 17:27 - 2017-01-22 17:27 - 00236810 _____ C:\Users\admin\Downloads\kwh101.pdf
2017-01-22 17:06 - 2017-01-22 17:06 - 00002197 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-01-22 17:06 - 2017-01-22 17:06 - 00000000 ____D C:\Users\admin\AppData\Local\FluxSoftware
2017-01-22 17:05 - 2017-01-22 17:05 - 00496896 _____ C:\Users\admin\Downloads\flux-setup.exe
2017-01-22 16:49 - 2017-01-23 08:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SunsetScreen
2017-01-22 16:49 - 2017-01-22 16:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\SunsetScreen_prefs
2017-01-22 16:48 - 2017-01-22 16:49 - 00901032 _____ (Skytopia) C:\Users\admin\Downloads\SunsetScreen_Setup.exe
2017-01-22 15:08 - 2017-01-22 15:08 - 00033280 _____ C:\Users\admin\Downloads\EffectSizeCalculator.xls
2017-01-22 14:42 - 2017-01-22 14:42 - 00228167 _____ C:\Users\admin\Downloads\Maxwell_Kelley_Rausch_2008.pdf
2017-01-22 14:41 - 2017-01-22 14:41 - 00460658 _____ C:\Users\admin\Downloads\_8ddd3dc84f4a3d638df34eda3e7a516c_5.2-SLIDES-Sample-Size-Justification.pdf
2017-01-22 14:30 - 2017-01-22 14:30 - 00464470 _____ C:\Users\admin\Downloads\_8cd43521115e600e137889457dfabb2a_5.1-Confidence-Intervals-and-Capture-Percentages.pdf
2017-01-22 14:15 - 2017-01-22 14:15 - 00581096 _____ C:\Users\admin\Downloads\jssm-15-715.pdf
2017-01-22 13:59 - 2017-01-22 13:59 - 00050790 _____ C:\Users\admin\Downloads\Calculating_Effect_Sizes.xlsx
2017-01-22 13:55 - 2017-01-22 13:55 - 00237768 _____ C:\Users\admin\Downloads\_cd2aa2f2be9b4897e8de6f9c25b5d07f_4.1-Effect-Sizes-Cohens-d-and-r.pdf
2017-01-22 13:54 - 2017-01-22 13:54 - 00008743 _____ C:\Users\admin\Downloads\subtitle.txt
2017-01-22 13:24 - 2017-01-22 13:24 - 02994557 _____ C:\Users\admin\Downloads\GPowerManual.pdf
2017-01-22 13:24 - 2017-01-22 13:24 - 00481415 _____ C:\Users\admin\Downloads\GPowerShortTutorial.pdf
2017-01-22 13:03 - 2017-01-22 13:03 - 00073286 _____ C:\Users\admin\Downloads\_ff91a0257c7889ca00ba831b5b8cb877_3.1-The-Positive-Predictive-Value.pdf
2017-01-22 12:55 - 2017-01-22 12:55 - 00002599 _____ C:\Users\Public\Desktop\GPower 3.1.lnk
2017-01-22 12:55 - 2017-01-22 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPower
2017-01-22 12:55 - 2017-01-22 12:55 - 00000000 ____D C:\Program Files (x86)\GPower 3.1
2017-01-22 11:17 - 2017-01-22 11:17 - 00249381 _____ C:\Users\admin\Downloads\abdi-Holm2010-pretty.pdf
2017-01-22 11:01 - 2017-01-22 11:01 - 00925375 _____ C:\Users\admin\Downloads\_8ddd3dc84f4a3d638df34eda3e7a516c_3.1-SLIDES-Type-1-error-control.pdf
2017-01-22 10:57 - 2017-01-22 10:58 - 00518419 _____ C:\Users\admin\Downloads\_7cfd993002fce13489f6ea0c6e8d23d6_2.2-Bayesian-Statistics.pdf
2017-01-20 16:05 - 2017-01-20 16:05 - 00329602 _____ C:\Users\admin\Downloads\jab%2E2014-0137.pdf
2017-01-20 16:00 - 2017-01-20 16:00 - 00052521 _____ C:\Users\admin\Downloads\0363546516651042.pdf
2017-01-20 15:58 - 2017-01-20 15:58 - 00334127 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-McCunn-1354.pdf
2017-01-20 15:58 - 2017-01-20 15:58 - 00334127 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-McCunn-1354 (1).pdf
2017-01-20 15:54 - 2017-01-20 15:54 - 00396331 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1353-4 (1).pdf
2017-01-20 15:53 - 2017-01-20 15:53 - 00343830 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Hewett-1353.pdf
2017-01-20 15:52 - 2017-01-20 15:52 - 00396331 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1353-4.pdf
2017-01-20 15:52 - 2017-01-20 15:52 - 00336234 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1354.pdf
2017-01-20 15:50 - 2017-01-20 15:50 - 00604724 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-776-80.pdf
2017-01-20 11:00 - 2017-01-20 11:00 - 00437632 _____ C:\Users\admin\Downloads\10.1177_1941738114535184.pdf
2017-01-20 09:32 - 2017-01-20 09:33 - 00214804 _____ C:\Users\admin\Downloads\ijspp%2E2016-0034.pdf
2017-01-19 17:27 - 2017-01-19 17:27 - 00175377 _____ C:\Users\admin\Downloads\00124278-201201000-00020.pdf
2017-01-19 17:26 - 2017-01-19 17:26 - 00153054 _____ C:\Users\admin\Downloads\00124278-200910000-00026.pdf
2017-01-19 17:09 - 2017-01-19 17:09 - 00171288 _____ C:\Users\admin\Downloads\5245-14971-1-PB.pdf
2017-01-19 16:43 - 2017-01-19 16:43 - 00611686 _____ C:\Users\admin\Downloads\s1-ln25294159-1766714720-1939656818Hwf-1128683165IdV129856103425294159PDF_HI0001.pdf
2017-01-19 14:51 - 2017-01-19 14:51 - 01536473 _____ C:\Users\admin\Downloads\JSCR-S-17-00086.pdf
2017-01-19 14:51 - 2017-01-19 14:51 - 01536473 _____ C:\Users\admin\Downloads\JSCR-S-17-00086 (1).pdf
2017-01-19 14:23 - 2017-01-19 14:23 - 00061037 _____ C:\Users\admin\Downloads\Tips_for_Writing.pdf
2017-01-19 14:05 - 2017-01-19 14:05 - 00000251 _____ C:\Users\admin\Downloads\sports-v05-i01_20170119.enw
2017-01-19 13:53 - 2017-01-19 13:53 - 00545119 _____ C:\Users\admin\Downloads\Johnston et al_2014_The influence of physical qualities on post-match fatigue in rugby league players_JSMS.pdf
2017-01-19 10:32 - 2017-01-19 10:34 - 20449270 _____ C:\Users\admin\Downloads\The Real Meal Revolution by Tim Noakes.pdf
2017-01-19 10:25 - 2017-01-19 10:25 - 09985464 _____ C:\Users\admin\Downloads\Biomechanics for Dummies.pdf
2017-01-19 09:54 - 2017-01-19 09:54 - 01318161 _____ C:\Users\admin\Downloads\sports-05-00008.pdf
2017-01-19 09:23 - 2017-01-19 09:23 - 00000049 _____ C:\Users\admin\Documents\Request - Biomechanics for Dummies by Steve McCaw.txt
2017-01-17 20:04 - 2017-01-17 20:04 - 01333248 _____ C:\Users\admin\Downloads\Force & Power Assessment Lecture (R1).ppt
2017-01-17 20:04 - 2017-01-17 20:04 - 00452435 _____ C:\Users\admin\Downloads\An Evaluation of a Strength Qualities Assessment Method for the Lower Body.pdf
2017-01-17 19:58 - 2017-01-17 19:58 - 01096305 _____ C:\Users\admin\Downloads\Essentials of Strength Training and Conditioning 4th Edition-487-490.pdf
2017-01-17 11:10 - 2017-01-17 11:10 - 00000087 _____ C:\Users\admin\Documents\Request - The Real Meal Revolution - The Radical, Sustainable Approach to Healthy Eating.txt
2017-01-17 09:24 - 2017-01-19 15:24 - 00066313 _____ C:\Users\admin\Desktop\Netball Hop & Leap December 2016.xlsx
2017-01-14 19:08 - 2017-01-14 19:08 - 00717271 _____ C:\Users\admin\Downloads\00124278-201105000-00027.pdf
2017-01-14 18:22 - 2017-01-14 18:22 - 00000252 _____ C:\Users\admin\Downloads\scholar (53).enw
2017-01-12 13:23 - 2017-01-12 13:23 - 00000000 ____D C:\Users\admin\AppData\Local\FreemakeVideoConverter
2017-01-11 12:35 - 2016-12-21 05:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-11 12:35 - 2016-12-21 04:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 12:35 - 2016-12-21 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 12:35 - 2016-12-21 04:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 12:35 - 2016-12-14 04:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 12:34 - 2016-12-21 05:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 12:34 - 2016-12-21 05:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 12:34 - 2016-12-21 05:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 12:34 - 2016-12-21 05:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 12:34 - 2016-12-21 05:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 12:34 - 2016-12-21 05:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 12:34 - 2016-12-21 05:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 12:34 - 2016-12-21 05:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 12:34 - 2016-12-21 05:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 12:34 - 2016-12-21 04:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 12:34 - 2016-12-21 04:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 12:34 - 2016-12-21 04:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 12:34 - 2016-12-21 04:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 12:34 - 2016-12-21 04:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 12:34 - 2016-12-21 04:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 12:34 - 2016-12-21 04:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 12:34 - 2016-12-21 04:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 12:34 - 2016-12-21 04:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 12:34 - 2016-12-21 04:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 12:34 - 2016-12-21 04:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 12:34 - 2016-12-21 04:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 12:34 - 2016-12-21 04:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 12:34 - 2016-12-21 04:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 12:34 - 2016-12-21 04:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 12:34 - 2016-12-21 04:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 12:34 - 2016-12-21 04:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 12:34 - 2016-12-21 04:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 12:34 - 2016-12-21 04:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 12:34 - 2016-12-21 04:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 12:34 - 2016-12-21 04:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 12:34 - 2016-12-21 04:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 12:34 - 2016-12-21 04:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 12:34 - 2016-12-21 04:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 12:34 - 2016-12-21 04:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 12:34 - 2016-12-14 05:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 12:34 - 2016-12-14 05:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 12:34 - 2016-12-14 05:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 12:34 - 2016-12-14 05:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 12:34 - 2016-12-14 05:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 12:34 - 2016-12-14 05:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 12:34 - 2016-12-14 05:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 12:34 - 2016-12-14 04:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 12:34 - 2016-12-14 04:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 12:34 - 2016-12-14 04:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 12:34 - 2016-12-14 04:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 12:34 - 2016-12-14 04:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 12:34 - 2016-12-14 04:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 12:34 - 2016-12-14 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 12:34 - 2016-12-14 04:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 12:34 - 2016-12-14 04:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 12:34 - 2016-12-14 04:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 12:34 - 2016-12-14 04:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 12:34 - 2016-12-14 04:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 12:34 - 2016-12-14 04:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 12:34 - 2016-12-14 04:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 12:29 - 2016-12-21 07:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 12:28 - 2016-12-21 08:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 12:28 - 2016-12-21 08:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 12:28 - 2016-12-21 08:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 12:28 - 2016-12-21 07:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 12:28 - 2016-12-21 07:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-11 12:28 - 2016-12-21 07:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 12:28 - 2016-12-21 07:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 12:28 - 2016-12-21 07:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 12:28 - 2016-12-21 07:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 12:28 - 2016-12-21 07:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 12:28 - 2016-12-21 07:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 12:28 - 2016-12-21 07:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 12:28 - 2016-12-21 07:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 12:28 - 2016-12-21 07:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 12:28 - 2016-12-21 07:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 12:28 - 2016-12-21 07:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 12:28 - 2016-12-21 07:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 12:28 - 2016-12-21 07:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 12:28 - 2016-12-21 07:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 12:28 - 2016-12-21 07:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 12:28 - 2016-12-21 07:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 12:28 - 2016-12-21 07:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 12:28 - 2016-12-21 07:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 12:28 - 2016-12-21 07:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 12:28 - 2016-12-21 07:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 12:28 - 2016-12-21 07:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 12:28 - 2016-12-21 07:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 12:28 - 2016-12-21 07:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 12:28 - 2016-12-21 07:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 12:28 - 2016-12-21 07:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 12:28 - 2016-12-21 07:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 12:28 - 2016-12-21 07:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 12:28 - 2016-12-21 07:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 12:28 - 2016-12-21 07:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 12:28 - 2016-12-21 07:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 12:28 - 2016-12-21 07:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 12:28 - 2016-12-21 07:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 12:28 - 2016-12-21 07:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 12:28 - 2016-12-21 07:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 12:28 - 2016-12-21 06:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 12:28 - 2016-12-21 06:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 12:28 - 2016-12-21 06:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 12:28 - 2016-12-21 06:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 12:28 - 2016-12-21 06:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 12:28 - 2016-12-21 06:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 12:28 - 2016-12-21 06:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 12:28 - 2016-12-21 06:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 12:28 - 2016-12-21 06:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 12:28 - 2016-12-21 06:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 12:28 - 2016-12-21 06:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 12:28 - 2016-12-21 06:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 12:28 - 2016-12-21 06:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 12:28 - 2016-12-21 06:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 12:28 - 2016-12-21 06:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 12:28 - 2016-12-21 06:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 12:28 - 2016-12-21 06:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 12:28 - 2016-12-21 06:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 12:28 - 2016-12-21 06:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 12:28 - 2016-12-21 06:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 12:28 - 2016-12-14 05:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 12:28 - 2016-12-14 05:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 12:28 - 2016-12-14 05:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 12:28 - 2016-12-14 05:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 12:28 - 2016-12-14 05:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 12:28 - 2016-12-14 05:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 12:28 - 2016-12-14 05:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 12:28 - 2016-12-14 05:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 12:28 - 2016-12-14 05:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 12:28 - 2016-12-14 05:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 12:28 - 2016-12-14 05:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 12:28 - 2016-12-14 05:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 12:28 - 2016-12-14 05:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 12:28 - 2016-12-14 05:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 12:28 - 2016-12-14 05:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 12:28 - 2016-12-14 04:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 12:28 - 2016-12-14 04:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 12:28 - 2016-12-14 04:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 12:28 - 2016-12-14 04:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 12:28 - 2016-12-14 04:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 12:28 - 2016-12-14 04:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 12:28 - 2016-12-14 04:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 12:28 - 2016-12-14 04:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 12:28 - 2016-12-14 04:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 12:28 - 2016-12-14 04:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 12:28 - 2016-12-14 04:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 12:28 - 2016-12-14 04:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 12:28 - 2016-12-14 04:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 12:28 - 2016-12-14 04:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 12:28 - 2016-12-14 04:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 12:28 - 2016-12-14 04:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 12:28 - 2016-12-14 04:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 12:28 - 2016-12-14 04:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 12:28 - 2016-12-14 04:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 12:28 - 2016-12-14 04:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 12:28 - 2016-12-14 04:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 12:28 - 2016-12-14 04:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 12:28 - 2016-12-14 04:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 12:28 - 2016-12-14 04:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 12:28 - 2016-12-14 04:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 12:28 - 2016-12-14 04:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 12:28 - 2016-12-14 04:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 12:28 - 2016-12-14 04:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 12:28 - 2016-12-14 04:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 12:28 - 2016-12-14 04:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 12:28 - 2016-12-14 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 10:15 - 2017-01-11 10:15 - 00000902 _____ C:\Users\Public\Desktop\Visual3D v6 x64.lnk
2017-01-11 10:14 - 2017-01-11 10:14 - 00000000 ____D C:\Program Files\Visual3D v6 x64
2017-01-08 11:44 - 2016-12-09 10:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-01-08 11:44 - 2016-12-09 10:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-01-08 11:44 - 2016-12-09 10:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-01-08 11:44 - 2016-12-09 10:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-01-08 11:44 - 2016-12-09 10:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-01-08 11:44 - 2016-12-09 10:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-01-08 11:44 - 2016-12-09 09:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-01-08 11:44 - 2016-12-09 09:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-01-08 11:44 - 2016-12-09 09:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-01-08 11:44 - 2016-12-09 09:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-01-08 11:44 - 2016-12-09 09:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-01-08 11:44 - 2016-12-09 09:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-01-08 11:44 - 2016-11-11 09:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2017-01-08 11:44 - 2016-11-11 09:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-01-08 11:44 - 2016-11-11 09:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-01-08 11:44 - 2016-11-11 09:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-01-08 11:44 - 2016-11-11 09:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-01-08 11:44 - 2016-11-11 07:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-01-08 11:44 - 2016-11-11 07:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-01-08 11:44 - 2016-11-11 07:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-01-08 11:44 - 2016-11-11 07:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-01-08 11:44 - 2016-11-11 07:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-01-08 11:44 - 2016-11-11 07:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2017-01-08 11:44 - 2016-11-11 07:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2017-01-08 11:44 - 2016-11-11 07:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-01-08 11:44 - 2016-11-11 07:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-01-08 11:44 - 2016-11-11 07:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-01-08 11:44 - 2016-11-11 07:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-01-08 11:44 - 2016-11-11 07:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-01-08 11:44 - 2016-11-11 07:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-01-08 11:44 - 2016-11-11 07:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-01-08 11:43 - 2016-12-09 10:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-08 11:43 - 2016-12-09 10:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-01-08 11:43 - 2016-12-09 10:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-01-08 11:43 - 2016-12-09 10:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-01-08 11:43 - 2016-12-09 09:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-01-08 11:43 - 2016-12-09 09:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2017-01-08 11:43 - 2016-12-09 09:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2017-01-08 11:43 - 2016-12-09 09:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-01-08 11:43 - 2016-12-09 09:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-01-08 11:43 - 2016-12-09 09:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-01-08 11:43 - 2016-12-09 09:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-01-08 11:43 - 2016-12-09 09:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-01-08 11:43 - 2016-12-09 09:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-01-08 11:43 - 2016-12-09 09:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-01-08 11:43 - 2016-12-09 09:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-01-08 11:43 - 2016-12-09 09:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-01-08 11:43 - 2016-12-09 09:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-01-08 11:43 - 2016-12-09 09:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-01-08 11:43 - 2016-12-09 09:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2017-01-08 11:43 - 2016-12-09 09:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-01-08 11:43 - 2016-12-09 09:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-01-08 11:43 - 2016-12-09 09:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2017-01-08 11:43 - 2016-12-09 09:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2017-01-08 11:43 - 2016-11-11 10:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2017-01-08 11:43 - 2016-11-11 10:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-01-08 11:43 - 2016-11-11 10:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-01-08 11:43 - 2016-11-11 10:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-01-08 11:43 - 2016-11-11 10:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-01-08 11:43 - 2016-11-11 10:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-01-08 11:43 - 2016-11-11 10:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-01-08 11:43 - 2016-11-11 09:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-01-08 11:43 - 2016-11-11 09:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-01-08 11:43 - 2016-11-11 09:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2017-01-08 11:43 - 2016-11-11 09:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2017-01-08 11:43 - 2016-11-11 09:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-01-08 11:43 - 2016-11-11 09:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-08 11:43 - 2016-11-11 09:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-01-08 11:43 - 2016-11-11 09:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-01-08 