Jump to content

I CANNOT INSTALL MALWARE BYTES BECAUSE OF "system resource is in use"


Recommended Posts

I have installed multiple antivirus software and none can fix my problem. Whenever I try to start an antivirus it says "the requested system resource is in use". I know malware bytes can probably fix my problem if I install it. I have searched the web for a solution and I have tried many of them, they all don't work.

I am also getting a faulty search engine. if I open a new tab I see google and I can search stuff, but I soon as I click search it redirects me to nova.rambler.ru's search engine and searches what I searched on google (if that makes sense). I would also like help removing this problem. 

I am glad to have help from anyone

I have attached screenshots of the popup I am getting. (I even tried changing the names, but it still wont work)

Thanks

Capture.PNG

Capture.PNG

Link to post
Share on other sites
  • Replies 167
  • Created
  • Last Reply

Top Posters In This Topic

Hi joshkmartinez :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me the content of the "mbar-log-TODAY'S-date.txt" log after running the scan and deleting the threats it detected (the log will be located in the MBAR folder).

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you cannot run MBAR, please let me know. 

Link to post
Share on other sites

Good :) Now you should be able to install Malwarebytes and run a scan with it, so let's do it.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

Link to post
Share on other sites

Ok will run the scan asap tomorrow and export the summary, I just have a few questions.

I still have the nova rambler ru search engine type problem on chrome, will malware bytes fix that?

And I also have software that I am fond of but Malwarebytes detects them as PUP's how do I whitelist them?

Link to post
Share on other sites

Most of the PUP's again are stuff that i purposfully instaled and use. I also occsionally mine bitcion on my pc so i would also like to whitelist that specific program.

 

ok below is the results:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/5/17
Scan Time: 10:47 PM
Logfile: 
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1879
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-0F8BR2O\ckurl

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 452959
Time Elapsed: 22 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 2
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1480], [395260],1.0.1879
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [1480], [395260],1.0.1879

Module: 3
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1480], [395260],1.0.1879
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [1480], [395260],1.0.1879
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, No Action By User, [1480], [395260],1.0.1879

Registry Key: 2
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ADVANCEDSYSTEMCARESERVICE10, No Action By User, [1480], [395260],1.0.1879
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SpyHunter 4 Service, No Action By User, [1329], [340933],1.0.1879

Registry Value: 2
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Advanced SystemCare 10, No Action By User, [1480], [395260],1.0.1879
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE ULTIMATE, No Action By User, [1480], [395260],1.0.1879

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 9
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Downloads, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Rollback, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Data, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\defs, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Log, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\mon, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\USERS\CKURL\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPYHUNTER, No Action By User, [1329], [331712],1.0.1879
PUP.Optional.RegCurePro, C:\USERS\CKURL\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PARETOLOGIC\REGCURE PRO, No Action By User, [1476], [352843],1.0.1879

File: 84
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1480], [395260],1.0.1879
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [1480], [395260],1.0.1879
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, No Action By User, [1480], [395260],1.0.1879
PUP.Optional.SpyHunter, C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\SH4SERVICE.EXE, No Action By User, [1329], [340933],1.0.1879
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE ULTIMATE\ASCTRAY.EXE, No Action By User, [1480], [395260],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Data\dns.dat, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\defs\2017043001.def, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\defs\def.dat, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20170430_162238.log, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\mon\autoexec.bat.bk, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\mon\hosts.bk, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\mon\system.ini.bk, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\mon\win.ini.bk, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Rollback\arch_1020874808a7552da63ea3649e1d846c_131380863217800000.esg, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Indonesian.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Brazilian.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Chinese(Simplified).lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Chinese(Traditional).lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Common.dll, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\cos.dat, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Croatian.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Czech.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Danish.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Dutch.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\English.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.sys, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Finnish.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\French.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\gas.dat, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\German.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\gil.dat, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Greek.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Italian.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Japanese.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\key.dat, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\license.txt, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Lithuanian.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\native.exe, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Norwegian.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Polish.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Portuguese.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\purl.dat, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Romanian.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Russian.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\scanlog.log, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\shortcuts.txt, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Slovene.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\SND.nfo, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Spanish.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.4.3.32-patch.exe, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\spyhunterS4.exe, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\supportlog.txt, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Swedish.lng, No Action By User, [1329], [331702],1.0.1879
PUP.Optional.SpyHunter, C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk, No Action By User, [1329], [331712],1.0.1879
PUP.Optional.SpyHunter, C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk, No Action By User, [1329], [331712],1.0.1879
PUP.Optional.SpyHunter, C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall.lnk, No Action By User, [1329], [331712],1.0.1879
PUP.Optional.RegCurePro, C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic\RegCure Pro\RegCure Pro.lnk, No Action By User, [1476], [352843],1.0.1879
PUP.Optional.RegCurePro, C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic\RegCure Pro\Uninstall RegCure Pro.lnk, No Action By User, [1476], [352843],1.0.1879
PUP.Optional.SpyHunter, C:\USERS\CKURL\APPDATA\ROAMING\ENIGMA SOFTWARE GROUP\SH_INSTALLER.EXE, No Action By User, [1329], [345850],1.0.1879
PUP.Optional.SpyHunter, C:\USERS\CKURL\DESKTOP\SPYHUNTER.LNK, No Action By User, [1329], [331703],1.0.1879
PUP.Optional.RegCurePro, C:\USERS\CKURL\DESKTOP\REGCURE PRO.LNK, No Action By User, [1476], [335014],1.0.1879
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\ADVANCED SYSTEMCARE 10.LNK, No Action By User, [1480], [380338],1.0.1879
PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (4).EXE, No Action By User, [1329], [345850],1.0.1879
PUP.Optional.Plumbytes, C:\USERS\CKURL\DOWNLOADS\ANTIMALWARESETUP.EXE, No Action By User, [9078], [123575],1.0.1879
PUP.Optional.Plumbytes, C:\USERS\CKURL\DOWNLOADS\ANTIMALWARESETUP (1).EXE, No Action By User, [9078], [123575],1.0.1879
RiskWare.BitCoinMiner, C:\USERS\CKURL\DOWNLOADS\NICEHASHMINER_V1.7.5.10.ZIP, No Action By User, [108], [314153],1.0.1879
PUP.Optional.RegCurePro, C:\USERS\CKURL\DOWNLOADS\REGCUREPROSETUP_82275F87-0808-4EBE-BFFF-1B15274F83AE_.EXE, No Action By User, [1476], [336305],1.0.1879
Trojan.BitCoinStealer, C:\USERS\CKURL\DOWNLOADS\SCRIPT (1).RAR, No Action By User, [865], [94682],1.0.1879
PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (5).EXE, No Action By User, [1329], [345850],1.0.1879
PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (2).EXE, No Action By User, [1329], [345850],1.0.1879
PUP.Optional.RegCurePro, C:\USERS\CKURL\DOWNLOADS\REDCURE PRO V3.1.7 + CRACK.RAR, No Action By User, [1476], [336305],1.0.1879
PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (6).EXE, No Action By User, [1329], [345850],1.0.1879
PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (1).EXE, No Action By User, [1329], [345850],1.0.1879
PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, No Action By User, [1329], [345850],1.0.1879
Trojan.BitCoinStealer, C:\USERS\CKURL\DOWNLOADS\SCRIPT.RAR, No Action By User, [865], [94682],1.0.1879
PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (3).EXE, No Action By User, [1329], [345850],1.0.1879
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_PerformanceMonitor, No Action By User, [1480], [380341],1.0.1879

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Which PUPs do you use? From what I can see, Advanced SystemCare and SpyHunter are installed on your system. RegCure Pro and Plumbytes are detections you want to delete. As for the Bitcoin miner, I guess you're referring to these?

RiskWare.BitCoinMiner, C:\USERS\CKURL\DOWNLOADS\NICEHASHMINER_V1.7.5.10.ZIP, No Action By User, [108], [314153],1.0.1879
Trojan.BitCoinStealer, C:\USERS\CKURL\DOWNLOADS\SCRIPT (1).RAR, No Action By User, [865], [94682],1.0.1879
Trojan.BitCoinStealer, C:\USERS\CKURL\DOWNLOADS\SCRIPT.RAR, No Action By User, [865], [94682],1.0.1879

You can configure Malwarebytes so it will ignore PUP detections, and/or exclude files and folders. In your case, excluding folders would be better.

 

Link to post
Share on other sites

Delete the rest of the detections. Once done, we'll run a sweep with JRT and AdwCleaner.

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

Your next reply(ies) should therefore contain:


  • [*]Copy/pasted JRT log;
    [*]Copy/pasted AdwCleaner clean log;
    [/list]
Edited by Aura
Link to post
Share on other sites

AWD Cleaner log:

# AdwCleaner v6.046 - Logfile created 06/05/2017 at 14:22:54
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-05.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : ckurl - DESKTOP-0F8BR2O
# Running from : C:\Users\ckurl\Desktop\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: scan
[-] Service deleted: SpyHunter 4 Service
[!] Service not deleted: AdvancedSystemCareService10


***** [ Folders ] *****

[-] Folder deleted: C:\Users\ckurl\AppData\Local\llssoft
[-] Folder deleted: C:\Users\ckurl\AppData\LocalLow\IObit\Advanced SystemCare
[-] Folder deleted: C:\Users\ckurl\AppData\Roaming\Enigma Software Group
[!] Folder not deleted: C:\Users\ckurl\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[#] Folder deleted on reboot: C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PARETOLOGIC
[!] Folder not deleted: C:\ProgramData\IObit\ASCDownloader
[!] Folder not deleted: C:\ProgramData\IObit\Advanced SystemCare
[!] Folder not deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
[!] Folder not deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
[!] Folder not deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
[!] Folder not deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
[!] Folder not deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

[!] Task not deleted: ASC10_PerformanceMonitor


***** [ Registry ] *****

[!] Key not deleted: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\Software\ParetoLogic
[!] Key not deleted: HKLM\SOFTWARE\IOBIT\ASC
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B}
[-] Key deleted: HKCU\Software\ParetoLogic
[-] Key deleted: HKLM\SOFTWARE\ParetoLogic
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}
[#] Key deleted on reboot: [x64] HKCU\Software\ParetoLogic