11:43 - 2016-11-11 09:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2017-01-08 11:43 - 2016-11-11 09:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2017-01-08 11:43 - 2016-11-11 09:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2017-01-08 11:43 - 2016-11-11 09:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-01-08 11:43 - 2016-11-11 09:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-01-08 11:43 - 2016-11-11 09:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-01-08 11:43 - 2016-11-11 09:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-01-08 11:43 - 2016-11-11 09:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-01-08 11:43 - 2016-11-11 09:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-01-08 11:43 - 2016-11-11 09:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-01-08 11:43 - 2016-11-11 09:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-01-08 11:43 - 2016-11-11 09:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-01-08 11:43 - 2016-11-11 09:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-01-08 11:43 - 2016-11-11 09:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2017-01-08 11:43 - 2016-11-11 09:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-01-08 11:43 - 2016-11-11 09:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2017-01-08 11:43 - 2016-11-11 09:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-01-08 11:43 - 2016-11-11 09:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-01-08 11:43 - 2016-11-11 09:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-01-08 11:43 - 2016-11-11 09:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-01-08 11:43 - 2016-11-11 09:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-01-08 11:43 - 2016-11-11 09:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-01-08 11:43 - 2016-11-11 09:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-01-08 11:43 - 2016-11-11 09:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2017-01-08 11:43 - 2016-11-11 09:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-01-08 11:43 - 2016-11-11 09:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-01-08 11:43 - 2016-11-11 09:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-01-08 11:43 - 2016-11-11 09:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-01-08 11:43 - 2016-11-11 09:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-01-08 11:43 - 2016-11-11 09:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-01-08 11:43 - 2016-11-11 09:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-01-08 11:43 - 2016-11-11 09:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-01-08 11:43 - 2016-11-11 09:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-01-08 11:43 - 2016-11-11 08:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-01-08 11:43 - 2016-11-11 07:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-01-08 11:43 - 2016-11-11 07:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2017-01-08 11:43 - 2016-11-11 07:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-01-08 11:43 - 2016-11-11 07:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-01-08 11:43 - 2016-11-11 07:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-01-08 11:43 - 2016-11-11 07:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-01-08 11:43 - 2016-11-11 07:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-01-08 11:43 - 2016-11-11 07:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-01-08 11:43 - 2016-11-11 07:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2017-01-08 11:43 - 2016-11-11 07:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-01-08 11:43 - 2016-11-11 07:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2017-01-08 11:43 - 2016-11-11 07:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-01-08 11:43 - 2016-11-11 07:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-01-08 11:43 - 2016-11-11 07:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2017-01-08 11:43 - 2016-11-11 07:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2017-01-08 11:43 - 2016-11-11 07:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-01-08 11:43 - 2016-11-11 07:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2017-01-08 11:42 - 2016-12-09 10:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-01-08 11:42 - 2016-12-09 10:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-01-08 11:42 - 2016-12-09 10:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-01-08 11:42 - 2016-12-09 10:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-01-08 11:42 - 2016-12-09 10:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-01-08 11:42 - 2016-12-09 10:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-01-08 11:42 - 2016-12-09 10:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-01-08 11:42 - 2016-12-09 10:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-01-08 11:42 - 2016-12-09 10:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-01-08 11:42 - 2016-12-09 10:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-01-08 11:42 - 2016-12-09 10:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-01-08 11:42 - 2016-12-09 10:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-01-08 11:42 - 2016-12-09 10:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-01-08 11:42 - 2016-12-09 10:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-01-08 11:42 - 2016-12-09 10:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-01-08 11:42 - 2016-12-09 10:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-01-08 11:42 - 2016-12-09 09:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-01-08 11:42 - 2016-12-09 09:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-01-08 11:42 - 2016-12-09 09:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-01-08 11:42 - 2016-12-09 09:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-01-08 11:42 - 2016-12-09 09:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2017-01-08 11:42 - 2016-12-09 09:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-01-08 11:42 - 2016-12-09 09:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-01-08 11:42 - 2016-12-09 09:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-01-08 11:42 - 2016-12-09 09:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-01-08 11:42 - 2016-12-09 09:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-01-08 11:42 - 2016-12-09 09:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-01-08 11:42 - 2016-12-09 09:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-01-08 11:42 - 2016-12-09 08:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-01-08 11:42 - 2016-11-11 10:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-01-08 11:42 - 2016-11-11 10:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-01-08 11:42 - 2016-11-11 10:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-01-08 11:42 - 2016-11-11 10:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2017-01-08 11:42 - 2016-11-11 10:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-01-08 11:42 - 2016-11-11 10:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-01-08 11:42 - 2016-11-11 10:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-01-08 11:42 - 2016-11-11 09:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-01-08 11:42 - 2016-11-11 09:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-01-08 11:42 - 2016-11-11 09:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-01-08 11:42 - 2016-11-11 09:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-01-08 11:42 - 2016-11-11 09:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-01-08 11:42 - 2016-11-11 09:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2017-01-08 11:42 - 2016-11-11 09:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2017-01-08 11:42 - 2016-11-11 09:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2017-01-08 11:42 - 2016-11-11 09:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2017-01-08 11:42 - 2016-11-11 09:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-01-08 11:42 - 2016-11-11 09:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2017-01-08 11:42 - 2016-11-11 09:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2017-01-08 11:42 - 2016-11-11 09:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2017-01-08 11:42 - 2016-11-11 09:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2017-01-08 11:42 - 2016-11-11 09:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-01-08 11:42 - 2016-11-11 09:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-01-08 11:42 - 2016-11-11 09:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-01-08 11:42 - 2016-11-11 09:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2017-01-08 11:42 - 2016-11-11 09:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2017-01-08 11:42 - 2016-11-11 09:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-01-08 11:42 - 2016-11-11 09:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-01-08 11:42 - 2016-11-11 09:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2017-01-08 11:42 - 2016-11-11 09:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-01-08 11:42 - 2016-11-11 09:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-01-08 11:42 - 2016-11-11 09:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-01-08 11:42 - 2016-11-11 09:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-01-08 11:42 - 2016-11-11 09:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-01-08 11:42 - 2016-11-11 09:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2017-01-08 11:42 - 2016-11-11 09:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-01-08 11:42 - 2016-11-11 09:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-01-08 11:42 - 2016-11-11 09:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-01-08 11:42 - 2016-11-11 09:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-01-08 11:42 - 2016-11-11 09:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-01-08 11:42 - 2016-11-11 09:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-01-08 11:42 - 2016-11-11 09:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-01-08 11:42 - 2016-11-11 09:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-01-08 11:42 - 2016-11-11 09:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2017-01-08 11:42 - 2016-11-11 09:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2017-01-08 11:42 - 2016-11-11 09:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2017-01-08 11:42 - 2016-11-11 09:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-01-08 11:42 - 2016-11-11 09:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2017-01-08 11:42 - 2016-11-11 09:07 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-01-08 11:42 - 2016-11-11 09:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-01-08 11:42 - 2016-11-11 09:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2017-01-08 11:42 - 2016-11-11 09:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-01-08 11:42 - 2016-11-11 09:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-01-08 11:42 - 2016-11-11 09:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-01-08 11:42 - 2016-11-11 09:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-01-08 11:42 - 2016-11-11 09:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2017-01-08 11:42 - 2016-11-11 09:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-01-08 11:42 - 2016-11-11 09:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-01-08 11:42 - 2016-11-11 09:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-01-08 11:42 - 2016-11-11 09:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2017-01-08 11:42 - 2016-11-11 09:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2017-01-08 11:42 - 2016-11-11 09:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2017-01-08 11:42 - 2016-11-11 08:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-01-08 11:42 - 2016-11-11 07:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-01-08 11:42 - 2016-11-11 07:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-01-08 11:42 - 2016-11-11 07:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-01-08 11:42 - 2016-11-11 07:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2017-01-08 11:42 - 2016-11-11 07:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-01-08 11:42 - 2016-11-11 07:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-01-08 11:42 - 2016-11-11 07:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-01-08 11:42 - 2016-11-11 07:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-01-08 11:42 - 2016-11-11 07:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-01-08 11:42 - 2016-11-11 07:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-01-08 11:42 - 2016-11-11 07:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-01-08 11:42 - 2016-11-11 07:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-01-08 11:42 - 2016-11-11 07:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-01-08 11:41 - 2016-12-09 10:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-01-08 11:41 - 2016-12-09 10:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-01-08 11:41 - 2016-12-09 10:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-01-08 11:41 - 2016-12-09 10:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-01-08 11:41 - 2016-12-09 09:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-01-08 11:41 - 2016-12-09 09:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-01-08 11:41 - 2016-12-09 09:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-01-08 11:41 - 2016-12-09 09:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-08 11:41 - 2016-12-09 09:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-01-08 11:41 - 2016-12-09 09:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-08 11:41 - 2016-11-11 10:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-01-08 11:41 - 2016-11-11 10:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-01-08 11:41 - 2016-11-11 10:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-01-08 11:41 - 2016-11-11 10:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-01-08 11:41 - 2016-11-11 09:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2017-01-08 11:41 - 2016-11-11 09:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2017-01-08 11:41 - 2016-11-11 09:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-01-08 11:41 - 2016-11-11 09:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-01-08 11:41 - 2016-11-11 09:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-01-08 11:41 - 2016-11-11 09:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-01-08 11:41 - 2016-11-11 09:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-01-08 11:41 - 2016-11-11 09:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-01-08 11:41 - 2016-11-11 09:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2017-01-08 11:41 - 2016-11-11 09:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-01-08 11:41 - 2016-11-11 09:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2017-01-08 11:41 - 2016-11-11 09:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-01-08 11:41 - 2016-11-11 09:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-01-08 11:41 - 2016-11-11 09:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-01-08 11:41 - 2016-11-11 09:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-01-08 11:41 - 2016-11-11 09:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2017-01-08 11:41 - 2016-11-11 09:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2017-01-08 11:41 - 2016-11-11 09:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-01-08 11:41 - 2016-11-11 09:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2017-01-08 11:41 - 2016-11-11 09:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-01-08 11:41 - 2016-11-11 09:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-01-08 11:41 - 2016-11-11 09:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-01-08 11:41 - 2016-11-11 09:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-01-08 11:41 - 2016-11-11 09:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-01-08 11:41 - 2016-11-11 09:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-01-08 11:41 - 2016-11-11 09:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-01-08 11:41 - 2016-11-11 09:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-01-08 11:41 - 2016-11-11 07:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-01-08 11:41 - 2016-11-11 07:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2017-01-08 11:41 - 2016-11-11 07:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-01-08 11:41 - 2016-11-11 07:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-01-08 11:41 - 2016-11-11 07:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-01-08 11:41 - 2016-11-11 07:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-01-08 11:41 - 2016-11-11 07:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2017-01-08 11:40 - 2016-12-09 10:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-01-08 11:40 - 2016-12-09 10:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-01-08 11:40 - 2016-12-09 09:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-01-08 11:40 - 2016-12-09 09:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-01-08 11:40 - 2016-12-09 09:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2017-01-08 11:40 - 2016-11-11 08:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-01-08 11:40 - 2016-11-11 07:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2017-01-08 11:40 - 2016-11-11 07:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-01-08 11:40 - 2016-11-11 07:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2017-01-08 11:40 - 2016-11-11 07:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-01-08 11:40 - 2016-11-11 07:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2017-01-08 11:40 - 2016-11-11 07:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2017-01-08 11:40 - 2016-11-11 07:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-01-08 11:40 - 2016-11-11 07:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-01-08 11:40 - 2016-11-11 07:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-01-08 11:40 - 2016-11-11 07:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2017-01-08 11:40 - 2016-11-11 07:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-01-08 11:40 - 2016-11-11 07:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2017-01-08 11:40 - 2016-11-11 07:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-01-08 11:40 - 2016-11-11 07:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2017-01-08 11:40 - 2016-11-11 07:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-01-08 11:40 - 2016-11-11 07:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-01-08 11:40 - 2016-11-11 07:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2017-01-08 11:40 - 2016-11-11 07:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-01-08 11:40 - 2016-11-11 07:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-01-08 11:40 - 2016-11-11 07:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-01-08 11:40 - 2016-11-11 07:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-01-08 11:40 - 2016-11-11 07:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-01-08 11:40 - 2016-11-11 07:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-01-08 11:40 - 2016-11-11 07:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-01-08 11:40 - 2016-11-11 07:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2017-01-08 11:40 - 2016-11-11 07:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-01-08 11:40 - 2016-11-11 07:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-01-08 11:40 - 2016-11-11 07:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-01-06 20:59 - 2017-01-06 20:59 - 00000067 _____ C:\Users\admin\Documents\Request - Anyone have the RP Hypertrophy Template FAQ's or How To Use.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 19:22 - 2016-07-09 17:44 - 00024388 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-04 19:18 - 2016-11-01 14:09 - 00000000 ____D C:\Users\admin\Desktop\utmp
2017-02-04 19:18 - 2015-10-03 16:48 - 00000000 ___RD C:\Users\admin\Google Drive
2017-02-04 19:18 - 2013-09-28 18:01 - 00000600 _____ C:\Users\admin\PUTTY.RND
2017-02-04 19:18 - 2013-06-28 20:13 - 00000000 ___RD C:\Users\admin\Dropbox
2017-02-04 19:15 - 2016-06-04 08:50 - 00000000 ____D C:\ProgramData\MCShield
2017-02-04 19:14 - 2016-09-29 16:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-04 19:13 - 2016-09-29 16:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-04 18:57 - 2016-07-16 06:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-04 18:26 - 2016-06-04 08:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-02-04 18:26 - 2015-12-15 06:21 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-02-04 18:26 - 2014-01-15 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-04 18:26 - 2013-06-29 17:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\BitTorrent
2017-02-04 17:22 - 2014-08-13 09:00 - 00000000 ____D C:\Users\admin\AppData\Local\Spotify
2017-02-04 16:04 - 2014-08-13 08:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Spotify
2017-02-04 09:40 - 2016-09-27 19:02 - 00000000 ____D C:\Users\admin\Documents\Qualisys
2017-02-04 09:40 - 2016-09-27 19:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\Qualisys
2017-02-04 08:56 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-03 09:14 - 2015-09-08 17:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-03 09:13 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-03 09:09 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-02 14:16 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-02 11:56 - 2014-01-13 10:28 - 00000000 ____D C:\Users\admin\AppData\Local\Packages
2017-01-30 15:25 - 2016-09-29 16:11 - 00000000 ____D C:\Users\admin
2017-01-30 15:25 - 2016-02-04 09:59 - 00000000 ____D C:\ProgramData\TechSmith
2017-01-30 15:17 - 2014-04-23 12:57 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2017-01-30 13:33 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 08:29 - 2014-01-13 10:28 - 00000000 ____D C:\ProgramData\InstallMate
2017-01-22 11:13 - 2015-11-19 21:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 08:56 - 2016-09-29 16:10 - 01153402 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-18 08:49 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-17 15:11 - 2013-06-27 03:43 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2017-01-16 13:37 - 2016-06-07 15:19 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-16 13:37 - 2012-08-19 02:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-15 13:37 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-14 16:39 - 2016-09-29 16:42 - 00003974 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-14 16:38 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-14 16:38 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-13 08:05 - 2015-08-17 12:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-13 06:17 - 2016-09-29 16:02 - 04980160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-13 06:13 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-13 06:13 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-13 06:13 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-13 06:13 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-13 06:13 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-13 06:13 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-13 06:13 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-13 06:13 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-01-13 06:13 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-01-13 06:13 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-13 06:13 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-01-13 06:13 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\servicing
2017-01-13 06:02 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-13 05:59 - 2012-08-19 01:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-12 13:23 - 2013-12-04 13:30 - 00000000 ____D C:\ProgramData\Freemake
2017-01-12 13:22 - 2016-12-12 10:13 - 00001393 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2017-01-12 13:22 - 2016-12-12 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-01-11 13:04 - 2016-10-15 19:30 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-01-11 13:04 - 2013-07-24 15:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 12:56 - 2012-08-19 01:50 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 10:15 - 2015-08-20 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C-Motion
2017-01-11 08:07 - 2016-09-29 16:42 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-05 20:10 - 2014-06-28 16:23 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA.job
2017-01-05 20:10 - 2014-06-28 16:23 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core.job

==================== Files in the root of some directories =======

2017-01-30 15:15 - 2017-01-30 15:15 - 0000096 _____ () C:\Users\admin\AppData\Roaming\version2.xml
2013-11-03 15:47 - 2014-01-15 10:00 - 0000113 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2013-12-31 16:04 - 2014-01-03 10:31 - 0000005 _____ () C:\Users\admin\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-11-03 15:47 - 2014-01-15 10:00 - 0000005 _____ () C:\Users\admin\AppData\Roaming\WBPU-TTL.DAT
2014-04-21 10:50 - 2014-10-05 17:24 - 0007168 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-19 19:13 - 2012-12-19 19:13 - 0010275 _____ () C:\ProgramData\regid.1995-04.com.kistler_2B134736-2DB6-488E-BB15-FC19631EE635.swidtag
2014-01-10 20:51 - 2014-01-10 20:51 - 0010260 _____ () C:\ProgramData\regid.1995-04.com.kistler_FE724B72-8B8B-4B49-85FE-24AC4E84CC09.swidtag

Some files in TEMP:
====================
2017-01-05 20:45 - 2016-12-01 09:31 - 0050720 _____ (HP Inc.) C:\Users\admin\AppData\Local\Temp\ACLMInstaller.exe
2016-11-04 09:38 - 2016-11-04 09:38 - 33870608 _____ (Ellora Assets Corporation ) C:\Users\admin\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2016-10-11 13:27 - 2013-04-24 19:16 - 0250080 _____ (Thomson Reuters) C:\Users\admin\AppData\Local\Temp\Risweb32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-03 12:06