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12035 Bytes] - [25/10/2016 22:47:47]
C:\AdwCleaner\AdwCleaner[C10].txt - [8005 Bytes] - [30/04/2017 12:58:49]
C:\AdwCleaner\AdwCleaner[C11].txt - [8774 Bytes] - [01/05/2017 07:35:50]
C:\AdwCleaner\AdwCleaner[C12].txt - [2961 Bytes] - [06/05/2017 14:22:54]
C:\AdwCleaner\AdwCleaner[C2].txt - [9639 Bytes] - [26/10/2016 18:23:35]
C:\AdwCleaner\AdwCleaner[C3].txt - [1792 Bytes] - [29/10/2016 22:04:34]
C:\AdwCleaner\AdwCleaner[C4].txt - [2340 Bytes] - [31/10/2016 00:38:26]
C:\AdwCleaner\AdwCleaner[C5].txt - [6153 Bytes] - [12/11/2016 21:07:31]
C:\AdwCleaner\AdwCleaner[C6].txt - [5404 Bytes] - [14/11/2016 17:43:36]
C:\AdwCleaner\AdwCleaner[C7].txt - [3129 Bytes] - [17/11/2016 17:54:13]
C:\AdwCleaner\AdwCleaner[C8].txt - [5364 Bytes] - [19/03/2017 09:02:22]
C:\AdwCleaner\AdwCleaner[C9].txt - [4299 Bytes] - [19/03/2017 18:50:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [11857 Bytes] - [25/10/2016 22:22:04]
C:\AdwCleaner\AdwCleaner[S10].txt - [2175 Bytes] - [31/10/2016 00:48:17]
C:\AdwCleaner\AdwCleaner[S11].txt - [2249 Bytes] - [31/10/2016 10:48:52]
C:\AdwCleaner\AdwCleaner[S12].txt - [2322 Bytes] - [31/10/2016 15:07:31]
C:\AdwCleaner\AdwCleaner[S13].txt - [2397 Bytes] - [31/10/2016 21:08:42]
C:\AdwCleaner\AdwCleaner[S14].txt - [2471 Bytes] - [01/11/2016 23:47:54]
C:\AdwCleaner\AdwCleaner[S15].txt - [3227 Bytes] - [03/11/2016 22:34:06]
C:\AdwCleaner\AdwCleaner[S16].txt - [5985 Bytes] - [12/11/2016 19:05:31]
C:\AdwCleaner\AdwCleaner[S17].txt - [6059 Bytes] - [12/11/2016 19:35:22]
C:\AdwCleaner\AdwCleaner[S18].txt - [5407 Bytes] - [14/11/2016 17:43:15]
C:\AdwCleaner\AdwCleaner[S19].txt - [2987 Bytes] - [15/11/2016 09:04:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [9266 Bytes] - [26/10/2016 16:33:24]
C:\AdwCleaner\AdwCleaner[S20].txt - [3061 Bytes] - [15/11/2016 18:57:51]
C:\AdwCleaner\AdwCleaner[S21].txt - [3138 Bytes] - [16/11/2016 21:42:52]
C:\AdwCleaner\AdwCleaner[S22].txt - [3254 Bytes] - [17/11/2016 17:37:32]
C:\AdwCleaner\AdwCleaner[S23].txt - [3356 Bytes] - [18/11/2016 00:49:03]
C:\AdwCleaner\AdwCleaner[S24].txt - [3430 Bytes] - [24/11/2016 21:07:17]
C:\AdwCleaner\AdwCleaner[S25].txt - [3504 Bytes] - [25/11/2016 19:57:09]
C:\AdwCleaner\AdwCleaner[S26].txt - [3578 Bytes] - [01/12/2016 17:40:30]
C:\AdwCleaner\AdwCleaner[S27].txt - [3652 Bytes] - [02/12/2016 18:58:38]
C:\AdwCleaner\AdwCleaner[S28].txt - [3726 Bytes] - [05/12/2016 21:08:34]
C:\AdwCleaner\AdwCleaner[S29].txt - [3800 Bytes] - [08/12/2016 21:11:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [1443 Bytes] - [27/10/2016 20:28:33]
C:\AdwCleaner\AdwCleaner[S30].txt - [3874 Bytes] - [15/12/2016 18:11:27]
C:\AdwCleaner\AdwCleaner[S31].txt - [3948 Bytes] - [19/12/2016 21:03:20]
C:\AdwCleaner\AdwCleaner[S32].txt - [4022 Bytes] - [07/01/2017 16:28:19]
C:\AdwCleaner\AdwCleaner[S33].txt - [5285 Bytes] - [19/03/2017 09:00:54]
C:\AdwCleaner\AdwCleaner[S34].txt - [4399 Bytes] - [19/03/2017 18:50:31]
C:\AdwCleaner\AdwCleaner[S35].txt - [4390 Bytes] - [20/03/2017 20:51:22]
C:\AdwCleaner\AdwCleaner[S36].txt - [4464 Bytes] - [29/03/2017 15:42:10]
C:\AdwCleaner\AdwCleaner[S37].txt - [4538 Bytes] - [02/04/2017 09:56:20]
C:\AdwCleaner\AdwCleaner[S38].txt - [6747 Bytes] - [06/04/2017 22:52:42]
C:\AdwCleaner\AdwCleaner[S39].txt - [9876 Bytes] - [28/04/2017 22:15:36]
C:\AdwCleaner\AdwCleaner[S3].txt - [1515 Bytes] - [27/10/2016 22:47:07]
C:\AdwCleaner\AdwCleaner[S40].txt - [9249 Bytes] - [30/04/2017 10:56:51]
C:\AdwCleaner\AdwCleaner[S41].txt - [8103 Bytes] - [30/04/2017 12:52:13]
C:\AdwCleaner\AdwCleaner[S42].txt - [8386 Bytes] - [01/05/2017 07:15:04]
C:\AdwCleaner\AdwCleaner[S43].txt - [6790 Bytes] - [06/05/2017 14:21:42]
C:\AdwCleaner\AdwCleaner[S4].txt - [1589 Bytes] - [29/10/2016 09:21:55]
C:\AdwCleaner\AdwCleaner[S5].txt - [1662 Bytes] - [29/10/2016 19:31:04]
C:\AdwCleaner\AdwCleaner[S6].txt - [1891 Bytes] - [29/10/2016 20:11:34]
C:\AdwCleaner\AdwCleaner[S7].txt - [1880 Bytes] - [30/10/2016 21:02:44]
C:\AdwCleaner\AdwCleaner[S8].txt - [2356 Bytes] - [30/10/2016 23:46:45]
C:\AdwCleaner\AdwCleaner[S9].txt - [2429 Bytes] - [31/10/2016 00:34:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C12].txt - [6866 Bytes] ##########
 

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by ckurl (Administrator) on Sat 05/06/2017 at 14:57:42.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 9 

Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\ckurl\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\Users\Public\asr.dat (File) 
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (ckurl) (Task)
Successfully deleted: C:\Windows\system32\Tasks\SmartDefrag_Startup (Task)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_ckurl (Task)
Successfully deleted: C:\Windows\Tasks\Uninstaller_SkipUac_ckurl.job (Task) 
Successfully deleted: C:\Windows\wininit.ini (File) 

Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_66D18CA9E687EDBAD4EE44B54E7465E7 (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/06/2017 at 15:02:39.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Expected. Now, we'll run FRST to see what's left to remove from your system.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

Link to post
Share on other sites

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-05-2017
Ran by ckurl (08-05-2017 07:32:18)
Running from F:\iAmInfected\FRST64
Windows 10 Home Version 1607 (X64) (2016-08-22 11:45:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3379452668-3058411388-1845388906-500 - Administrator - Disabled)
ckurl (S-1-5-21-3379452668-3058411388-1845388906-1001 - Administrator - Enabled) => C:\Users\ckurl
DefaultAccount (S-1-5-21-3379452668-3058411388-1845388906-503 - Limited - Disabled)
Guest (S-1-5-21-3379452668-3058411388-1845388906-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Total Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

 

 

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.3.0 - IObit)
Ansel (Version: 376.82 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk DirectConnect 2016 64-bit (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
Autodesk Maya 2016 (Version: 16.0.1312.0 - Autodesk) Hidden
AutoHotkey 1.1.24.02 (HKLM\...\AutoHotkey) (Version: 1.1.24.02 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleStick (HKLM\...\Steam App 394380) (Version:  - Pinterac)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703740}) (Version: 3.7.4.0 - Betternet Technologies Inc.)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Bitcoin Core (64-bit)) (Version: 0.14.1 - Bitcoin Core project)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bloons TD Battles (HKLM\...\Steam App 444640) (Version:  - Ninja Kiwi)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.7 - BlueJ Team)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.6.104.6367 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Chrome Remote Desktop Host (HKLM-x32\...\{88D5D9A4-48C4-4D0A-88B9-3E18661CF0D9}) (Version: 57.0.2987.37 - Google Inc.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.6907 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.6.6907 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4508 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Driver Booster 4.3 (HKLM-x32\...\Driver Booster_is1) (Version: 4.3.0 - IObit)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Epic Pen version Epic Pen (HKLM-x32\...\Epic Pen_is1) (Version: Epic Pen - TANK Media)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.19 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{AF4C5F64-4E6A-438B-9832-8BDEE0E7B43D}) (Version: 1.1.17.1 - HP)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iFreeUp 1.0 (HKLM-x32\...\iFreeUp_is1) (Version: 1.0.12 - IObit)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{4200af36-26bc-4a5a-ae8b-1291373ec2e1}) (Version: 18.40.0003.4359 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (x32 Version: 1.1.383 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.0 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.3.0.18 - IObit)
IOTransfer 1.2 (HKLM-x32\...\IOTransfer_is1) (Version: 1.2.0 - iFunSoft)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{A19807B6-6057-456E-A560-A2A04862C1C6}) (Version: 1.5.1.202 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.1.202 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
KGB Archiver 1.2.1.24 (HKLM-x32\...\KGB Archiver_is1) (Version:  - Tomasz Pawlak)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.12 - Magical Jelly Bean)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
mental ray renderer for Autodesk Maya 2016 (HKLM\...\{59AC9438-6EE3-4B22-860F-525308329228}) (Version: 16.0.1312.0 - mental ray)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mp3tag v2.81 (HKLM-x32\...\Mp3tag) (Version: 2.81 - Florian Heidenreich)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{99039186-EBEB-4127-BFA2-18B10A05ACE2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Python 2.7 pygame-1.9.1 (HKLM-x32\...\{5D13804A-67B7-49DA-9B15-65B70A83B9C3}) (Version: 1.9.1 - Pete Shinners, Rene Dudfield, Marcus von Appen, Bob Pendleton, others...)
Python 2.7.12 (64-bit) (HKLM\...\{9DA28CE5-0AA5-429E-86D8-686ED898C666}) (Version: 2.7.12150 - Python Software Foundation)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21296 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8098 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 2.1.0.9 - Reason Software Company Inc.)
Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.1 - IObit)
Spotify (HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Player (HKLM\...\{B5D82DF0-AC2F-469F-8E97-599653947166}) (Version: 12.5.5 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vumaa (x32 Version: 1.0.0 - Vumaa) Hidden
War Thunder (HKLM\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Wargaming.net Game Center (HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Wargaming.net Game Center) (Version:  - Wargaming.net)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Apple, Inc. (USBAAPL64) USB  (05/18/2015 6.0.9999.67) (HKLM\...\D72867649A47CA593E7F2327E5E49CB8D25B5534) (Version: 05/18/2015 6.0.9999.67 - Apple, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora(Build 8.2.2) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
World of Tanks Blitz (HKLM\...\Steam App 444200) (Version:  - Wargaming Group Limited)
World of Warplanes NA (HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\WOWP.NA.PRODUCTION) (Version:  - Wargaming.net)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00615077-DD07-4963-B529-208732E0CC98} - \LUMOS\TBW\TBW_04_00 -> No File <==== ATTENTION
Task: {066FDB27-482E-45EC-89FE-296A667BEF47} - \LUMOS\TBW\TBW_07_00 -> No File <==== ATTENTION
Task: {0E4101FA-8822-4899-894F-EEE20C8AE418} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-28] (Google Inc.)
Task: {0E6157E1-9324-4F79-AC2F-0596760AA289} - \LUMOS\TBW\TBW_20_30 -> No File <==== ATTENTION
Task: {11486291-E2F9-4EE7-910A-470A06389DFF} - \Auslogics\Driver Updater\Start Driver Updater оn ckurl logon -> No File <==== ATTENTION
Task: {18EBC82C-3381-4698-958E-21312A662977} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {19C37EF1-1335-4460-B43D-3AF1D9063D1A} - \LUMOS\TBW\TBW_18_00 -> No File <==== ATTENTION
Task: {1AA14685-00A4-46CA-A3A0-524A35C08D62} - \LUMOS\TBW\TBW_09_00 -> No File <==== ATTENTION
Task: {1D491542-565C-4D42-9C3A-8327E8698C03} - \LUMOS\TBW\TBW_10_00 -> No File <==== ATTENTION
Task: {1F930566-392B-4389-879A-60A5F17BF86A} - \LUMOS\TBW\TBW_05_30 -> No File <==== ATTENTION
Task: {22A38E86-B381-4AAA-86CF-78135A11FEE5} - System32\Tasks\Reason Core Security Scheduled Scan => C:\Program Files\Reason\Security\rsUI.exe [2017-03-30] (Reason Software Company Inc.)
Task: {23E29108-D829-42F6-AE0D-D612C6B15C40} - \LUMOS\TBW\TBW_08_00 -> No File <==== ATTENTION
Task: {258AB952-D067-4A4C-B5F9-A0A7CE4333DE} - \LUMOS\TBW\TBW_06_00 -> No File <==== ATTENTION
Task: {2C11FB30-2DDB-4572-BCCA-8D2AB6BCA3AA} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {31F2C749-E3F5-405F-BE25-C6AB8493AF06} - \LUMOS\TBW\TBW_06_30 -> No File <==== ATTENTION
Task: {33D1363B-6D6D-4058-B2BF-41506E76FD76} - \LUMOS\TBW\TBW_00_30 -> No File <==== ATTENTION
Task: {394F64C8-F8F9-496B-8089-32BB7D1BD066} - System32\Tasks\ASC10_SkipUac_ckurl => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-03-30] (IObit)
Task: {3DD3387A-4A4E-4037-817D-68B3F2C709DB} - System32\Tasks\Reason Core Security => C:\Program Files\Reason\Security\rsUI.exe [2017-03-30] (Reason Software Company Inc.)
Task: {3F2B1D6F-7BC1-4AA4-ACD8-38BCB8421B3D} - \LUMOS\TBW\TBW_19_00 -> No File <==== ATTENTION
Task: {3FD84776-7ECB-4583-BC41-F920B0F5EC18} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {42AC9147-6EEF-4E4D-A5EE-D69E847E064F} - System32\Tasks\Driver Booster SkipUAC (ckurl) => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe [2017-03-17] (IObit)
Task: {4353D761-CAA6-401D-A9F8-016FBE030398} - \LUMOS\TBW\TBW_21_30 -> No File <==== ATTENTION
Task: {4683F5E9-B5D6-4639-A8DD-A11F0427AC13} - \LUMOS\TBW\TBW_11_30 -> No File <==== ATTENTION
Task: {4B474376-DB93-48CE-BB10-6D0DC4A189BF} - \LUMOS\TBW\TBW_12_00 -> No File <==== ATTENTION
Task: {4F70AE9C-AF6E-4B32-8448-CE394D105174} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {51DE424C-A785-4DF7-A92E-FB4EBF43B006} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {570D73E8-473C-4611-8E63-319EA59BC8E4} - \LUMOS\TBW\TBW_01_00 -> No File <==== ATTENTION
Task: {58652A9D-3B8B-4596-951F-9DAA9880BD62} - \LUMOS\TBW\TBW_18_30 -> No File <==== ATTENTION
Task: {590D43C8-FA84-4D87-B7C5-483E782AC9DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {594B2083-7247-4219-B4C5-339936DF174E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {599E7A49-954A-40B7-93D9-B2997CACF2DD} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ckurlawalla@cox.net => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {59D14286-9C19-408B-B974-F313B0B0FC37} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION
Task: {626D8EED-BDD6-437C-84CB-47A931E89599} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {64EF5A71-0F8E-45DE-B6A8-67CA93417278} - \LUMOS\TBW\TBW_02_30 -> No File <==== ATTENTION
Task: {66038ABA-6B68-4142-BE8E-B54E4D9182C0} - System32\Tasks\{D952195F-F2FE-479E-8CAC-E5117817E8CF} => pcalua.exe -a C:\Users\ckurl\AppData\Local\{A1FA97A6-8552-FB1E-E8CA-DEF6CCA2226E}\uninst.exe -c -FN=""-P=/Uninstall /s /noun /DelSelfDir
Task: {662D2B71-DF00-49B8-9288-E9218EBD5F5B} - \LUMOS\TBW\TBW_23_00 -> No File <==== ATTENTION
Task: {663C14AB-0200-49F2-A7C1-635EB0C630CD} - \LUMOS\TBW\TBW_14_30 -> No File <==== ATTENTION
Task: {6A5E418C-F4A4-49D7-9B32-ED928294C4C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {6AEC7E8A-3555-4F99-885C-26A156468358} - \LUMOS\TBW\TBW_07_30 -> No File <==== ATTENTION
Task: {70357E3C-EC2A-44DE-97BF-6620BDCCE2CF} - \LUMOS\TBW\TBW_02_00 -> No File <==== ATTENTION
Task: {706FF03A-76EB-4301-ADEE-0D7AA2B80C37} - \LUMOS\TBW\TBW_17_00 -> No File <==== ATTENTION
Task: {7163B70E-D9C2-4664-B09A-4B088E5B43EB} - \LUMOS\TBW\TBW_15_00 -> No File <==== ATTENTION
Task: {72025C8A-AC8B-4F57-96BE-FB58B2AF847F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {73828F83-23BF-49CB-B246-45FB18801357} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {7395F4F1-A6C4-4FA2-9BB9-47FF5409FCCF} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {73FEA031-3747-4D9A-B2E7-5142E8441DA8} - \LUMOS\TBW\TBW_13_00 -> No File <==== ATTENTION
Task: {74291B77-07DF-435A-A75A-507BFAB03B6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {763690B7-F07B-4672-996D-1049B67D2F1A} - \LUMOS\TBW\TBW_13_30 -> No File <==== ATTENTION
Task: {7AADE947-A724-489E-BA0F-8AED0BD2E068} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {7C7E0AB9-8E3D-4D54-900A-1894713952F3} - \LUMOS\TBW\TBW_23_30 -> No File <==== ATTENTION
Task: {7CA047E5-F6FF-4312-939B-BD0B41906552} - \LUMOS\TBW\TBW_22_30 -> No File <==== ATTENTION
Task: {7F004AD8-97CE-4218-B29F-D423DA5739BB} - \LUMOS\TBW\TBW_03_30 -> No File <==== ATTENTION
Task: {8490D1E7-7C5A-4505-A69C-FC678D0329B6} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
Task: {8EA30A1E-66DF-488B-AF03-D5697FC34169} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {93D1A584-2E08-4B3A-988C-5F43839092B7} - \LUMOS\TBW\TBW_00_00 -> No File <==== ATTENTION
Task: {95B87259-C355-438B-98D0-3996291B8C94} - \LUMOS\TBW\TBW_19_30 -> No File <==== ATTENTION
Task: {98E9A800-5DD9-4AEA-99DE-B7ACBCAF6C51} - \LUMOS\TBW\TBW_16_30 -> No File <==== ATTENTION
Task: {98F7D864-643F-4B06-8BCE-105F38E8E408} - \LUMOS\TBW\TBW_10_30 -> No File <==== ATTENTION
Task: {9BBAA623-5637-4AB6-B1A2-D02BFD2AA917} - \LUMOS\TBW\TBW_16_00 -> No File <==== ATTENTION
Task: {9EB3B544-7A4D-450D-B5E6-E86293419287} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-15] (Adobe Systems Incorporated)
Task: {9F5DC6EB-C8D8-485B-AE44-10DCE23333E2} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-04-19] (IObit)
Task: {9FBDB771-1A2A-4AA5-AC16-7BB81A07B935} - \LUMOS\TBW\TBW_14_00 -> No File <==== ATTENTION
Task: {A04BE138-B8D0-4884-AFC5-EE20360D641A} - System32\Tasks\{BDA69597-C186-49A4-856F-CFDA838F02C2} => pcalua.exe -a "C:\Program Files (x86)\UX Pack\uxuninst.exe"
Task: {A16C1DEC-60F1-43A8-99F7-F338620FC0CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN48LDW1GK => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {A226D1C6-80D7-4B66-A2C4-60F0D7B29C3B} - \LUMOS\TBW\TBW_05_00 -> No File <==== ATTENTION
Task: {A2350C05-DFD0-4221-9B74-4A562084FF4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-28] (Google Inc.)
Task: {A388301C-230A-415A-BEF5-A7840BCA7B47} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {A511EA96-0F5C-4843-AEF0-1B198F52A08D} - System32\Tasks\iFreeUp_SkipUac_ckurl => C:\Program Files (x86)\IObit\iFreeUp\iFreeUp.exe [2016-09-30] (IObit)
Task: {ABFDEB59-EF7D-42FF-945C-8EF93C0A26FC} - \LUMOS\TBW\TBW_11_00 -> No File <==== ATTENTION
Task: {AFF2EAB9-3C96-4026-8355-2FCA2C0A4323} - System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => powershell.exe -NoProfile -WindowStyle Hidden -command cmd.exe /c if exist C:\Users\ckurl\AppData\Local\Packages\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2 start explorer.exe shell:appsFolder\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2!App
Task: {B46896D8-A0A0-467F-A902-E284333916AD} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\Scheduler.exe [2017-03-10] (IObit)
Task: {B65F44B6-3A8C-46CA-8199-9061FE7DE060} - \LUMOS\TBW\TBW_22_00 -> No File <==== ATTENTION
Task: {BF4F149F-849F-45A2-857C-07EFCD93964C} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-04-10] (IObit)
Task: {C2A071E2-CDEA-4B77-8B95-B91B32E537E5} - \LUMOS\TBW\TBW_04_30 -> No File <==== ATTENTION
Task: {C2F43BCD-C074-41B9-91FB-A289B3680FEE} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {C5FB4CB2-655B-4CE5-9BC6-703B38243AE5} - System32\Tasks\HPCeeScheduleForckurl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C9287A7F-1852-4CB4-8863-6FC1BBE18FFE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {C986952E-0BBD-409A-AB94-9E76A333A9E3} - \LUMOS\TBW\TBW_09_30 -> No File <==== ATTENTION
Task: {CF0D73FD-4D4A-4B93-8CDC-B97C707868B2} - \LUMOS\TBW\TBW_03_00 -> No File <==== ATTENTION
Task: {D04459FA-C462-41A7-9452-B6114EF22E20} - \LUMOS\TBW\TBW_01_30 -> No File <==== ATTENTION
Task: {D148F1C2-FFA9-42E0-9A0E-0FF77561A0D1} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)
Task: {D1B49010-67AF-4CE1-9F7B-30005A024538} - System32\Tasks\{792C56D5-DC60-4C20-8BB6-DACFE96AE1E2} => pcalua.exe -a C:\Users\ckurl\AppData\Local\{2D001B5C-09A8-77E4-6430-520C4058AE94}\uninst.exe -c -FN="C:\Users\ckurl\AppData\Local\{2D5D1BE6-080F-7690-6339-5142BFEBAC7C}\synctask.exe"-P=/Uninstall /s /noun /DelSelfDir
Task: {D4B869AC-5FA5-42EB-A6BD-524DA6022FBE} - \LUMOS\TBW\TBW_20_00 -> No File <==== ATTENTION
Task: {DADCC053-0B75-4D91-BDED-4919B81FAAF7} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)
Task: {DCC3C08E-7A9E-4EA6-B1D6-6145FB1B3F74} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {E5B95B77-76B5-4279-9232-69EED1F8BADE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-15] (Adobe Systems Incorporated)
Task: {E8ABAC0E-18E7-4C95-B6FC-29967670B6EA} - \LUMOS\TBW\TBW_08_30 -> No File <==== ATTENTION
Task: {ED545D42-49C3-4C07-A529-4C11A95EBD5B} - \LUMOS\TBW\TBW_17_30 -> No File <==== ATTENTION
Task: {EE57BD88-6082-4BBF-AE6B-6597145B7C46} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {F1ACF427-6DC0-46B2-8169-D5875F5B04C7} - \LUMOS\TBW\TBW_15_30 -> No File <==== ATTENTION
Task: {F5919863-BE80-4B09-ACB0-FACDB74FD707} - \LUMOS\TBW\TBW_21_00 -> No File <==== ATTENTION
Task: {FA58FFA8-AE40-4B62-B8A3-F03AC84680CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {FA774262-2713-4544-A3DA-E6414D962C40} - \LUMOS\TBW\TBW_12_30 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForckurl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ckurl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-04-11 16:15 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-13 18:12 - 2016-12-29 17:22 - 00021504 _____ () C:\Users\ckurl\Desktop\Wallpaper.Engine\bin\wallpaperservice32_c.exe
2017-05-07 08:50 - 2017-05-07 08:52 - 00303896 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2017-05-07 08:50 - 2017-05-07 08:52 - 00625432 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2017-04-11 16:15 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2017-05-01 14:31 - 2017-05-01 14:31 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-19 06:55 - 2016-09-06 21:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 18:14 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 18:15 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 18:15 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 18:15 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 16:15 - 2017-03-27 22:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 16:15 - 2017-03-27 22:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-27 22:48 - 2017-01-27 22:48 - 00085504 _____ () C:\Users\ckurl\AppData\Roaming\Rainmeter\Plugins\IsFullScreen.DLL
2017-01-27 22:48 - 2017-01-27 22:48 - 00008192 _____ () C:\Users\ckurl\AppData\Roaming\Rainmeter\Plugins\FrostedGlass.DLL
2017-01-01 06:59 - 2017-01-01 06:59 - 00136704 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.dll
2017-01-27 22:48 - 2017-01-27 22:48 - 00024064 _____ () C:\Users\ckurl\AppData\Roaming\Rainmeter\Plugins\Backlight.DLL
2017-01-01 06:59 - 2017-01-01 06:59 - 00111104 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2017-01-01 06:59 - 2017-01-01 06:59 - 00125952 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2017-01-01 07:00 - 2017-01-01 07:00 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\InputText.dll
2017-01-01 06:59 - 2017-01-01 06:59 - 00184832 _____ () C:\Program Files\Rainmeter\Plugins\FileView.DLL
2017-01-01 06:59 - 2017-01-01 06:59 - 00095744 _____ () C:\Program Files\Rainmeter\Plugins\FolderInfo.dll
2017-01-01 06:59 - 2017-01-01 06:59 - 00173568 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL
2017-01-01 06:59 - 2017-01-01 06:59 - 00102400 _____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.DLL
2017-01-01 06:59 - 2017-01-01 06:59 - 00130560 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL
2017-01-15 21:07 - 2017-01-15 21:07 - 00152064 _____ () C:\Users\ckurl\AppData\Roaming\Rainmeter\Plugins\HotKey.DLL
2016-05-25 05:38 - 2016-05-25 05:38 - 00129304 _____ () C:\Program Files\Reason\Security\x64\lz4_x64.dll
2017-04-26 16:03 - 2017-04-18 22:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libglesv2.dll
2017-04-26 16:03 - 2017-04-18 22:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libegl.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2017-04-11 18:48 - 2017-03-28 17:08 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-04-11 18:48 - 2017-03-28 17:08 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-04-11 18:48 - 2017-03-28 17:08 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-05-06 22:14 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2017-05-06 22:14 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2017-05-06 22:14 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2017-05-06 22:14 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2017-05-06 22:13 - 2016-01-11 17:03 - 00899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2017-05-06 22:13 - 2016-01-11 17:02 - 00630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2017-04-11 18:48 - 2017-03-28 17:09 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-04-11 18:48 - 2017-03-28 17:09 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2016-03-05 06:35 - 2016-10-19 20:15 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-05-06 22:14 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2017-05-06 22:14 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2017-05-06 23:43 - 2017-05-03 06:22 - 01249528 _____ () \\?\C:\Program Files (x86)\Wargaming.net\GameCenter\dlls\libGLESv2.dll
2017-05-06 23:43 - 2017-05-03 06:22 - 00027384 _____ () \\?\C:\Program Files (x86)\Wargaming.net\GameCenter\dlls\libEGL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ckurl:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\D46ABDF2.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\D46ABDF2.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-04-04 00:04 - 2017-05-08 07:17 - 00006634 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0    a.ads1.msn.com
0.0.0.0    a.ads2.msads.net
0.0.0.0    a.ads2.msn.com
0.0.0.0    a.rad.msn.com
0.0.0.0    a-0001.a-msedge.net
0.0.0.0    a-0002.a-msedge.net
0.0.0.0    a-0003.a-msedge.net
0.0.0.0    a-0004.a-msedge.net
0.0.0.0    a-0005.a-msedge.net
0.0.0.0    a-0006.a-msedge.net
0.0.0.0    a-0007.a-msedge.net
0.0.0.0    a-0008.a-msedge.net
0.0.0.0    a-0009.a-msedge.net
0.0.0.0    ac3.msn.com
0.0.0.0    ad.doubleclick.net
0.0.0.0    adnexus.net
0.0.0.0    adnxs.com
0.0.0.0    ads.msn.com
0.0.0.0    ads1.msads.net
0.0.0.0    ads1.msn.com
0.0.0.0    aidps.atdmt.com
0.0.0.0    aka-cdn-ns.adtech.de
0.0.0.0    a-msedge.net
0.0.0.0    apps.skype.com
0.0.0.0    az361816.vo.msecnd.net
0.0.0.0    az512334.vo.msecnd.net
0.0.0.0    b.ads1.msn.com
0.0.0.0    b.ads2.msads.net
0.0.0.0    b.rad.msn.com
0.0.0.0    bs.serving-sys.com