==================== End of FRST.txt ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by admin (04-02-2017 19:25:56)
Running from C:\Users\admin\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-29 16:48:17)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

admin (S-1-5-21-3515164915-2860861682-270758949-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3515164915-2860861682-270758949-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515164915-2860861682-270758949-503 - Limited - Disabled)
Guest (S-1-5-21-3515164915-2860861682-270758949-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3515164915-2860861682-270758949-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{935D195D-0E7A-3D63-5B66-70E6D13E6C03}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
Ballistic Measurement System (HKLM-x32\...\Ballistic Measurement System_is1) (Version: 2015.0.0 - Innervations)
BitTorrent (HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{D7533406-78CD-4C2F-B363-D7224851720E}) (Version: 2.71.0 - Kovid Goyal)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
Catapult Sprint 5.1.7 (HKLM-x32\...\Catapult Sprint_is1) (Version: - Catapult Sports Pty. Ltd.)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.2.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverIdentifier 4.2.7 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.12 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.1.7212 - Thomson Reuters)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
f.lux (HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Flux) (Version: - )
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
G*Power 3.1.9.2 (HKLM-x32\...\{F9C59D86-6F65-4EDB-89A2-FBA1F78762D2}) (Version: 3.1.92 - Franz Faul, Uni Kiel, Germany)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
InstaCal for Windows (HKLM-x32\...\{7C1C5FCD-56F9-4A6F-B46F-83F2A31BCD12}) (Version: 6.25 - Measurement Computing Corporation)
iSkysoft Helper Compact 2.5.2 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Kistler BioWare (HKLM-x32\...\{2292FBF0-F58C-4742-B96D-BDE135A2663D}) (Version: 5.2.3.5 - Kistler Instrument Group)
Kistler DataServer (HKLM-x32\...\{0479EFA6-278B-4031-9004-BFEF8EEE3415}) (Version: 1.3.0.2002 - Kistler Instrument Group)
Kistler DataServer (HKLM-x32\...\{3F5397A3-54F9-4714-B8F9-1EAEA4A838B9}) (Version: 1.4.0.2150 - Kistler Instrument Group)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM-x32\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version: - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Qualisys Track Manager (HKLM-x32\...\{F848E102-F782-493C-B526-BDE686D69DEA}_is1) (Version: 2.14.3090 - Qualisys AB)
Qualys BrowserCheck (HKLM-x32\...\{80112B33-B9C0-424C-8C9C-7684C238325E}) (Version: 1.1.1 - Qualys)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2.0 - Screencast-O-Matic)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Spotify (HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
SPSS 17 (HKLM-x32\...\SPSS 17) (Version: - Rainbow Hacks)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
Visual3D v5 Educational Textbook Version (HKLM-x32\...\{C27B0E0C-87A7-4723-94A3-0C43F79F1582}_is1) (Version: 5.00.26 - C-Motion, Inc.)
Visual3D v6 x64 (HKLM\...\{E8F7EAED-9DAD-4FA1-B420-9C6D00256FB7}}_is1) (Version: 6.00.27 - C-Motion, Inc.)
Web Launch Recorder (HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\WebLaunchRecorder) (Version: 2.0 - )
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {033EC6EF-D60C-44F9-A8BF-5013283A7248} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA1d2587abc28a4a6 => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {087F68F7-C132-4310-9EE9-27D24CFE8ED1} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {0B2E76BB-2016-4B03-91C0-6C42D954A6F5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-17] (Dropbox, Inc.)
Task: {0B7B3ED7-513A-432C-AD71-BC07C9C32A97} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-17] (Dropbox, Inc.)
Task: {0C65352E-53D8-4B7D-A441-CE3712B05573} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {12BC0AE8-37EE-46F1-9C0A-A9BEE258CC28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {13D863AB-3093-472C-B0AD-0E5B77DD7A0B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {191C4972-F4DE-4FED-A12C-BB5121E8C9D8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {199738F4-BF19-40CA-9A96-1BB788D887CC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-14] (Adobe Systems Incorporated)
Task: {1F0E2F0D-488D-4229-9134-7FC2BA64BC33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {1F6808B2-08FD-4392-B127-5DDEF786A890} - System32\Tasks\{063A0F41-9B35-450D-A49B-B89A237A427F} => C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
Task: {24AF0F45-0C06-4A68-A941-81F1212CAE9A} - System32\Tasks\{3E6BB2CE-BD98-4E94-B6C5-116FE3E6625C} => C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
Task: {255DB6AB-232D-4152-AFB2-75767EB41DA1} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {26525853-27B4-4655-9285-735162100E05} - System32\Tasks\{D4F5AE6C-9830-4EC0-9E37-1A36ABAE145F} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {46E309A2-3E8A-4AF6-9E38-ECAD1C484248} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core1d2587abc07434f => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4DBFB210-0CBF-4922-959A-4EF6E9F77B88} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
Task: {756C9597-1CFD-4406-8290-A3D9C8B60F86} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-29] (Microsoft Corporation)
Task: {8D5EEB58-929C-4081-AEFE-E8DF4980F972} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {92057438-2CF3-4F54-B75B-D1D3920F4535} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {9AA6BC5F-CC27-4F32-9C23-92C17CC1F737} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {9E51DD61-2299-4564-B918-1DBB6AEAC8C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B3968090-B36F-4361-97E9-68130712E94D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {B613EB16-4984-4CBE-8CBA-DA7FA5FA48DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
Task: {C3543460-945B-4E23-9EED-FF31D9C4DC72} - System32\Tasks\{E35AD483-8B30-4C79-B0F9-5EA57C5A57E3} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {D05BC672-A2EB-4B52-BA71-E326BD7F76C8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {DCACE629-14B6-470E-ACEF-33FA4D4C97C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-14] (Adobe Systems Incorporated)
Task: {E09A24CF-42FB-4202-A728-DD2D1A7EDE60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E3E0647D-CDFD-4016-9EEF-322EAC1F9D6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {E7774606-2E3C-4D5E-BD6C-9EFE5231C110} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {EA028372-9F41-426E-8095-E43CF7D39A29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {EEC8E1CC-F031-460B-BB54-A190AE029F52} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-01-08 11:43 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-04 18:26 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-04 18:26 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-04 18:26 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-08 11:43 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-29 17:06 - 2016-09-29 17:06 - 00959168 _____ () C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-03-20 11:16 - 2016-12-28 17:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-30 00:54 - 2016-09-30 00:54 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 12:28 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 12:28 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 12:28 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 12:28 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 12:28 - 2016-12-21 06:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 12:28 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 12:28 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-24 08:16 - 2017-01-24 08:17 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-24 08:16 - 2017-01-24 08:17 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-24 08:16 - 2017-01-24 08:17 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-30 21:29 - 2016-12-30 21:31 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-12 10:13 - 2017-01-09 17:31 - 00075776 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2017-01-11 12:28 - 2016-12-21 06:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-01-11 12:28 - 2016-12-21 06:47 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2017-01-11 12:28 - 2016-12-21 06:47 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2016-07-16 11:43 - 2016-07-16 14:28 - 00040448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-07-16 11:43 - 2016-07-16 14:27 - 00813056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2016-07-16 11:43 - 2016-07-16 14:28 - 00963584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2016-07-16 11:43 - 2016-07-16 14:28 - 00249344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2016-07-16 11:43 - 2016-07-16 14:28 - 00572416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2016-07-16 11:43 - 2016-07-16 14:28 - 00403968 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2016-09-02 12:04 - 2016-09-02 12:05 - 02628920 _____ () C:\Users\admin\Desktop\U1603.exe
2016-11-01 14:09 - 2016-11-01 14:09 - 01523000 _____ () C:\Users\admin\Desktop\utmp\u.exe
2016-12-31 14:22 - 2016-12-08 08:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-31 14:22 - 2016-12-08 08:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-11-04 09:51 - 2016-10-08 16:59 - 01506304 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-11-04 09:51 - 2016-07-21 10:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2017-02-03 09:13 - 2017-01-30 14:12 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-02-03 09:13 - 2017-01-13 23:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-02-03 09:13 - 2017-01-13 23:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-02-03 09:13 - 2017-01-13 23:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-02-03 09:13 - 2017-01-13 23:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-02-03 09:13 - 2017-01-13 23:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-03 09:13 - 2017-01-13 23:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-03 09:13 - 2017-01-13 23:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-03 09:13 - 2017-01-13 23:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-02-03 09:13 - 2017-01-13 23:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-03 09:13 - 2017-01-13 23:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-03 09:13 - 2017-01-13 23:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-02-03 09:13 - 2017-01-13 23:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-02-03 09:13 - 2017-01-13 23:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-02-03 09:13 - 2017-01-13 23:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-03 09:13 - 2017-01-13 23:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-02-03 09:13 - 2017-01-13 23:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-02-03 09:13 - 2017-01-13 23:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-02-03 09:13 - 2017-01-13 23:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-02-03 09:13 - 2017-01-13 23:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-02-03 09:13 - 2017-01-13 23:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-02-03 09:13 - 2017-01-13 23:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-03 09:13 - 2017-01-13 23:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-02-03 09:13 - 2017-01-13 23:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-02-03 09:13 - 2017-01-13 23:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-03 09:13 - 2017-01-13 23:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-03 09:13 - 2017-01-13 23:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-03 09:13 - 2017-01-30 14:14 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-02-03 09:13 - 2016-12-05 20:15 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-02-03 09:13 - 2017-01-30 14:14 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-03 09:13 - 2017-01-14 00:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-03 09:13 - 2017-01-14 00:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-03 09:13 - 2017-01-30 14:14 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-02-03 09:13 - 2017-01-13 23:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-03 09:13 - 2017-01-30 14:14 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-10-29 14:14 - 2016-10-05 07:20 - 00443392 _____ () C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\OMLibrary.dll
2016-10-29 14:14 - 2016-10-05 07:20 - 00394752 _____ () C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\NBC.dll
2016-10-29 14:14 - 2016-05-11 08:49 - 00089600 _____ () C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\lzo2.dll
2016-11-04 10:24 - 2016-10-08 16:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-11-04 10:24 - 2016-07-21 10:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-02-04 19:15 - 2017-02-04 19:15 - 00098816 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32api.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00110080 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\pywintypes27.dll
2017-02-04 19:15 - 2017-02-04 19:15 - 00364544 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\pythoncom27.dll
2017-02-04 19:15 - 2017-02-04 19:15 - 00320512 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32com.shell.shell.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00914432 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\_hashlib.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 01176576 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\wx._core_.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00806400 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\wx._gdi_.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00816128 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\wx._windows_.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 01067008 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\wx._controls_.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00733184 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\wx._misc_.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00682496 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\pysqlite2._sqlite.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00088064 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\_ctypes.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00686080 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\unicodedata.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00119808 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32file.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00108544 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32security.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00007168 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\hashobjs_ext.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00017920 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\thumbnails_ext.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00088064 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\usb_ext.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00012800 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\common.time34.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00018432 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32event.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00167936 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32gui.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00046080 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\_socket.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 01303552 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\_ssl.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00128512 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\_elementtree.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00127488 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\pyexpat.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00038912 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32inet.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00036864 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\_psutil_windows.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00524248 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\windows._lib_cacheinvalidation.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00011264 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32crypt.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00123392 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\wx._wizard.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00077312 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\wx._html2.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00027648 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\_multiprocessing.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00020480 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\_yappi.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00035840 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32process.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00078848 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\wx._animate.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00024064 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32pipe.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00010240 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\select.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00025600 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32pdh.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00017408 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32profile.pyd
2017-02-04 19:15 - 2017-02-04 19:15 - 00022528 ____R () C:\Users\admin\AppData\Local\Temp\_MEI67442\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\google.com -> hxxps://accounts.google.com
IE trusted site: HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\sharepoint.com -> hxxps://testlivesalfordac.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2017-02-04 19:14 - 00002429 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0x3132372E302E302E31202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A0D0A2320756E636865636B795F626567696E0D0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B792070726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B795F656E640D0A