There are 126 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ckurl\pictures\wallpapers\windows 3840x2160.png
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AccelerometerSysTrayApplet"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "WallpaperEngine"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "KeepVidMusicService"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{08A35E91-2DAA-4B10-9F6C-4D4FBB557986}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{9C36B7DB-1395-4203-8E1E-484FB1E08160}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E41F980E-18DC-48A0-BC60-B8D37E6FC63C}] => (Allow) LPort=5357
FirewallRules: [{71DA1969-10BD-4D52-A940-20691A44A47A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe
FirewallRules: [{82393F2A-8FE0-4CF9-A2BC-133DFDCB9DF2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe
FirewallRules: [{08EE574E-C780-4A0A-8A84-15FC528E534A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe
FirewallRules: [{AC67D5B3-B6BF-402B-8B68-7025D074629E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe
FirewallRules: [UDP Query User{6CCCD7DA-C397-44A6-8F58-526EBEECFA23}C:\users\ckurl\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ckurl\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C8181A2F-67E7-41DC-BE47-A572CE0C4609}C:\users\ckurl\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ckurl\appdata\roaming\spotify\spotify.exe
FirewallRules: [{90437998-AD6B-4BF0-89A2-45E83C3B2840}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3343FA1C-CDAB-4CA1-97C4-E845610362FB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C076D986-0C87-4452-864C-2A2B14B86787}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{893381B6-9067-495F-A11B-3B1D72E772E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FE714242-3C37-4E7A-98DB-3CE0661805F8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{352A5975-79A1-4F95-A83A-AA1740205DA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E7CA0E69-4FB3-41DD-B168-A31849B21CAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F851A9E7-C088-45F0-B108-7F02569752C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2630EC62-F0ED-4BA0-8EC4-D8CF2157E57D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CCE24987-E953-4900-A307-A56DF726DB7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F4528E7C-3C4F-47A6-AA68-6043D715BDC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DAD1EA0F-7E2B-4D6D-A52D-F06F242CF002}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCF1AB69-8E27-4FD7-AE7E-DF4EADC8E1E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7125B5DB-3C65-4F11-A2AC-34C2046DCCF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{27BB9FFC-978F-4A5B-A092-70594B7DAFF6}C:\users\ckurl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ckurl\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6C6DEB51-2AFB-4DE1-BA0D-7849BBA276E8}C:\users\ckurl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ckurl\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7B0FE1CE-C0D7-4190-9850-DCD12A6A42EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{82E523C8-BA74-4C68-B679-2061C4189AD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D3847724-CD24-46A5-B5A7-B676EDF48FD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E40D8A8C-CD78-4656-B2B4-376CD6E5C794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7E23BC4F-7B38-493A-9264-238268F12C07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{787CDB8E-33FD-4B6F-A06D-1D8B0CD402AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0E951922-BA91-4747-B75D-97A14066D3CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{CF8FADFD-D9B5-48D5-A6DB-05ADFE24361A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0492B74A-1A16-4A2F-93DC-4ECCDE5251C8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{041D3032-EC99-4917-966A-2DA0A2DD7646}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{3C0BBB7E-0B9F-4ED6-8E4E-868C1B75265A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{80ECA06A-1F0B-49DF-B867-9746ACA0F0E2}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{DBC75535-ECD9-47C1-AD04-7259B4FE56AA}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{F2501263-CFD1-4A18-B56E-93F1AF502EF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{1A0B6016-4E76-4E04-8F10-A01FA2DB705F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{D586A867-1014-4787-925F-BFB519D8DC61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleStick\BattleStick.exe
FirewallRules: [{80A7938D-138A-4462-B5AC-9429C35921A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleStick\BattleStick.exe
FirewallRules: [{F44DB9CF-CEEB-4A69-8169-5D0CBD869400}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks Blitz\wotblitz.exe
FirewallRules: [{2A0D1D58-7785-46F3-B80B-17076753F01B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks Blitz\wotblitz.exe
FirewallRules: [{E4D3578E-9A1E-4D67-BE7B-72F9CF322FE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{37750B42-C099-4DD9-B926-F49056435D64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{C5BC2A42-60B7-4EAE-A941-A1A18B9CA068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4FCF2231-7783-4D26-BB8E-F2721022AE7C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB8CC388-95F2-42E7-AEF3-67001ADACF98}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B6181B6-87BC-4B6E-85CE-8FAA555C8406}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6F29CACF-AD20-4C12-9EDA-964BBC5777AF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5CA8615D-1DE5-464C-828D-3C98BB721619}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3A596DFB-ED6F-4A75-8F33-F2A00EF7E59B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
FirewallRules: [{BF748A6C-4E23-41F1-86F2-8EBDB9BA3050}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
FirewallRules: [{93A9FFAB-EC7B-476B-9000-79D82B96FABB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
FirewallRules: [{546D16E2-BB79-4EFD-824E-BFE8E256563B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
FirewallRules: [{35DBF99C-3DE7-4B43-8E2A-E717261EA027}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
FirewallRules: [{8EF1D191-1F7F-4944-83B3-D1E8B3AA70BF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{B4DC9C30-1778-47A6-A116-2204419765B3}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{521BBAD2-C7A1-4A62-ABD0-9137800BE650}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{5A16C40B-0863-4205-8566-82B228A7EA89}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{201975D0-A4AA-4FEB-BE73-5E5DA2943663}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{569557EC-F6DB-479B-B40B-AFFE214109A9}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{74617A01-158B-420A-AF63-F3273E43E2D0}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{2612BF1D-46AA-4430-920C-EAD58E1F19EF}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{DEC0230A-EE35-4708-9756-F764CB19EF3C}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe
FirewallRules: [{3E2F294B-F889-4CE0-A4E5-D06E91F6BABB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{99E382A7-3F2F-4895-8C52-12CCA0BE0F13}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{EF6E1ABF-9364-4AB0-9BA7-553A8D443DBF}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{E1B39E0C-9058-4CBF-9F83-C446684C8982}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{88CFD134-191B-4583-ADAF-3E93AFFD1BC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{C9EB2928-6C83-44E8-BD8C-B81C9A6AB1ED}] => (Allow) C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe