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "NUSB3MON"
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57"
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\StartupApproved\Run: => "iCloudDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{405A1CBC-EFF0-40F9-8BF0-02BBFCA4DA63}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\Miqus_Firmware\Miqus_1_00_019\QFI.exe
FirewallRules: [{ACE2C573-A8D7-42ED-8DC3-7C114F13E339}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\Miqus_Firmware\Miqus_1_00_019\QFI.exe
FirewallRules: [{46CD81B8-3CA3-446A-B21D-64AFE8EC381C}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\Oqus_Firmware\Oqus_1_13_025\QFI.exe
FirewallRules: [{0745543E-1262-4CE8-8EE9-41F7FFF9B11C}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\Oqus_Firmware\Oqus_1_13_025\QFI.exe
FirewallRules: [{39EF7CB9-C6A4-459D-94CF-F196F8E58ED2}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\QDS.exe
FirewallRules: [{007B2066-9CCE-4207-A6D2-62551BF61DEC}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\QDS.exe
FirewallRules: [{BE2FEDDC-140F-49A1-B4CE-08FA8D5941B8}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QTM.exe
FirewallRules: [{8B621D17-1851-463A-BDD0-0373E29E5167}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QTM.exe
FirewallRules: [{F00DAEDA-9601-4717-A7FD-BD329AF03BBD}] => C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2BBDE23F-C33B-4C1C-B6CB-859327346B5E}] => C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A7BA799C-158D-4F1C-849C-54F409403671}] => C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2C972204-2F80-4453-BD51-5FDDC0CC1A49}] => C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CBDD087A-2509-4AE0-8C3C-20A2A116B992}] => C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{05D6294C-E040-4DC6-8330-DA62DD5D2161}] => C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BA3DC010-EAD8-4B6F-BC60-A759A441AD1B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB873C64-A4A6-4227-8F92-25D833E4E8AF}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9FDA8C43-2359-4D21-B179-C7DE8809DAD2}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4E7D1B2-64A5-42DD-8E2D-5833C3369F69}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A6784AE0-0758-4B7D-A0CC-DF3F9533C4E6}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6BD64261-4537-4180-9188-8D52D25766AE}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A5919993-B357-4D8B-BF72-0065176EA87E}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{90C1C6F7-8E18-4CB9-B168-F6FC71700F52}C:\users\admin\appdata\roaming\bittorrent\updates\7.9.6_42095.exe] => C:\users\admin\appdata\roaming\bittorrent\updates\7.9.6_42095.exe
FirewallRules: [TCP Query User{B69278D0-BAAF-4D01-B748-BCA9B20A4627}C:\users\admin\appdata\roaming\bittorrent\updates\7.9.6_42095.exe] => C:\users\admin\appdata\roaming\bittorrent\updates\7.9.6_42095.exe
FirewallRules: [UDP Query User{8FDDF88C-0C1B-4FBB-A5DF-3912C0DFF9BE}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{3E208042-7CC4-4C3B-9C4F-F38C423A3CDD}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{D99A8C58-832C-4E40-BF4E-F80161780F4C}C:\users\admin\desktop\u1504.exe] => C:\users\admin\desktop\u1504.exe
FirewallRules: [TCP Query User{C5C9E84A-0846-4ABA-AEDD-17FF58F9FBA9}C:\users\admin\desktop\u1504.exe] => C:\users\admin\desktop\u1504.exe
FirewallRules: [UDP Query User{37A4A774-46C8-4CC5-8E26-98C86989899B}C:\users\admin\appdata\local\temp\temp2_u.zip\u1504.exe] => C:\users\admin\appdata\local\temp\temp2_u.zip\u1504.exe
FirewallRules: [TCP Query User{E82D9737-447E-45D5-A581-ADCBAA1259AE}C:\users\admin\appdata\local\temp\temp2_u.zip\u1504.exe] => C:\users\admin\appdata\local\temp\temp2_u.zip\u1504.exe
FirewallRules: [{DA3B0383-CD8F-477F-89F1-88A871CAEC38}] => C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.9.5_41713.exe
FirewallRules: [{EAD485FA-B4F6-408A-8DB5-08EF236551BA}] => C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.9.5_41713.exe
FirewallRules: [UDP Query User{28F5C1B4-9575-4299-88E2-FECEBFC6E8E3}C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
FirewallRules: [TCP Query User{7E8EABF0-44DE-4A64-BD1E-15436BEEC81A}C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
FirewallRules: [{5DC0FCAD-0A60-42A5-B39E-EDB4544059BC}] => C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.9.5_41713.exe
FirewallRules: [{021D5901-FA7B-4AA5-BD0B-6C359E9B8A2D}] => C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.9.5_41713.exe
FirewallRules: [UDP Query User{3B2D19C3-950D-4BC3-A974-20A4A34896DE}C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41713.exe
FirewallRules: [TCP Query User{EB9CCC71-30D4-4D32-A7F3-6B5432A619DF}C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => C:\users\admin\appdata\roaming\bittorrent\updates\7.9.5_41713.exe
FirewallRules: [{F27E1DFA-AC39-48A2-90DD-C70AD91932CD}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{02D3633F-245A-460F-A12F-66477E2B407E}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EC5B5E21-EEA4-4B13-9A0F-982C3DAE6035}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7EEE148F-428C-420C-923B-4647CD2F8B06}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{41182754-764E-42F7-B038-C349BA3BC621}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3064164E-A20D-41EE-8D6E-3B3BBED8EC5C}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E3031186-17B1-4FAA-89F3-8B0798B66089}] => LPort=1900
FirewallRules: [{87B7C276-6209-4EAE-90F5-8C036B000673}] => LPort=2869
FirewallRules: [{1F3CFD3E-C3AC-40F8-8D6F-452699C360B5}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CE4CAE57-0DFB-4D07-B6AF-C5CB244D4F0B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B33E406F-E833-4E06-A488-BCF0923A1284}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{242ADDA0-69C1-4882-AB7D-1003F0BEFA92}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{566AE3BC-650D-4F36-B3F2-E45E10648303}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D86B63CE-5FEA-4B3F-A070-BB3CDDA45E75}] => C:\Users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E81A3D57-1911-4942-B595-2481BF14B613}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{0C5FA3AD-D205-469B-82C8-6E8CB1EF0492}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{616C30D4-AD21-4853-ADF5-8D735ABA2A8C}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{EAC9C857-E2E6-412F-9503-90A3F855B738}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{D9D7880B-6CE3-474C-9A55-297D5E6123DF}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{F9C6B979-F9F9-4736-9891-82FF67832E87}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{CCFCAAC0-340A-42B9-A669-4E704BB4EF8B}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{CDAAF369-D93D-4915-BD0A-FB4109175D23}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [UDP Query User{1668F5F6-0978-4A8A-A754-6FE43EE6657F}C:\users\admin\appdata\roaming\spotify\spotify.exe] => C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F83C5337-0457-452A-A24D-4812009FA5FF}C:\users\admin\appdata\roaming\spotify\spotify.exe] => C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2B2C2FC8-160F-4443-B4B0-E0A3221342D7}C:\users\admin\appdata\roaming\spotify\spotify.exe] => C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{EB47B5F2-BEBC-42F1-9034-ED9F932E94A3}C:\users\admin\appdata\roaming\spotify\spotify.exe] => C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8BF7801A-7790-4A0F-9B58-658CD371A279}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E7DAC4B4-A4A5-4D64-9C82-DD941F6D9719}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F12CFC3D-6CDC-4F3B-B7B4-1D69B6723885}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{559F5A6D-B143-4C85-99CB-468057135901}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FE7968EC-ED7E-4B94-A254-BB3C579E55BC}] => LPort=139
FirewallRules: [TCP Query User{827FE4FA-D5FC-4B40-A45C-3DC61D91D1C0}C:\program files (x86)\spss 17\statistics.exe] => C:\program files (x86)\spss 17\statistics.exe
FirewallRules: [UDP Query User{32D14826-74EB-4A47-9150-6C05846D59C8}C:\program files (x86)\spss 17\statistics.exe] => C:\program files (x86)\spss 17\statistics.exe
FirewallRules: [TCP Query User{8894236E-F9DE-40BB-A439-BAD8ED37E334}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{52288698-5AF7-47A1-8E0A-198A76EF9335}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [{9B52836B-2D15-43A3-A830-614220702CE5}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QTM.exe
FirewallRules: [{35E14471-E5C2-48A3-837A-BEA3837C507E}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QTM.exe
FirewallRules: [{2F607119-691E-42AC-874C-300D4ABF7FCC}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\QDS.exe
FirewallRules: [{04A7AE2B-FAD7-4813-97A8-869F79C34BA2}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\QDS.exe
FirewallRules: [{08E4C386-0878-409B-A758-D9D2A7A177B1}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\Oqus_Firmware\Oqus_1_14_007\QFI.exe
FirewallRules: [{4FE3C6F1-6FFB-404E-AC34-0A6430EFF7DD}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\Oqus_Firmware\Oqus_1_14_007\QFI.exe
FirewallRules: [{43B97BBA-598C-40DE-856A-45DCCC370F5A}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\Miqus_Firmware\Miqus_1_01_004\QFI.exe
FirewallRules: [{9649A364-BE18-412D-9B19-B7EEDD5EF183}] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\Miqus_Firmware\Miqus_1_01_004\QFI.exe
FirewallRules: [{BCBABC78-98B0-4F0C-BB14-5FAD4D3CDF57}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E6153068-2091-4855-A26B-70B95A1BB8A6}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0D56CC82-80EF-4B88-BF94-B6DD0985B7FE}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BD18A57C-C43E-4E2D-A104-56A441DC1B66}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2C8F52EF-9073-421D-A01E-524422D89D10}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B1EB9E20-9B5A-4417-B4D2-C463392887DF}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

22-01-2017 12:54:05 Installed G*Power 3.1.9.2
30-01-2017 09:32:55 Installed Camtasia Studio 8

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2017 07:14:07 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/04/2017 06:58:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000035793
Faulting process id: 0xc44
Faulting application start time: 0x01d27f189536bea6
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8daad4f3-174c-42a0-9b1b-44009ce4f94f
Faulting package full name:
Faulting package-relative application ID:

Error: (02/04/2017 06:57:50 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/04/2017 06:49:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/04/2017 06:49:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: CHRISTHOMAS)
Description: App Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe+Microsoft.ZuneMusic did not launch within its allotted time.

Error: (02/04/2017 06:45:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/04/2017 06:40:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/04/2017 06:32:33 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/04/2017 06:30:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (02/04/2017 07:29:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/04/2017 07:14:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/04/2017 07:14:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uagqecsvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/04/2017 07:14:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the uagqecsvc service to connect.

Error: (02/04/2017 07:14:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/04/2017 07:12:16 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {B91D5831-B1BD-4608-8198-D72E155020F7} timed out waiting for the service UsoSvc to stop.

Error: (02/04/2017 07:10:54 PM) (Source: DCOM) (EventID: 10010) (User: CHRISTHOMAS)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
Date: 2017-02-04 19:24:28.923
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-04 19:24:28.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-04 19:21:39.085
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-04 19:21:39.072
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-04 19:21:38.830
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-04 19:21:38.558
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-04 19:21:38.316
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-04 18:45:54.529
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-04 18:45:54.513
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-30 16:03:18.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 58%
Total physical RAM: 4046.35 MB
Available physical RAM: 1675.03 MB
Total Virtual: 6862.35 MB
Available Virtual: 4025.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.5 GB) (Free:178.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6A6731BE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=507 MB) - (Type=27)

==================== End of Addition.txt ============================

AdvancedSetup · February 5, 2017

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 02

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

Right-click on icon and select Run as Administrator to start the tool.
Accept the Terms of use.
Wait until the database is updated.
Click Scan.
When finished, please click Clean.
Your PC should reboot now.
After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View Log file (bottom left-hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program
If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens, click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
Please attach the Additions.txt log to your reply as well.

Thanks

christ1986 · February 5, 2017

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by admin (Administrator) on 05/02/2017 at 8:52:22.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 2

Successfully deleted: C:\Users\admin\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67} (Empty Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\SXJVXMRYODXGIOSL (Task)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/02/2017 at 8:59:29.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adwcleaner

# AdwCleaner v6.042 - Logfile created 05/02/2017 at 09:07:01
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Local]
# Operating System : Windows 10 Pro (X64)
# Username : admin - CHRISTHOMAS
# Running from : C:\Users\admin\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\Common Files\freemake shared

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

[-] Task deleted: Rerlaply
[-] Task deleted: SXJVXMRYODXGIOSL
[-] Task deleted: Zutykenb
[-] Task deleted: {3B2335E8-805F-4B6D-9A2D-426160A3578E}

***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\TrustedStart
[#] Key deleted on reboot: HKCU\Software\TrustedStart
[#] Key deleted on reboot: [x64] HKCU\Software\TrustedStart

***** [ Web browsers ] *****

[-] [C:\Users\admin\AppData\Local\Comodo\Chromodo\User Data\Default\Web data] [Search Provider] Deleted: uk.yahoo.com
[-] [C:\Users\admin\AppData\Local\Comodo\Chromodo\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1408 Bytes] - [05/02/2017 09:07:01]
C:\AdwCleaner\AdwCleaner[S0].txt - [1583 Bytes] - [05/02/2017 09:06:24]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1554 Bytes] ##########

Sophos - No threats were found

I have attached FRST and Addition.

Thank you

FRST.txt

Addition.txt

AdvancedSetup · February 6, 2017

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

christ1986 · February 7, 2017

Great, thank you.

Fixlog.txt is attached

Fixlog.txt

AdvancedSetup · February 7, 2017

How is the computer running now?

christ1986 · February 7, 2017

Yeah, seems to be fine!

Thank you for all the help

AdvancedSetup · February 7, 2017

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

Download Delfix from here and save it to your desktop. (you may already have this)

Ensure Remove disinfection tools is checked.
Click the Run button.
Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

christ1986 · February 11, 2017

Hi,

Laptop is still a bit slow. Just ran Malwarebytes scan and there were 40 threats found.

AdvancedSetup · February 14, 2017

Sorry to hear, okay. Let me get a fresh set of FRST logs please.

christ1986 · February 14, 2017

Great, thank you. I have pasted the FRST & Addition.