==================== Restore Points =========================

06-05-2017 14:57:42 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2017 07:26:38 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.NullReferenceException: Object reference not set to an instance of an object.
   at HP.ActiveHealth.Commons.Objects.ElevatedProcessVerifier.IsUacEnabled()
   at HP.ActiveHealth.Commons.Objects.ElevatedProcessVerifier.IsProcessElevated(Process process)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni, Boolean setupPowerOptimization)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (05/08/2017 07:22:43 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/08/2017 07:22:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.2.1088, time stamp: 0x55af5809
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0375d5f5
Faulting process id: 0x18c8
Faulting application start time: 0x01d2c8065ed5975a
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: a519b0e3-2f3d-4106-b63a-eada27557332
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/08/2017 07:22:06 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/08/2017 07:18:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2071.1338, time stamp: 0x5726e00c
Faulting module name: MessageBus.dll, version: 0.0.0.0, time stamp: 0x5726d98c
Exception code: 0xc0000005
Fault offset: 0x0000000000010f73
Faulting process id: 0x138c
Faulting application start time: 0x01d2c805e51659a0
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
Report Id: 828135c0-9e81-4b4c-8bf6-11881a39dfed
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/08/2017 07:17:38 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 54590 ms

DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Critical Policy: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Critical Policy [3]

Error: (05/08/2017 07:17:37 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 53776 ms

DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Active Policy: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Active Policy [0]

Error: (05/07/2017 06:28:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/07/2017 06:28:44 PM) (Source: Perflib) (EventID: 1018) (User: )
Description: Disabled performance counter data collection for this session from the "VMware" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log.

Error: (05/07/2017 06:28:44 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows cannot open the 64-bit extensible counter DLL VMware in a 32-bit environment. Contact the file vendor to obtain a 32-bit version. Alternatively if you are running a 64-bit native environment, you can open the 64-bit extensible counter DLL by using the 64-bit version of Performance Monitor. To use this tool, open the Windows folder, open the System32 folder, and then start Perfmon.exe.


System errors:
=============
Error: (05/08/2017 07:30:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8620.

Error: (05/08/2017 07:26:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/08/2017 07:22:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/08/2017 07:17:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (05/08/2017 07:16:49 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (05/07/2017 08:40:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/07/2017 07:59:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/07/2017 06:43:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/07/2017 04:29:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/07/2017 01:16:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8620.


CodeIntegrity:
===================================
  Date: 2017-05-08 07:31:33.357
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aadcloudap.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 07:31:33.323
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aadcloudap.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 07:18:42.036
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 07:18:39.750
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 07:18:37.459
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 07:18:35.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 07:18:32.889
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 07:18:30.603
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 07:18:28.317
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 07:18:26.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 16204.34 MB
Available physical RAM: 12262.48 MB
Total Virtual: 17228.34 MB
Available Virtual: 12860.77 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:904.87 GB) (Free:542.31 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:25.43 GB) (Free:2.84 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (BIGstick) (Removable) (Total:29.89 GB) (Free:27.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0664B0C4)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.9 GB) (Disk ID: D94646C9)
Partition 1: (Active) - (Size=29.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-05-2017
Ran by ckurl (administrator) on DESKTOP-0F8BR2O (08-05-2017 07:30:37)
Running from F:\iAmInfected\FRST64
Loaded Profiles: ckurl (Available Profiles: ckurl)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Users\ckurl\Desktop\Wallpaper.Engine\bin\wallpaperservice32_c.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\Scheduler.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Wargaming.net) C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Wargaming.net) C:\Program Files (x86)\Wargaming.net\GameCenter\dlls\wgc_watchdog.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9209856 2017-04-29] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-19] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [1062392 2017-03-15] (HP Inc.)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [Gaijin.Net Agent] => C:\Users\ckurl\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [1912840 2017-02-13] ()
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [Spotify Web Helper] => C:\Users\ckurl\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-25] (Spotify Ltd)
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-04] (SUPERAntiSpyware)
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3920672 2017-03-30] (IObit)
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [Wargaming.net Game Center] => C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe [1618168 2017-05-03] (Wargaming.net)
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\RunOnce: [Uninstall C:\Users\ckurl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ckurl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64"
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Winlogon: [Shell] C:\windows\explorer.exe [4674360 2017-03-04] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-05-29]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-13]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
BootExecute: autocheck autochk * ?????????????SmartDefragBootTime.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{cfe21422-8cd3-41c5-9d18-19018f8541fe}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-03-28] (IObit)
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-30] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation)
Handler: WSKVAllmytubechrome - No CLSID Value

Edge: 
======
Edge Session Restore: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001 -> is enabled.

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-03-29]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files (x86)\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com => not found
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-30] (Oracle Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default [2017-05-08]
CHR Extension: (Google Slides) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-24]
CHR Extension: (Google Docs) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-24]
CHR Extension: (Google Drive) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-24]
CHR Extension: (YouTube) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-24]
CHR Extension: (OneTab) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20]
CHR Extension: (Adblock for Youtube™) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-05-03]
CHR Extension: (Google Sheets) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-24]
CHR Extension: (HTTPS Everywhere) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-24]
CHR Extension: (AdBlock) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-16]
CHR Extension: (Grammarly for Chrome) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-05-05]
CHR Extension: (Black carbon + silver metal) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2017-05-03]
CHR Extension: (Google Mail Checker) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-24]
CHR Extension: (Chrome Media Router) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-28]
CHR Profile: C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-30]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S3 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-23] (Autodesk Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-11-11] (Adobe Systems) [File not signed]
S3 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit)
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-12-14] (Intel Corporation)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [560128 2017-03-03] (Microsoft Corporation) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BFE; C:\Windows\System32\bfe.dll [795648 2016-07-16] (Microsoft Corporation) [File not signed]
S2 BITS; C:\Windows\System32\qmgr.dll [1054208 2016-10-14] (Microsoft Corporation) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [428056 2017-03-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [406040 2017-03-03] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [452632 2017-03-03] (BlueStack Systems, Inc.)
R2 CDPSvc; C:\Windows\System32\CDPSvc.dll [411648 2016-11-11] (Microsoft Corporation) [File not signed]
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation) [File not signed]
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe [72024 2017-02-07] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation)
S3 cphs; C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe [310240 2017-02-22] (Intel Corporation)
S3 cplspcon; C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe [488928 2017-02-22] (Intel Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [262144 2016-07-16] (Microsoft Corporation) [File not signed]
R2 esifsvc; C:\Windows\system32\Intel\DPTF\esif_uf.exe [2208888 2017-04-02] (Intel Corporation)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-01] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe [350688 2017-02-22] (Intel Corporation)
R2 IKEEXT; C:\Windows\System32\ikeext.dll [932352 2016-07-16] (Microsoft Corporation) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1764640 2017-03-17] (IObit)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel Corporation)
S3 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2017-03-28] (IObit)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [945664 2017-03-03] (Microsoft Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
S3 KvAppService; C:\Program Files (x86)\Keepvid\KAF\2.4.2.222\KvAppService.exe [474824 2017-03-10] (Keepvid)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-04-19] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-19] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [425472 2016-07-16] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [27648 2016-07-16] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [105472 2016-07-16] (Microsoft Corporation) [File not signed]
S3 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed]
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-05-07] ()
S3 rsService; C:\Program Files\Reason\Security\rsService.exe [254232 2017-03-29] (Reason Software Company Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-29] (Realtek Semiconductor)
R3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [331776 2016-09-15] (Microsoft Corporation) [File not signed]
S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [590848 2016-07-16] (Microsoft Corporation) [File not signed]
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [4136448 2016-11-11] (Microsoft Corporation) [File not signed]
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [3370496 2016-11-11] (Microsoft Corporation) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258152 2017-04-02] (Synaptics Incorporated)
R2 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S3 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-14] (McAfee, Inc.)
S3 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-14] (McAfee, Inc.)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2017-03-03] (Microsoft Corporation) [File not signed]
S3 vmicguestinterface; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
S3 vmicheartbeat; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
S3 vmickvpexchange; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2017-03-03] (Microsoft Corporation) [File not signed]
S3 vmicshutdown; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
S3 vmictimesync; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
S3 vmicvmsession; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed]
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2017-03-03] (Microsoft Corporation) [File not signed]
R2 Wallpaper Engine Service; C:\Users\ckurl\Desktop\Wallpaper.Engine\bin\wallpaperservice32_c.exe [21504 2016-12-29] () [File not signed]
S2 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [837632 2016-12-13] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-27] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-27] (Microsoft Corporation)
S3 wlidsvc; C:\Windows\system32\wlidsvc.dll [2104320 2016-11-11] (Microsoft Corporation) [File not signed]
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [1016320 2017-03-03] (Microsoft Corporation) [File not signed]
S3 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2017-03-03] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2017-03-03] (Bluestack System Inc. )
S3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [114176 2016-08-19] (Microsoft Corporation) [File not signed]
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [249856 2016-09-15] (Microsoft Corporation) [File not signed]
S3 BthPan; C:\Windows\System32\drivers\bthpan.sys [128512 2016-10-05] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\Windows\System32\drivers\BTHport.sys [967168 2016-11-11] (Microsoft Corporation) [File not signed]
S3 BTHUSB; C:\Windows\System32\drivers\BTHUSB.sys [84992 2016-08-19] (Microsoft Corporation) [File not signed]
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [66624 2017-04-02] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [350272 2017-04-02] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr64.sys [37112 2017-04-29] (Hewlett-Packard Company)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-04-02] (REALiX(tm))
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253184 2017-04-02] (Intel Corporation)
R3 igfx; C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igdkmd64.sys [11036640 2017-02-22] (Intel Corporation)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [51904 2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-08] (IObit.com)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [33600 2017-02-17] (IObit.com)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [85504 2016-07-16] (Microsoft Corporation) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197336 2017-04-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [244448 2017-03-13] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1018592 2017-04-11] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-03-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-04-27] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2017-03-29] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [251656 2017-04-27] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112912 2017-04-27] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [173144 2017-04-27] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-03-29] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199392 2017-03-29] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-05-05] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-05] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-05] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-05] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92096 2017-05-06] (Malwarebytes)
S3 MFE_RR; C:\Users\ckurl\AppData\Local\Temp\mfe_rr.sys [24120 2017-05-06] (McAfee, Inc.) <==== ATTENTION
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6731520 2016-05-28] (Intel Corporation)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7621376 2017-04-29] (Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_c93098c8f8471348\nvlddmkm.sys [14847088 2017-04-29] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [49208 2017-04-29] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2016-07-16] (Microsoft Corporation) [File not signed]
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [954368 2017-04-29] (Realtek                                            )
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [781792 2017-04-02] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [413912 2017-03-12] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SGXEPC; C:\Windows\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows (R) Win 7 DDK provider)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [64104 2017-04-02] (Synaptics Incorporated)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2017-04-13] (BitDefender S.R.L.)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-15] (BigNox Corporation)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2017-03-21] (VMware, Inc.)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)
S1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [22528 2016-07-16] (Microsoft Corporation) [File not signed]
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [22528 2017-03-14] () [File not signed]
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [258560 2017-03-03] (Microsoft Corporation) [File not signed]
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [43520 2016-08-19] (Microsoft Corporation) [File not signed]
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-05-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-05-07] (Zemana Ltd.)
U3 aswbdisk; no ImagePath
S0 D46ABDF2; system32\drivers\D46ABDF2.sys [X]
U4 DiagTrack; no ImagePath
S3 klids; \??\C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-08 07:28 - 2017-05-08 07:29 - 02429440 _____ (Farbar) C:\Users\ckurl\Downloads\FRST64.exe
2017-05-08 07:24 - 2017-05-08 07:24 - 00003038 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (ckurl)
2017-05-08 07:17 - 2017-05-08 07:30 - 00086463 _____ C:\Windows\ZAM.krnl.trace
2017-05-08 07:17 - 2017-05-08 07:30 - 00040400 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-07 16:17 - 2017-05-08 07:17 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForckurl.job
2017-05-07 16:17 - 2017-05-07 16:17 - 00003256 _____ C:\Windows\System32\Tasks\HPCeeScheduleForckurl
2017-05-07 15:00 - 2017-05-07 15:00 - 00000000 ____D C:\Users\ckurl\Desktop\Atari Games
2017-05-07 14:59 - 2017-05-07 14:59 - 02881762 _____ C:\Users\ckurl\Downloads\Atari Games  Program.rar
2017-05-07 14:59 - 2017-05-07 14:59 - 02881762 _____ C:\Users\ckurl\Desktop\Atari Games  Program.rar
2017-05-07 10:24 - 2017-05-07 10:24 - 00092334 _____ C:\Users\ckurl\Downloads\CER_4_Rational_and_Irrational_Numbers.pdf
2017-05-07 08:50 - 2017-05-07 08:51 - 00003466 _____ C:\Windows\System32\Tasks\Reason Core Security
2017-05-07 08:50 - 2017-05-07 08:50 - 00003712 _____ C:\Windows\System32\Tasks\Reason Core Security Scheduled Scan
2017-05-07 08:50 - 2017-05-07 08:50 - 00001182 _____ C:\Users\ckurl\Desktop\Reason Core Security.lnk
2017-05-07 08:50 - 2017-05-07 08:50 - 00000000 ____D C:\ProgramData\Reason
2017-05-07 08:50 - 2017-05-07 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2017-05-07 08:49 - 2017-05-07 08:49 - 00000000 ____D C:\Program Files\Reason