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2017
Ran by admin (administrator) on CHRISTHOMAS (14-02-2017 08:09:01)
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Spotify Ltd) C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Qualisys AB) C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\QDS.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-30] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-18] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (iSkySoft)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [QDS] => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\QDS.exe [851968 2016-10-05] (Qualisys AB)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [Google Update] => C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-04] (Spotify Ltd)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [f.lux] => C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [0QtmShellExtension] -> {AAAAC112-3CA7-11D6-B2B7-000102D90238} => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\x64\ProjectShellExtension.dll [2016-07-15] (Qualisys AB)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [0QtmShellExtension] -> {AAAAC102-3CA7-11D6-B2B7-000102D90238} => C:\Program Files (x86)\Qualisys\Qualisys Track Manager\ProjectShellExtension.dll [2016-07-15] (Qualisys AB)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 146.87.174.123 146.87.174.122 146.87.174.121 146.87.174.120
Tcpip\..\Interfaces\{23f78ea8-39df-45e2-94cc-9220b0f1c01d}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{23f78ea8-39df-45e2-94cc-9220b0f1c01d}: [DhcpNameServer] 146.87.174.123 146.87.174.122 146.87.174.121 146.87.174.120
Tcpip\..\Interfaces\{cadabcc7-a90e-4e5c-9d81-a91aba4112f2}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130944121275451591&GUID=D0E5267B-FB82-43E1-BFD1-8C7953BE6032
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} hxxps://uos-portal.salford.ac.uk/InternalSite/WhlCompMgr.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Handler: WSISVCUchrome - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rcq1mxie.default-1467541637927 [2017-02-07]
FF Extension: (No Name) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi\ [not found]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @citrixonline.com/appdetectorplugin -> C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @talk.google.com/O1DPlugin -> C:\Users\admin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @tools.google.com/Google Update;version=3 -> C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @tools.google.com/Google Update;version=9 -> C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-04-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=502468&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=502468&fr=yo-yhp-ch"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2017-02-14]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-10-25]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-08]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2016-06-08]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2016-09-03]
CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2016-12-11]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-01]
CHR Extension: (Google Keep - notes and lists) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-02-14]
CHR Extension: (Pocket) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-12-19]
CHR Extension: (Save to Pocket) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-08]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\admin\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-03]
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [619328 2013-06-29] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated)
S2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [169280 2013-04-02] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-30] (RaMMicHaeL)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [468752 2014-07-28] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-11] (Malwarebytes)
R1 MpKsl3861a99c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE2C329B-006B-4A9E-9C36-3CD8968E1288}\MpKsl3861a99c.sys [44928 2017-02-11] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 SNP2UVC; C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2665496 2016-01-15] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-07-09] (Zemana Ltd.)
S1 CBUL32; System32\drivers\CBUL32.SYS [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-14 08:09 - 2017-02-14 08:11 - 00028036 _____ C:\Users\admin\Downloads\FRST.txt
2017-02-14 08:08 - 2017-02-14 08:09 - 00000000 ____D C:\FRST
2017-02-14 08:05 - 2017-02-14 08:08 - 02422272 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2017-02-13 12:06 - 2017-02-13 12:07 - 04868477 _____ C:\Users\admin\Downloads\Correlations_between_attacking_agility_d (2).pdf
2017-02-13 12:06 - 2017-02-13 12:07 - 04868477 _____ C:\Users\admin\Downloads\Correlations_between_attacking_agility_d (1).pdf
2017-02-13 11:14 - 2017-02-13 11:14 - 00811833 _____ C:\Users\admin\Downloads\Countermovement Jump Phase Characteristics of Senior and Academy Rugby League Players %28Accepted%29.pdf
2017-02-13 11:06 - 2017-02-13 11:06 - 01037202 _____ C:\Users\admin\Downloads\lecture_2_dynamics_pt_1.pdf
2017-02-11 18:15 - 2017-02-11 18:15 - 00676124 _____ C:\Users\admin\Downloads\s1-ln25569937-274581469-1939656818Hwf-713697288IdV17434910125569937PDF_HI0001 (1).pdf
2017-02-11 18:14 - 2017-02-11 18:14 - 00676124 _____ C:\Users\admin\Downloads\s1-ln25569937-274581469-1939656818Hwf-713697288IdV17434910125569937PDF_HI0001.pdf
2017-02-11 17:56 - 2017-02-11 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-11 17:48 - 2017-02-11 17:48 - 00983895 _____ C:\Users\admin\Downloads\JSCR-08-8724 (1).pdf
2017-02-07 04:38 - 2017-02-07 04:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-07 04:38 - 2017-02-07 04:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-07 04:38 - 2017-02-07 04:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-07 04:38 - 2017-02-07 04:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-04 18:28 - 2017-02-05 09:01 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-04 18:27 - 2017-02-13 12:30 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-04 18:27 - 2017-02-11 18:57 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-04 18:27 - 2017-02-11 18:57 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-04 18:27 - 2017-02-11 18:57 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-04 18:27 - 2017-02-04 18:27 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-04 18:27 - 2017-02-04 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-04 18:26 - 2017-02-04 18:26 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-04 18:26 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-04 17:26 - 2017-02-04 18:26 - 00000000 ____D C:\Users\admin\AppData\LocalLow\BitTorrent
2017-02-02 11:55 - 2017-02-02 11:55 - 02002621 _____ C:\Users\admin\Downloads\fulltext513.pdf
2017-02-02 11:52 - 2017-02-02 11:52 - 00776192 _____ C:\Users\admin\Downloads\Agility_training_in_young_elite_soccer_players_Pro.pdf
2017-02-02 11:51 - 2017-02-02 11:51 - 00357580 _____ C:\Users\admin\Downloads\00124278-201603000-00030.pdf
2017-01-31 19:24 - 2017-01-31 19:24 - 01133362 _____ C:\Users\admin\Downloads\00126548-201702000-00005.pdf
2017-01-30 15:58 - 2017-01-30 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic v2.0
2017-01-30 15:58 - 2017-01-30 15:58 - 00000000 ____D C:\Program Files (x86)\Screencast-O-Matic
2017-01-30 15:56 - 2017-01-30 16:00 - 00000000 ____D C:\Users\admin\AppData\Local\Screencast-O-Matic-v2
2017-01-30 15:56 - 2017-01-30 15:56 - 00000000 ____D C:\Users\admin\Documents\Screencast-O-Matic
2017-01-30 15:55 - 2017-01-30 15:59 - 17956136 _____ C:\Users\admin\Downloads\InstallScreencastOMatic-2.0.exe
2017-01-30 15:55 - 2017-01-30 15:55 - 00000000 ____D C:\Users\admin\AppData\Local\WebLaunchRecorder
2017-01-30 15:54 - 2017-01-30 15:55 - 00347584 _____ (Big Nerd Software, LLC) C:\Users\admin\Downloads\WebLaunchRecorder.exe
2017-01-30 15:16 - 2017-01-30 15:16 - 00000000 ____D C:\Users\admin\Documents\My CamStudio Videos
2017-01-30 15:15 - 2017-01-30 15:16 - 00000000 ____D C:\Users\admin\Documents\My CamStudio Temp Files
2017-01-30 15:15 - 2017-01-30 15:15 - 00000096 _____ C:\Users\admin\AppData\Roaming\version2.xml
2017-01-30 13:52 - 2017-01-30 13:53 - 00058263 _____ C:\Users\admin\Documents\Copy of RESULTS COMPARISON JAN 17 v3.xlsx
2017-01-30 13:46 - 2017-01-30 13:48 - 00063352 _____ C:\Users\admin\Documents\Copy of RESULTS COMPARISON JAN 17 v2.xlsx
2017-01-30 09:46 - 2017-01-30 09:46 - 00000000 ____D C:\Users\admin\Documents\Camtasia Studio
2017-01-30 09:45 - 2017-01-30 09:45 - 00000000 ____D C:\Users\admin\AppData\Local\TechSmith
2017-01-29 19:39 - 2017-01-29 19:39 - 00149913 _____ C:\Users\admin\Downloads\Instructions_for_Authors.pdf
2017-01-29 18:52 - 2017-01-29 18:52 - 00011461 _____ C:\Users\admin\Downloads\table.csv
2017-01-29 18:50 - 2017-01-29 18:50 - 00190894 _____ C:\Users\admin\Downloads\1-s2.0-S0268003316301061-main.pdf
2017-01-29 18:49 - 2017-01-29 18:50 - 00129753 _____ C:\Users\admin\Downloads\1-s2.0-S026800331630105X-main.pdf
2017-01-29 17:30 - 2017-01-29 17:30 - 00327898 _____ C:\Users\admin\Downloads\Hewett TE and Johnson - Orthopedics December 2009 - ACL Prevention Progra.pdf
2017-01-29 17:27 - 2017-01-29 17:27 - 00478989 _____ C:\Users\admin\Downloads\Bakker_et_al-2017-Journal_of_Orthopaedic_Research.pdf
2017-01-29 17:24 - 2017-01-29 17:24 - 00481347 _____ C:\Users\admin\Downloads\jor23523.pdf
2017-01-26 16:42 - 2017-01-26 16:42 - 00000279 _____ C:\Users\admin\Downloads\scholar (55).enw
2017-01-26 10:04 - 2017-01-26 10:04 - 00983895 _____ C:\Users\admin\Downloads\JSCR-08-8724.pdf
2017-01-25 16:52 - 2017-01-25 16:52 - 00000490 _____ C:\Users\admin\Downloads\scholar (54).enw
2017-01-25 13:11 - 2017-01-25 13:11 - 00019248 _____ C:\Users\admin\Downloads\MDPI.ens
2017-01-25 13:01 - 2017-01-25 13:01 - 00301668 _____ C:\Users\admin\Downloads\sports-174518-peer-review.pdf
2017-01-25 10:33 - 2016-12-21 07:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 10:33 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 10:20 - 2017-01-25 10:20 - 00557592 _____ C:\Users\admin\Documents\Effect of sagittal plane mechanics on ACL strain during jump landing (Bakker et al., 2016).pdf
2017-01-25 10:19 - 2017-01-25 10:19 - 00557847 _____ C:\Users\admin\Downloads\Bakker_et_al-2016-Journal_of_Orthopaedic_Research.pdf
2017-01-24 20:16 - 2017-01-24 20:16 - 00373077 _____ C:\Users\admin\Documents\Incidence of Second ACL Injuries 2 Years After Primary ACL Reconstruction and Return to Sport (Paterno et al., 2014).pdf
2017-01-24 20:16 - 2017-01-24 20:16 - 00369831 _____ C:\Users\admin\Downloads\0363546514530088.pdf
2017-01-24 20:15 - 2017-01-24 20:15 - 00264641 _____ C:\Users\admin\Documents\Strength Asymmetry and Landing Mechanics at Return to Sport after Anterior Cruciate Ligament Reconstruction (Schmitt et al., 2015).pdf
2017-01-24 20:14 - 2017-01-24 20:14 - 00270668 _____ C:\Users\admin\Downloads\Strength_Asymmetry_and_Landing_Mechanics_at_Return.13.pdf
2017-01-24 20:12 - 2017-01-24 20:12 - 00289801 _____ C:\Users\admin\Documents\Young Athletes With Quadriceps Femoris Strength Asymmetry at Return to Sport After Anterior Cruciate Ligament Reconstruction Demonstrate Asymmetric Single-Leg Drop-Landing Mechanics (Ithurburn et al., 2015).pdf
2017-01-24 20:12 - 2017-01-24 20:12 - 00285851 _____ C:\Users\admin\Downloads\0363546515602016.pdf
2017-01-24 20:09 - 2017-01-24 20:09 - 00224679 _____ C:\Users\admin\Documents\A 'plane' explanation of anterior cruciate ligament injury mechanisms - a systematic review (Quatman et al., 2010).pdf
2017-01-24 20:08 - 2017-01-24 20:08 - 00224880 _____ C:\Users\admin\Downloads\art%3A10.2165%2F11534950-000000000-00000.pdf
2017-01-24 20:05 - 2017-01-24 20:05 - 00384137 _____ C:\Users\admin\Downloads\0363546512459638.pdf
2017-01-24 20:05 - 2017-01-24 20:05 - 00376843 _____ C:\Users\admin\Documents\Current concepts for injury prevention in athletes after anterior cruciate ligament reconstruction (Hewett et al., 2013).pdf
2017-01-24 20:04 - 2017-01-24 20:04 - 01097845 _____ C:\Users\admin\Downloads\nihms444682.pdf
2017-01-24 20:03 - 2017-01-24 20:04 - 00565625 _____ C:\Users\admin\Documents\Critical components of neuromuscular training to reduce ACL injury risk in female athletes - meta-regression analysis (Sugimoto et al., 2016).pdf