2017-05-07 08:48 - 2017-05-07 08:49 - 07790192 _____ (Reason Software Company Inc.) C:\Users\ckurl\Downloads\reason-core-security-setup.exe
2017-05-07 00:50 - 2017-05-07 00:50 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-05-07 00:50 - 2017-05-07 00:50 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-05-07 00:50 - 2017-05-07 00:50 - 00001238 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-05-07 00:50 - 2017-05-07 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-05-07 00:50 - 2017-05-07 00:50 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-05-07 00:49 - 2017-05-07 00:49 - 05774688 _____ (Zemana Ltd. ) C:\Users\ckurl\Downloads\Zemana.AntiMalware.Setup.exe
2017-05-07 00:49 - 2017-05-07 00:49 - 05774688 _____ (Zemana Ltd. ) C:\Users\ckurl\Desktop\Zemana.AntiMalware.Setup.exe
2017-05-06 23:44 - 2017-05-07 16:08 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Wargaming.net
2017-05-06 23:44 - 2017-05-07 00:32 - 00001700 _____ C:\Users\ckurl\Desktop\World of Warplanes NA.lnk
2017-05-06 23:44 - 2017-05-06 23:44 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2017-05-06 23:44 - 2017-05-06 23:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-06 23:43 - 2017-05-06 23:43 - 00001352 _____ C:\Users\Public\Desktop\Wargaming.net Game Center.lnk
2017-05-06 23:43 - 2017-05-06 23:43 - 00000000 ___HD C:\Windows\msdownld.tmp
2017-05-06 23:43 - 2017-05-06 23:43 - 00000000 ____D C:\ProgramData\Wargaming.net
2017-05-06 23:43 - 2017-05-06 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2017-05-06 23:43 - 2017-05-06 23:43 - 00000000 ____D C:\Program Files (x86)\Wargaming.net
2017-05-06 23:42 - 2017-05-06 23:42 - 06608032 _____ (Wargaming.net (c) 2009-2017 ) C:\Users\ckurl\Downloads\world_of_warplanes_install_na.exe
2017-05-06 23:25 - 2017-05-06 23:25 - 00003394 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2017-05-06 22:15 - 2017-05-06 22:15 - 00002908 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_ckurl
2017-05-06 22:14 - 2017-05-06 23:25 - 00002259 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2017-05-06 22:14 - 2017-05-06 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-05-06 22:13 - 2017-05-06 22:13 - 00003264 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2017-05-06 22:13 - 2017-05-06 22:13 - 00003104 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2017-05-06 22:13 - 2017-05-06 22:13 - 00001246 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk
2017-05-06 22:13 - 2017-03-09 13:53 - 00030744 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2017-05-06 22:13 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2017-05-06 16:42 - 2017-05-06 23:25 - 00000000 ____D C:\ProgramData\ProductData
2017-05-06 15:02 - 2017-05-06 15:02 - 00001353 _____ C:\Users\ckurl\Desktop\JRT.txt
2017-05-06 14:54 - 2017-05-06 14:54 - 00003240 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-05-06 14:18 - 2017-05-06 14:18 - 04102600 _____ C:\Users\ckurl\Desktop\adwcleaner_6.046.exe
2017-05-06 14:16 - 2017-05-06 14:16 - 01663672 _____ (Malwarebytes) C:\Users\ckurl\Desktop\JRT.exe
2017-05-05 22:45 - 2017-05-06 12:53 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-05 22:45 - 2017-05-05 22:45 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-05 22:45 - 2017-05-05 22:45 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-05 22:45 - 2017-05-05 22:45 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-05 22:45 - 2017-05-05 22:45 - 00001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-05 22:45 - 2017-05-05 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-05 22:45 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-05 17:59 - 2017-05-05 17:59 - 00673784 _____ C:\Users\ckurl\Desktop\p4_JoshMartinez_suitcase_grey.stl
2017-05-05 16:23 - 2017-05-05 22:45 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-05 16:23 - 2017-05-05 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-05-05 16:18 - 2017-05-05 18:33 - 00000000 ____D C:\Users\ckurl\Desktop\mbar
2017-05-05 16:18 - 2017-05-05 16:18 - 16564750 _____ (Malwarebytes Corp.) C:\Users\ckurl\Desktop\mbar-1.09.4.1001.exe
2017-05-05 08:08 - 2017-05-05 08:08 - 00748412 _____ C:\Windows\Minidump\050517-179000-01.dmp
2017-05-04 17:31 - 2017-05-04 17:31 - 01473412 ____N C:\Windows\Minidump\050417-42296-01.dmp
2017-05-04 16:40 - 2017-05-08 07:30 - 00000000 ____D C:\FRST
2017-05-04 16:37 - 2017-05-04 16:37 - 00001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\123D Design.lnk
2017-05-04 16:37 - 2017-05-04 16:37 - 00001993 _____ C:\Users\Public\Desktop\123D Design.lnk
2017-05-03 19:28 - 2017-05-03 19:28 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-05-03 19:19 - 2017-05-03 19:19 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-0F8BR2O-Windows-10-Home-(64-bit).dat
2017-05-03 19:18 - 2017-05-03 19:18 - 00000000 ____D C:\RegBackup
2017-05-03 19:16 - 2017-05-03 19:16 - 00000110 _____ C:\Windows\system32\zerobyte_files_deleted.txt
2017-05-03 19:16 - 2017-05-03 19:16 - 00000076 _____ C:\Windows\zerobyte_files_deleted.txt
2017-05-03 18:58 - 2017-05-03 18:58 - 00053248 _____ C:\Windows\SysWOW64\zlib.dll
2017-05-03 18:45 - 2017-05-03 18:45 - 01467716 ____N C:\Windows\Minidump\050317-38937-01.dmp
2017-05-03 17:18 - 2017-05-03 17:18 - 01466236 ____N C:\Windows\Minidump\050317-45953-01.dmp
2017-05-03 07:43 - 2017-05-05 22:42 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-05-03 07:38 - 2017-05-03 15:21 - 00000000 ____D C:\@RestoreQuarantine
2017-05-03 07:18 - 2017-05-06 23:38 - 00000000 ____D C:\Users\ckurl\AppData\Local\NPE
2017-05-03 07:12 - 2017-05-04 22:20 - 00000000 ____D C:\ProgramData\RegRun
2017-05-03 07:11 - 2017-05-06 12:34 - 00000000 ____D C:\Users\ckurl\Documents\RegRun2
2017-05-03 07:11 - 2017-05-03 07:11 - 00000002 RSHOT C:\Windows\winstart.bat
2017-05-03 07:11 - 2017-05-03 07:11 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-05-03 07:11 - 2017-05-03 07:11 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-05-02 21:51 - 2017-05-02 21:52 - 00826396 _____ C:\Windows\Minidump\050217-113843-01.dmp
2017-05-02 21:50 - 2017-05-05 08:07 - 1220034660 ____N C:\Windows\MEMORY.DMP
2017-05-02 21:43 - 2017-05-05 08:08 - 00000000 ____D C:\Windows\Minidump
2017-05-02 21:43 - 2017-05-02 21:43 - 01470780 ____N C:\Windows\Minidump\050217-63765-01.dmp
2017-05-01 15:56 - 2017-05-04 07:23 - 00000000 ____D C:\Windows\pss
2017-05-01 14:50 - 2017-05-01 14:50 - 00000600 _____ C:\Users\ckurl\AppData\Roaming\winscp.rnd
2017-05-01 14:45 - 2017-05-01 14:45 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Far Manager
2017-05-01 14:45 - 2017-05-01 14:45 - 00000000 ____D C:\Users\ckurl\AppData\Local\Far Manager
2017-05-01 14:38 - 2017-05-01 14:38 - 00065736 _____ (Prevx) C:\Windows\system32\Drivers\pxrts.sys
2017-05-01 14:38 - 2017-05-01 14:38 - 00024024 _____ (Prevx) C:\Windows\system32\Drivers\pxkbf.sys
2017-05-01 14:37 - 2017-05-06 14:04 - 00000000 ____D C:\ProgramData\PrevxCSI
2017-05-01 14:36 - 2017-05-01 14:36 - 04922400 _____ (AO Kaspersky Lab) C:\Users\ckurl\Desktop\tdsskiller.exe
2017-05-01 14:10 - 2017-05-06 23:44 - 00000000 ____D C:\Program Files\BDServices
2017-05-01 07:53 - 2017-05-03 15:24 - 00000000 ____D C:\Users\ckurl\AppData\Local\LLSSOFT.del
2017-05-01 06:54 - 2017-05-01 06:54 - 00000000 ____D C:\Users\ckurl\AppData\Local\Zemana
2017-04-30 21:35 - 2017-04-14 09:19 - 00000000 ____D C:\Users\ckurl\Desktop\SpyHunter Pro v4.25.6.4782 by Aquí Lo Encuentras!!
2017-04-30 21:25 - 2017-05-03 15:24 - 00000000 ____D C:\Users\ckurl\AppData\Local\NTUSERLITELIST.del
2017-04-30 21:20 - 2017-05-05 18:40 - 00000000 ____D C:\Users\ckurl\AppData\Local\kxgdc
2017-04-30 21:20 - 2017-05-05 18:40 - 00000000 ____D C:\Users\ckurl\AppData\Local\GVPGIOZPG.del
2017-04-30 16:23 - 2017-04-30 16:23 - 00000000 _____ C:\autoexec.bat
2017-04-30 15:36 - 2017-04-30 15:36 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2017-04-30 13:29 - 2017-05-06 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2017-04-30 13:24 - 2017-04-30 13:23 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-04-30 13:24 - 2017-04-30 13:22 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-30 13:20 - 2017-04-30 13:20 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-04-30 12:58 - 2017-04-30 12:58 - 00001172 _____ C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-04-30 12:24 - 2016-07-16 04:42 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-04-30 12:24 - 2016-07-16 04:42 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2017-04-30 12:24 - 2016-07-16 04:42 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\uxinit.dll
2017-04-30 09:56 - 2017-04-30 09:56 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-29 19:35 - 2017-04-29 19:35 - 13332880 _____ C:\Windows\system32\Drivers\Netwfw04.dat
2017-04-29 19:34 - 2017-04-29 19:35 - 07621376 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw04.sys
2017-04-29 19:33 - 2017-04-29 19:33 - 00954368 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2017-04-29 19:33 - 2017-04-29 19:33 - 00122880 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-04-29 19:32 - 2017-04-19 17:44 - 00548472 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-04-29 19:28 - 2017-04-29 19:28 - 11056272 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-04-29 19:27 - 2017-04-29 19:28 - 09014976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-04-29 19:27 - 2017-04-29 19:27 - 10635008 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-04-29 19:27 - 2017-04-29 19:27 - 08876456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-04-29 19:26 - 2017-04-29 19:27 - 35354232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-04-29 19:25 - 2017-04-29 19:26 - 28590712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-04-29 19:24 - 2017-04-29 19:25 - 14847088 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-04-29 19:24 - 2017-04-29 19:24 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438189.dll
2017-04-29 19:24 - 2017-04-29 19:24 - 01589880 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438189.dll
2017-04-29 19:24 - 2017-04-29 19:24 - 00688968 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-04-29 19:24 - 2017-04-29 19:24 - 00577728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-04-29 19:24 - 2017-04-29 19:24 - 00043956 _____ C:\Windows\system32\nvinfo.pb
2017-04-29 19:22 - 2017-04-29 19:22 - 11111392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-04-29 19:22 - 2017-04-29 19:22 - 09316648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-04-29 19:22 - 2017-04-29 19:22 - 03789248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-04-29 19:22 - 2017-04-29 19:22 - 03246200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-04-29 19:19 - 2017-04-29 19:21 - 40201152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-04-29 19:16 - 2017-04-29 19:19 - 35280320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 04085712 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 03602112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 01278712 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 01054144 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 00995736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 00990328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 00960632 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 00911296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 00776048 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 00612088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 00609912 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-04-29 19:16 - 2017-04-29 19:16 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-04-29 19:16 - 2017-04-29 19:16 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-04-29 19:05 - 2017-04-29 19:05 - 00155192 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-04-29 19:05 - 2017-04-29 19:05 - 00129080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-04-29 19:05 - 2017-04-29 19:05 - 00049208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-04-29 18:19 - 2017-04-29 18:20 - 00000000 ____D C:\ProgramData\FreeDriverScout
2017-04-29 18:19 - 2017-04-29 18:19 - 00000000 ____D C:\Users\ckurl\Documents\Freemium Driver Utilities