2017-01-24 20:03 - 2017-01-24 20:03 - 00563238 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Sugimoto-1259-66 (1).pdf
2017-01-24 20:01 - 2017-01-24 20:01 - 00469395 _____ C:\Users\admin\Documents\Preventive Neuromuscular Training for Young Female Athletes - Comparison of Coach and Athlete Compliance Rates (Sugimoto et al., 2016).pdf
2017-01-24 20:00 - 2017-01-24 20:00 - 00466173 _____ C:\Users\admin\Downloads\1062-6050-51%2E12%2E20 (1).pdf
2017-01-24 20:00 - 2017-01-24 20:00 - 00414915 _____ C:\Users\admin\Documents\Compliance With Neuromuscular Training and Anterior Cruciate Ligament Injury Risk Reduction in Female Athletes - A Meta-Analysis (Sugimoto et al., 2012).pdf
2017-01-24 19:59 - 2017-01-24 19:59 - 00413648 _____ C:\Users\admin\Downloads\1062-6050-47%2E6%2E10.pdf
2017-01-24 16:16 - 2017-01-24 16:16 - 00391450 _____ C:\Users\admin\Downloads\2016-Commonwealth-Youth-Weightlifting-Championships.pdf
2017-01-24 16:16 - 2017-01-24 16:16 - 00040747 _____ C:\Users\admin\Downloads\Welsh20Open20201620final20positions.xlsx
2017-01-23 09:43 - 2017-01-25 18:17 - 00013408 _____ C:\Users\admin\Documents\NSCA 23-01-17.xlsx
2017-01-22 20:58 - 2017-01-22 20:58 - 00353290 _____ C:\Users\admin\Downloads\1-s2.0-S2095254616300850-main.pdf
2017-01-22 20:57 - 2017-01-22 20:57 - 00466173 _____ C:\Users\admin\Downloads\1062-6050-51%2E12%2E20.pdf
2017-01-22 20:56 - 2017-01-22 20:56 - 00491272 _____ C:\Users\admin\Downloads\1-s2.0-S2095254617300066-main.pdf
2017-01-22 20:46 - 2017-01-22 20:46 - 00131381 _____ C:\Users\admin\Downloads\Rapid_Hamstring_Quadriceps_Force_Capacity_in_Male.29.pdf
2017-01-22 19:46 - 2017-01-22 19:46 - 01009781 _____ C:\Users\admin\Downloads\1062-6050-49%2E5%2E09.pdf
2017-01-22 19:46 - 2017-01-22 19:46 - 00056119 _____ C:\Users\admin\Downloads\1062-6050-51%2E1%2E04.pdf
2017-01-22 19:45 - 2017-01-22 19:45 - 00067212 _____ C:\Users\admin\Downloads\1062-6050-51%2E12%2E14.pdf
2017-01-22 18:20 - 2017-01-22 18:20 - 00616840 _____ C:\Users\admin\Downloads\art%3A10.1007%2Fs40279-015-0453-1.pdf
2017-01-22 18:19 - 2017-01-22 18:19 - 00334127 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-McCunn-1354 (2).pdf
2017-01-22 18:18 - 2017-01-22 18:18 - 00336233 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1354 (3).pdf
2017-01-22 18:18 - 2017-01-22 18:18 - 00336233 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1354 (2).pdf
2017-01-22 18:18 - 2017-01-22 18:18 - 00336233 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1354 (1).pdf
2017-01-22 18:05 - 2017-01-22 18:05 - 01004539 _____ C:\Users\admin\Downloads\BJSM Whiteley Screening and Likelihood Ratio Infographic.pdf
2017-01-22 17:27 - 2017-01-22 17:27 - 00236810 _____ C:\Users\admin\Downloads\kwh101.pdf
2017-01-22 17:06 - 2017-01-22 17:06 - 00002197 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-01-22 17:06 - 2017-01-22 17:06 - 00000000 ____D C:\Users\admin\AppData\Local\FluxSoftware
2017-01-22 17:05 - 2017-01-22 17:05 - 00496896 _____ C:\Users\admin\Downloads\flux-setup.exe
2017-01-22 16:49 - 2017-01-23 08:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SunsetScreen
2017-01-22 16:49 - 2017-01-22 16:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\SunsetScreen_prefs
2017-01-22 16:48 - 2017-01-22 16:49 - 00901032 _____ (Skytopia) C:\Users\admin\Downloads\SunsetScreen_Setup.exe
2017-01-22 15:08 - 2017-01-22 15:08 - 00033280 _____ C:\Users\admin\Downloads\EffectSizeCalculator.xls
2017-01-22 14:42 - 2017-01-22 14:42 - 00228167 _____ C:\Users\admin\Downloads\Maxwell_Kelley_Rausch_2008.pdf
2017-01-22 14:41 - 2017-01-22 14:41 - 00460658 _____ C:\Users\admin\Downloads\_8ddd3dc84f4a3d638df34eda3e7a516c_5.2-SLIDES-Sample-Size-Justification.pdf
2017-01-22 14:30 - 2017-01-22 14:30 - 00464470 _____ C:\Users\admin\Downloads\_8cd43521115e600e137889457dfabb2a_5.1-Confidence-Intervals-and-Capture-Percentages.pdf
2017-01-22 14:15 - 2017-01-22 14:15 - 00581096 _____ C:\Users\admin\Downloads\jssm-15-715.pdf
2017-01-22 13:59 - 2017-01-22 13:59 - 00050790 _____ C:\Users\admin\Downloads\Calculating_Effect_Sizes.xlsx
2017-01-22 13:55 - 2017-01-22 13:55 - 00237768 _____ C:\Users\admin\Downloads\_cd2aa2f2be9b4897e8de6f9c25b5d07f_4.1-Effect-Sizes-Cohens-d-and-r.pdf
2017-01-22 13:54 - 2017-01-22 13:54 - 00008743 _____ C:\Users\admin\Downloads\subtitle.txt
2017-01-22 13:24 - 2017-01-22 13:24 - 02994557 _____ C:\Users\admin\Downloads\GPowerManual.pdf
2017-01-22 13:24 - 2017-01-22 13:24 - 00481415 _____ C:\Users\admin\Downloads\GPowerShortTutorial.pdf
2017-01-22 13:03 - 2017-01-22 13:03 - 00073286 _____ C:\Users\admin\Downloads\_ff91a0257c7889ca00ba831b5b8cb877_3.1-The-Positive-Predictive-Value.pdf
2017-01-22 12:55 - 2017-01-22 12:55 - 00002599 _____ C:\Users\Public\Desktop\GPower 3.1.lnk
2017-01-22 12:55 - 2017-01-22 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPower
2017-01-22 12:55 - 2017-01-22 12:55 - 00000000 ____D C:\Program Files (x86)\GPower 3.1
2017-01-22 11:17 - 2017-01-22 11:17 - 00249381 _____ C:\Users\admin\Downloads\abdi-Holm2010-pretty.pdf
2017-01-22 11:01 - 2017-01-22 11:01 - 00925375 _____ C:\Users\admin\Downloads\_8ddd3dc84f4a3d638df34eda3e7a516c_3.1-SLIDES-Type-1-error-control.pdf
2017-01-22 10:57 - 2017-01-22 10:58 - 00518419 _____ C:\Users\admin\Downloads\_7cfd993002fce13489f6ea0c6e8d23d6_2.2-Bayesian-Statistics.pdf
2017-01-20 16:05 - 2017-01-20 16:05 - 00329602 _____ C:\Users\admin\Downloads\jab%2E2014-0137.pdf
2017-01-20 16:00 - 2017-01-20 16:00 - 00052521 _____ C:\Users\admin\Downloads\0363546516651042.pdf
2017-01-20 15:58 - 2017-01-20 15:58 - 00334127 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-McCunn-1354.pdf
2017-01-20 15:58 - 2017-01-20 15:58 - 00334127 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-McCunn-1354 (1).pdf
2017-01-20 15:54 - 2017-01-20 15:54 - 00396331 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1353-4 (1).pdf
2017-01-20 15:53 - 2017-01-20 15:53 - 00343830 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Hewett-1353.pdf
2017-01-20 15:52 - 2017-01-20 15:52 - 00396331 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1353-4.pdf
2017-01-20 15:52 - 2017-01-20 15:52 - 00336234 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-1354.pdf
2017-01-20 15:50 - 2017-01-20 15:50 - 00604724 _____ C:\Users\admin\Downloads\Br J Sports Med-2016-Bahr-776-80.pdf
2017-01-20 11:00 - 2017-01-20 11:00 - 00437632 _____ C:\Users\admin\Downloads\10.1177_1941738114535184.pdf
2017-01-20 09:32 - 2017-01-20 09:33 - 00214804 _____ C:\Users\admin\Downloads\ijspp%2E2016-0034.pdf
2017-01-19 17:27 - 2017-01-19 17:27 - 00175377 _____ C:\Users\admin\Downloads\00124278-201201000-00020.pdf
2017-01-19 17:26 - 2017-01-19 17:26 - 00153054 _____ C:\Users\admin\Downloads\00124278-200910000-00026.pdf
2017-01-19 17:09 - 2017-01-19 17:09 - 00171288 _____ C:\Users\admin\Downloads\5245-14971-1-PB.pdf
2017-01-19 16:43 - 2017-01-19 16:43 - 00611686 _____ C:\Users\admin\Downloads\s1-ln25294159-1766714720-1939656818Hwf-1128683165IdV129856103425294159PDF_HI0001.pdf
2017-01-19 14:51 - 2017-01-19 14:51 - 01536473 _____ C:\Users\admin\Downloads\JSCR-S-17-00086.pdf
2017-01-19 14:51 - 2017-01-19 14:51 - 01536473 _____ C:\Users\admin\Downloads\JSCR-S-17-00086 (1).pdf
2017-01-19 14:23 - 2017-01-19 14:23 - 00061037 _____ C:\Users\admin\Downloads\Tips_for_Writing.pdf
2017-01-19 14:05 - 2017-01-19 14:05 - 00000251 _____ C:\Users\admin\Downloads\sports-v05-i01_20170119.enw
2017-01-19 13:53 - 2017-01-19 13:53 - 00545119 _____ C:\Users\admin\Downloads\Johnston et al_2014_The influence of physical qualities on post-match fatigue in rugby league players_JSMS.pdf
2017-01-19 10:32 - 2017-01-19 10:34 - 20449270 _____ C:\Users\admin\Downloads\The Real Meal Revolution by Tim Noakes.pdf
2017-01-19 10:25 - 2017-01-19 10:25 - 09985464 _____ C:\Users\admin\Downloads\Biomechanics for Dummies.pdf
2017-01-19 09:54 - 2017-01-19 09:54 - 01318161 _____ C:\Users\admin\Downloads\sports-05-00008.pdf
2017-01-19 09:23 - 2017-01-19 09:23 - 00000049 _____ C:\Users\admin\Documents\Request - Biomechanics for Dummies by Steve McCaw.txt
2017-01-17 20:04 - 2017-01-17 20:04 - 01333248 _____ C:\Users\admin\Downloads\Force & Power Assessment Lecture (R1).ppt
2017-01-17 20:04 - 2017-01-17 20:04 - 00452435 _____ C:\Users\admin\Downloads\An Evaluation of a Strength Qualities Assessment Method for the Lower Body.pdf
2017-01-17 19:58 - 2017-01-17 19:58 - 01096305 _____ C:\Users\admin\Downloads\Essentials of Strength Training and Conditioning 4th Edition-487-490.pdf
2017-01-17 11:10 - 2017-01-17 11:10 - 00000087 _____ C:\Users\admin\Documents\Request - The Real Meal Revolution - The Radical, Sustainable Approach to Healthy Eating.txt
2017-01-17 09:24 - 2017-01-19 15:24 - 00066313 _____ C:\Users\admin\Desktop\Netball Hop & Leap December 2016.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-14 08:11 - 2016-07-09 17:44 - 00273001 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-14 07:57 - 2015-10-03 16:48 - 00000000 ___RD C:\Users\admin\Google Drive
2017-02-14 07:57 - 2013-06-28 20:13 - 00000000 ___RD C:\Users\admin\Dropbox
2017-02-14 07:56 - 2016-06-04 08:50 - 00000000 ____D C:\ProgramData\MCShield
2017-02-13 13:15 - 2016-09-29 16:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-13 13:05 - 2014-08-13 08:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Spotify
2017-02-13 12:54 - 2014-01-13 10:28 - 00000000 ____D C:\Users\admin\AppData\Local\Packages
2017-02-13 12:22 - 2016-09-27 19:02 - 00000000 ____D C:\Users\admin\Documents\Qualisys
2017-02-13 12:22 - 2016-09-27 19:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\Qualisys
2017-02-13 11:49 - 2014-08-13 09:00 - 00000000 ____D C:\Users\admin\AppData\Local\Spotify
2017-02-12 21:00 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-11 19:10 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-11 18:56 - 2016-09-29 16:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-11 18:55 - 2016-07-16 06:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-11 18:33 - 2016-06-08 21:05 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-11 18:33 - 2016-06-08 21:05 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-11 17:58 - 2015-09-08 17:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-05 10:12 - 2013-09-28 18:01 - 00000600 _____ C:\Users\admin\PUTTY.RND
2017-02-05 09:10 - 2016-11-01 14:09 - 00000000 ____D C:\Users\admin\Desktop\utmp
2017-02-04 18:26 - 2016-06-04 08:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-02-04 18:26 - 2015-12-15 06:21 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-02-04 18:26 - 2014-01-15 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-03 09:13 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-03 09:09 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-30 15:25 - 2016-09-29 16:11 - 00000000 ____D C:\Users\admin
2017-01-30 15:25 - 2016-02-04 09:59 - 00000000 ____D C:\ProgramData\TechSmith
2017-01-30 15:17 - 2014-04-23 12:57 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2017-01-30 13:33 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 08:29 - 2014-01-13 10:28 - 00000000 ____D C:\ProgramData\InstallMate
2017-01-22 11:13 - 2015-11-19 21:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 08:56 - 2016-09-29 16:10 - 01153402 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-18 08:49 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-17 15:11 - 2013-06-27 03:43 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2017-01-16 13:37 - 2016-06-07 15:19 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-16 13:37 - 2012-08-19 02:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-15 13:37 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2017-01-30 15:15 - 2017-01-30 15:15 - 0000096 _____ () C:\Users\admin\AppData\Roaming\version2.xml
2013-11-03 15:47 - 2014-01-15 10:00 - 0000113 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2013-12-31 16:04 - 2014-01-03 10:31 - 0000005 _____ () C:\Users\admin\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-11-03 15:47 - 2014-01-15 10:00 - 0000005 _____ () C:\Users\admin\AppData\Roaming\WBPU-TTL.DAT
2014-04-21 10:50 - 2014-10-05 17:24 - 0007168 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-19 19:13 - 2012-12-19 19:13 - 0010275 _____ () C:\ProgramData\regid.1995-04.com.kistler_2B134736-2DB6-488E-BB15-FC19631EE635.swidtag
2014-01-10 20:51 - 2014-01-10 20:51 - 0010260 _____ () C:\ProgramData\regid.1995-04.com.kistler_FE724B72-8B8B-4B49-85FE-24AC4E84CC09.swidtag

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-13 11:23

==================== End of FRST.txt ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2017
Ran by admin (14-02-2017 08:13:07)
Running from C:\Users\admin\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-29 16:48:17)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

admin (S-1-5-21-3515164915-2860861682-270758949-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3515164915-2860861682-270758949-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515164915-2860861682-270758949-503 - Limited - Disabled)
Guest (S-1-5-21-3515164915-2860861682-270758949-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3515164915-2860861682-270758949-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{935D195D-0E7A-3D63-5B66-70E6D13E6C03}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
Ballistic Measurement System (HKLM-x32\...\Ballistic Measurement System_is1) (Version: 2015.0.0 - Innervations)
BitTorrent (HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
Catapult Sprint 5.1.7 (HKLM-x32\...\Catapult Sprint_is1) (Version: - Catapult Sports Pty. Ltd.)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.2.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.1.7212 - Thomson Reuters)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
f.lux (HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Flux) (Version: - )
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
G*Power 3.1.9.2 (HKLM-x32\...\{F9C59D86-6F65-4EDB-89A2-FBA1F78762D2}) (Version: 3.1.92 - Franz Faul, Uni Kiel, Germany)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
InstaCal for Windows (HKLM-x32\...\{7C1C5FCD-56F9-4A6F-B46F-83F2A31BCD12}) (Version: 6.25 - Measurement Computing Corporation)
iSkysoft Helper Compact 2.5.2 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Kistler BioWare (HKLM-x32\...\{2292FBF0-F58C-4742-B96D-BDE135A2663D}) (Version: 5.2.3.5 - Kistler Instrument Group)
Kistler DataServer (HKLM-x32\...\{0479EFA6-278B-4031-9004-BFEF8EEE3415}) (Version: 1.3.0.2002 - Kistler Instrument Group)
Kistler DataServer (HKLM-x32\...\{3F5397A3-54F9-4714-B8F9-1EAEA4A838B9}) (Version: 1.4.0.2150 - Kistler Instrument Group)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM-x32\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version: - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Qualisys Track Manager (HKLM-x32\...\{F848E102-F782-493C-B526-BDE686D69DEA}_is1) (Version: 2.14.3090 - Qualisys AB)
Qualys BrowserCheck (HKLM-x32\...\{80112B33-B9C0-424C-8C9C-7684C238325E}) (Version: 1.1.1 - Qualys)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2.0 - Screencast-O-Matic)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Spotify (HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
SPSS 17 (HKLM-x32\...\SPSS 17) (Version: - Rainbow Hacks)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
Visual3D v5 Educational Textbook Version (HKLM-x32\...\{C27B0E0C-87A7-4723-94A3-0C43F79F1582}_is1) (Version: 5.00.26 - C-Motion, Inc.)
Visual3D v6 x64 (HKLM\...\{E8F7EAED-9DAD-4FA1-B420-9C6D00256FB7}}_is1) (Version: 6.00.27 - C-Motion, Inc.)
Web Launch Recorder (HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\WebLaunchRecorder) (Version: 2.0 - )
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {033EC6EF-D60C-44F9-A8BF-5013283A7248} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA1d2587abc28a4a6 => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {087F68F7-C132-4310-9EE9-27D24CFE8ED1} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {0B2E76BB-2016-4B03-91C0-6C42D954A6F5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-17] (Dropbox, Inc.)
Task: {0B7B3ED7-513A-432C-AD71-BC07C9C32A97} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-17] (Dropbox, Inc.)
Task: {0C65352E-53D8-4B7D-A441-CE3712B05573} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {12BC0AE8-37EE-46F1-9C0A-A9BEE258CC28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {13D863AB-3093-472C-B0AD-0E5B77DD7A0B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {1422D0C4-2CCC-476D-9C8E-DF67A29EBD49} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-29] (Microsoft Corporation)
Task: {191C4972-F4DE-4FED-A12C-BB5121E8C9D8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {199738F4-BF19-40CA-9A96-1BB788D887CC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-14] (Adobe Systems Incorporated)
Task: {1F0E2F0D-488D-4229-9134-7FC2BA64BC33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {1F6808B2-08FD-4392-B127-5DDEF786A890} - System32\Tasks\{063A0F41-9B35-450D-A49B-B89A237A427F} => C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
Task: {24AF0F45-0C06-4A68-A941-81F1212CAE9A} - System32\Tasks\{3E6BB2CE-BD98-4E94-B6C5-116FE3E6625C} => C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
Task: {255DB6AB-232D-4152-AFB2-75767EB41DA1} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {26525853-27B4-4655-9285-735162100E05} - System32\Tasks\{D4F5AE6C-9830-4EC0-9E37-1A36ABAE145F} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {46E309A2-3E8A-4AF6-9E38-ECAD1C484248} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core1d2587abc07434f => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4DBFB210-0CBF-4922-959A-4EF6E9F77B88} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
Task: {8D5EEB58-929C-4081-AEFE-E8DF4980F972} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {92057438-2CF3-4F54-B75B-D1D3920F4535} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {9AA6BC5F-CC27-4F32-9C23-92C17CC1F737} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {9E51DD61-2299-4564-B918-1DBB6AEAC8C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B3968090-B36F-4361-97E9-68130712E94D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {B613EB16-4984-4CBE-8CBA-DA7FA5FA48DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
Task: {C3543460-945B-4E23-9EED-FF31D9C4DC72} - System32\Tasks\{E35AD483-8B30-4C79-B0F9-5EA57C5A57E3} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {D05BC672-A2EB-4B52-BA71-E326BD7F76C8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {DCACE629-14B6-470E-ACEF-33FA4D4C97C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-14] (Adobe Systems Incorporated)
Task: {E09A24CF-42FB-4202-A728-DD2D1A7EDE60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E3E0647D-CDFD-4016-9EEF-322EAC1F9D6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {E7774606-2E3C-4D5E-BD6C-9EFE5231C110} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {EA028372-9F41-426E-8095-E43CF7D39A29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {EEC8E1CC-F031-460B-BB54-A190AE029F52} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk

==================== Loaded Modules (Whitelisted) ==============

2017-02-04 18:26 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-01-08 11:43 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-01-08 11:43 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-08 11:43 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-30 00:54 - 2016-09-30 00:54 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 12:28 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 12:28 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 12:28 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 12:28 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 12:28 - 2016-12-21 06:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 12:28 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 12:28 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-07 08:13 - 2017-02-07 08:13 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-07 08:13 - 2017-02-07 08:13 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-07 08:13 - 2017-02-07 08:13 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 08:13 - 2017-02-07 08:13 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-11 18:33 - 2017-02-01 09:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-11 18:33 - 2017-02-01 09:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-11-04 09:51 - 2016-07-21 10:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2016-11-04 09:51 - 2016-10-08 16:59 - 01506304 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2017-02-11 17:54 - 2017-02-07 04:48 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-02-11 17:56 - 2017-01-13 23:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-02-11 17:56 - 2017-01-13 23:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-02-11 17:56 - 2017-01-13 23:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-02-11 17:56 - 2017-01-13 23:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-11 17:54 - 2017-02-07 04:50 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-02-11 17:56 - 2017-01-13 23:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-11 17:54 - 2017-02-07 04:50 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-11 17:54 - 2017-02-07 04:50 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-11 17:55 - 2017-01-13 23:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-11 17:54 - 2017-01-13 23:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-11 17:55 - 2017-01-13 23:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-02-11 17:56 - 2017-01-13 23:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-11 17:54 - 2017-02-07 04:50 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-11 17:55 - 2017-01-13 23:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-11 17:54 - 2017-01-13 23:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-02-11 17:56 - 2017-01-13 23:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-02-11 17:56 - 2017-01-13 23:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-02-11 17:56 - 2017-01-13 23:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-11 17:56 - 2017-01-13 23:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-02-11 17:56 - 2017-01-13 23:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-02-11 17:56 - 2017-01-13 23:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-02-11 17:56 - 2017-01-13 23:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-02-11 17:56 - 2017-01-13 23:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-02-11 17:56 - 2017-01-13 23:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-02-11 17:56 - 2017-01-13 23:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-11 17:54 - 2017-02-07 04:50 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-11 17:54 - 2017-02-07 04:50 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-11 17:56 - 2017-01-13 23:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-11 17:54 - 2017-02-07 04:50 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-02-11 17:56 - 2017-01-13 23:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-02-11 17:56 - 2017-01-13 23:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-11 17:56 - 2017-01-13 23:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-11 17:54 - 2017-02-07 04:50 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-11 17:54 - 2017-01-13 23:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-11 17:54 - 2017-02-07 04:50 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-02-11 17:54 - 2016-12-22 06:58 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-02-11 17:54 - 2017-02-07 04:50 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-11 17:54 - 2017-01-14 00:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-11 17:54 - 2017-01-14 00:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-11 17:55 - 2017-02-07 04:50 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-02-11 17:56 - 2017-01-13 23:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-11 17:56 - 2017-02-07 04:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-11 17:55 - 2017-02-07 04:50 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-10-29 14:14 - 2016-10-05 07:20 - 00443392 _____ () C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\OMLibrary.dll
2016-10-29 14:14 - 2016-10-05 07:20 - 00394752 _____ () C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\NBC.dll
2016-10-29 14:14 - 2016-05-11 08:49 - 00089600 _____ () C:\Program Files (x86)\Qualisys\Qualisys Track Manager\QDS\lzo2.dll
2016-11-04 10:24 - 2016-10-08 16:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-11-04 10:24 - 2016-07-21 10:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-02-14 07:56 - 2017-02-14 07:56 - 00098816 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32api.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00110080 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\pywintypes27.dll
2017-02-14 07:56 - 2017-02-14 07:56 - 00364544 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\pythoncom27.dll
2017-02-14 07:56 - 2017-02-14 07:56 - 00320512 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32com.shell.shell.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00914432 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\_hashlib.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 01176576 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\wx._core_.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00806400 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\wx._gdi_.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00816128 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\wx._windows_.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 01067008 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\wx._controls_.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00733184 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\wx._misc_.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00682496 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\pysqlite2._sqlite.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00088064 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\_ctypes.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00686080 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\unicodedata.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00119808 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32file.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00108544 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32security.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00007168 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\hashobjs_ext.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00017920 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\thumbnails_ext.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00088064 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\usb_ext.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00012800 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\common.time34.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00018432 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32event.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00167936 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32gui.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00046080 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\_socket.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 01303552 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\_ssl.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00128512 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\_elementtree.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00127488 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\pyexpat.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00038912 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32inet.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00036864 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\_psutil_windows.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00524248 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\windows._lib_cacheinvalidation.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00011264 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32crypt.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00123392 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\wx._wizard.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00077312 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\wx._html2.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00027648 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\_multiprocessing.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00020480 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\_yappi.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00035840 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32process.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00078848 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\wx._animate.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00024064 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32pipe.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00010240 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\select.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00025600 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32pdh.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00017408 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32profile.pyd
2017-02-14 07:56 - 2017-02-14 07:56 - 00022528 ____R () C:\Users\admin\AppData\Local\Temp\_MEI57282\win32ts.pyd