2017-04-29 18:13 - 2017-04-29 18:13 - 00799744 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2017-04-29 18:08 - 2017-04-29 19:04 - 03122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2017-04-29 18:08 - 2017-04-29 19:04 - 01003504 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2017-04-29 18:08 - 2017-04-29 19:04 - 00866088 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2017-04-29 18:08 - 2017-04-29 19:04 - 00859912 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2017-04-29 18:08 - 2017-04-29 19:04 - 00856288 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2017-04-29 18:08 - 2017-04-29 19:04 - 00726624 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2017-04-29 18:08 - 2017-04-29 19:04 - 00518528 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2017-04-29 18:08 - 2017-04-29 19:03 - 03410832 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2017-04-29 18:08 - 2017-04-29 19:03 - 01435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2017-04-29 18:08 - 2017-04-29 19:03 - 00984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2017-04-29 18:08 - 2017-04-29 19:03 - 00689880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-04-29 18:08 - 2017-04-29 19:03 - 00467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2017-04-29 18:08 - 2017-04-29 19:03 - 00381408 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2017-04-29 18:08 - 2017-04-29 19:03 - 00341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2017-04-29 18:08 - 2017-04-29 19:03 - 00341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2017-04-29 18:08 - 2017-04-29 19:03 - 00258856 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2017-04-29 18:08 - 2017-04-29 19:02 - 72520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2017-04-29 18:08 - 2017-04-29 18:57 - 10755842 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-04-29 18:08 - 2017-04-29 18:52 - 00387304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-04-29 18:08 - 2017-04-29 18:52 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-04-29 18:08 - 2017-04-29 18:52 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-04-29 18:08 - 2017-04-29 18:52 - 00214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-04-29 18:08 - 2017-04-29 18:52 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-04-29 18:08 - 2017-04-29 18:52 - 00088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-04-29 18:08 - 2017-04-29 18:51 - 00343696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-04-29 18:08 - 2017-04-29 18:50 - 03503040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-04-29 18:08 - 2017-04-29 18:50 - 01353272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-04-29 18:08 - 2017-04-29 18:50 - 00532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2017-04-29 18:08 - 2017-04-29 18:50 - 00192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-04-29 18:08 - 2017-04-29 18:50 - 00166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2017-04-29 18:08 - 2017-04-29 18:49 - 03205120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-04-29 18:08 - 2017-04-29 18:49 - 02203136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-04-29 18:08 - 2017-04-29 18:49 - 00023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-04-29 18:08 - 2017-04-29 18:48 - 03493760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-04-29 18:08 - 2017-04-29 18:41 - 03014656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-04-29 18:07 - 2017-04-29 18:39 - 05702144 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-04-29 18:07 - 2017-04-29 18:37 - 00122312 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-04-29 18:06 - 2017-04-29 18:06 - 01804696 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01011.dll
2017-04-29 18:06 - 2017-04-29 18:06 - 00204920 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverW8x64.sys
2017-04-29 18:06 - 2017-04-29 18:06 - 00037112 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpqKbFiltr64.sys
2017-04-29 09:49 - 2017-04-29 20:59 - 00000000 ____D C:\Users\ckurl\AppData\Local\Drpbx
2017-04-29 07:37 - 2017-04-29 07:37 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Google
2017-04-29 06:38 - 2017-04-29 20:58 - 00000061 _____ C:\Users\ckurl\AppData\Roaming\DATA.del
2017-04-29 06:34 - 2017-04-30 09:37 - 00000045 ___HT C:\Windows\SysWOW64\5a4d4b35566e6f7e6335507a686b7e696870623b5a756f72364d72696e683559573548534e4f5f544c55566e6f7e63
2017-04-28 22:05 - 2017-05-03 17:32 - 00001306 _____ C:\Users\ckurl\Desktop\NiceHashMiner.exe.lnk
2017-04-28 22:04 - 2017-04-28 22:04 - 00001455 _____ C:\Users\ckurl\Desktop\bitcoin-wallet.lnk
2017-04-28 22:03 - 2017-05-06 18:28 - 00000000 ____D C:\Users\ckurl\Desktop\NiceHashMiner_v1.7.5.10
2017-04-28 17:14 - 2017-04-28 17:14 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\poclbm
2017-04-28 16:01 - 2017-04-28 16:01 - 00000000 ____D C:\Users\ckurl\Documents\xgen
2017-04-28 07:05 - 2017-05-07 15:25 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Bitcoin
2017-04-28 07:05 - 2017-04-28 07:05 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2017-04-28 07:04 - 2017-04-28 07:05 - 00000000 ____D C:\Program Files\Bitcoin
2017-04-28 06:57 - 2017-04-29 17:27 - 00000000 ____D C:\Users\ckurl\Desktop\guiminer
2017-04-27 20:30 - 2017-04-27 20:31 - 00000000 ____D C:\Users\ckurl\Documents\3Dobjects
2017-04-27 16:31 - 2016-05-29 19:13 - 00001955 _____ C:\Users\ckurl\Desktop\BlueJ.lnk
2017-04-27 16:13 - 2017-04-27 16:13 - 00000000 ____D C:\Users\ckurl\AppData\Local\Wondershare
2017-04-27 16:12 - 2017-04-27 16:12 - 00001098 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk
2017-04-27 16:12 - 2017-04-27 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-04-27 16:11 - 2017-04-27 19:18 - 00000000 ____D C:\Users\ckurl\Documents\Wondershare Filmora
2017-04-27 16:11 - 2017-04-27 16:11 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2017-04-27 16:11 - 2017-04-27 16:11 - 00000000 ____D C:\Program Files\Wondershare
2017-04-27 16:11 - 2017-03-17 11:43 - 01250304 _____ (CineForm Inc.) C:\Windows\system32\CFDecode64.ax
2017-04-27 16:10 - 2017-04-27 16:11 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-04-27 16:02 - 2017-04-27 20:25 - 00000000 ____D C:\Users\ckurl\Desktop\OCMaker
2017-04-27 07:16 - 2017-04-27 07:16 - 00251656 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2017-04-27 07:15 - 2017-04-27 07:15 - 00229288 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2017-04-27 07:15 - 2017-04-27 07:15 - 00173144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2017-04-27 07:15 - 2017-04-27 07:15 - 00112912 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2017-04-26 21:01 - 2017-04-28 22:01 - 00000000 ____D C:\Users\ckurl\Desktop\ipas
2017-04-26 21:01 - 2017-04-26 21:01 - 00000796 _____ C:\Users\ckurl\Desktop\Impactor.exe.lnk
2017-04-26 20:24 - 2017-04-26 20:50 - 00000000 ____D C:\Users\ckurl\Documents\CydiaImpactor
2017-04-26 18:47 - 2017-04-26 18:49 - 00000000 ____D C:\Users\ckurl\Desktop\PhotoISArt
2017-04-25 22:56 - 2017-04-27 07:03 - 00000000 ___RD C:\Users\ckurl\Desktop\TakeOwnership
2017-04-25 22:36 - 2017-04-27 07:47 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Mp3tag
2017-04-25 22:35 - 2017-04-25 22:35 - 00001059 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2017-04-25 22:35 - 2017-04-25 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2017-04-25 22:35 - 2017-04-25 22:35 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2017-04-25 22:27 - 2017-04-27 07:06 - 00000000 ___RD C:\Users\ckurl\Desktop\iphone music
2017-04-25 17:25 - 2017-04-25 17:25 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\dvdcss
2017-04-25 16:30 - 2017-04-25 16:30 - 00000000 ____D C:\Users\ckurl\AppData\Local\FonePaw
2017-04-24 07:47 - 2017-04-24 07:47 - 00000843 _____ C:\Users\ckurl\AppData\Local\recently-used.xbel
2017-04-23 09:58 - 2017-04-23 09:58 - 00000000 ____D C:\ProgramData\{EBB358F6-C727-49FC-A863-9F03BD8AC976}
2017-04-22 21:25 - 2017-04-22 21:25 - 00000144 _____ C:\Users\ckurl\.geocom
2017-04-20 20:36 - 2017-04-20 20:36 - 00001172 _____ C:\Users\Public\Desktop\KeyFinder.lnk
2017-04-20 20:36 - 2017-04-20 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2017-04-20 20:36 - 2017-04-20 20:36 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2017-04-19 00:12 - 2017-05-07 19:02 - 00000000 ____D C:\Users\Default\AppData\Roaming\VMware
2017-04-19 00:12 - 2017-05-07 19:02 - 00000000 ____D C:\Users\Default User\AppData\Roaming\VMware
2017-04-18 23:51 - 2017-05-07 19:35 - 00000000 ____D C:\Users\ckurl\AppData\Local\VMware
2017-04-18 23:50 - 2017-05-07 19:02 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\VMware
2017-04-18 23:47 - 2017-04-18 23:47 - 00000000 ____D C:\Users\ckurl\AppData\RoamingStartup Manager
2017-04-18 23:42 - 2017-03-21 19:18 - 00400872 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2017-04-18 23:42 - 2017-03-21 19:18 - 00366568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2017-04-18 23:42 - 2017-03-21 19:13 - 00088128 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2017-04-18 23:42 - 2017-03-21 19:13 - 00052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2017-04-18 23:42 - 2017-03-21 19:01 - 00066520 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2017-04-18 23:42 - 2017-03-21 19:01 - 00043992 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2017-04-18 23:42 - 2016-09-30 01:12 - 00091712 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2017-04-18 23:42 - 2016-09-30 01:12 - 00069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2017-04-18 23:42 - 2016-09-30 01:12 - 00065016 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2017-04-18 23:41 - 2017-04-18 23:41 - 00001272 _____ C:\Users\Public\Desktop\VMware Workstation 12 Player.lnk
2017-04-18 23:41 - 2017-04-18 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2017-04-18 23:41 - 2017-03-21 19:18 - 01149416 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2017-04-18 23:41 - 2017-02-20 08:02 - 00083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2017-04-18 23:40 - 2017-04-28 21:44 - 00000000 ____D C:\ProgramData\VMware
2017-04-18 23:40 - 2017-04-18 23:40 - 00000000 ____D C:\Program Files\Common Files\VMware
2017-04-18 23:40 - 2017-04-18 23:40 - 00000000 ____D C:\Program Files (x86)\VMware
2017-04-18 23:36 - 2017-05-07 19:35 - 00000000 ____D C:\MacOS
2017-04-18 22:34 - 2017-05-03 07:28 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-04-18 21:52 - 2017-04-18 21:53 - 112665056 _____ (Kaspersky Lab ZAO) C:\Users\ckurl\Desktop\MobileKapersy.exe
2017-04-18 21:42 - 2017-04-18 12:00 - 00053248 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\ckurl\Desktop\4ur-Windows-8-Mouse-Balls.exe
2017-04-18 21:40 - 2017-01-20 21:55 - 00039936 _____ C:\Users\ckurl\Desktop\12-Ants.exe
2017-04-17 14:32 - 2017-04-19 18:11 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Cacir
2017-04-17 14:31 - 2017-04-30 10:49 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2017-04-17 14:31 - 2017-04-17 14:31 - 00001175 _____ C:\Users\ckurl\Desktop\Cheat Engine.lnk
2017-04-17 14:31 - 2017-04-17 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-04-17 13:53 - 2017-05-07 15:53 - 00000000 ____D C:\Program Files\UNP
2017-04-17 13:53 - 2017-04-17 13:53 - 00000000 ____D C:\Windows\system32\UNP
2017-04-16 19:50 - 2017-05-07 17:42 - 00000000 ____D C:\Users\ckurl\Desktop\MyMissleCommand
2017-04-16 14:57 - 2017-04-16 14:57 - 00002982 _____ C:\Windows\System32\Tasks\iFreeUp_SkipUac_ckurl
2017-04-16 14:57 - 2017-04-16 14:57 - 00001181 _____ C:\Users\Public\Desktop\iFreeUp.lnk
2017-04-16 14:57 - 2017-04-16 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iFreeUp
2017-04-16 11:45 - 2017-05-07 15:25 - 00000000 ____D C:\Users\ckurl\Desktop\Python3pygame
2017-04-15 19:03 - 2017-04-15 19:03 - 05063256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-04-13 10:27 - 2017-04-13 10:27 - 00442848 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\Trufos.sys
2017-04-11 18:48 - 2017-04-11 18:48 - 00001448 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-04-11 18:48 - 2017-04-11 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-04-11 18:44 - 2017-04-11 18:44 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Acapela Group
2017-04-11 18:43 - 2017-04-11 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ginger
2017-04-11 16:18 - 2017-04-01 11:52 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 16:18 - 2017-04-01 11:52 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 16:16 - 2017-03-28 00:10 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-04-11 16:16 - 2017-03-28 00:10 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-11 16:16 - 2017-03-27 23:32 - 00198856 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2017-04-11 16:16 - 2017-03-27 23:29 - 02213248 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-11 16:16 - 2017-03-27 23:28 - 00773720 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-04-11 16:16 - 2017-03-27 23:26 - 00218520 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2017-04-11 16:16 - 2017-03-27 23:21 - 00167848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2017-04-11 16:16 - 2017-03-27 23:20 - 01181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-04-11 16:16 - 2017-03-27 23:19 - 00601712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-04-11 16:16 - 2017-03-27 23:18 - 01705976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-11 16:16 - 2017-03-27 23:15 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2017-04-11 16:16 - 2017-03-27 23:11 - 01860288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2017-04-11 16:16 - 2017-03-27 23:11 - 00360040 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2017-04-11 16:16 - 2017-03-27 23:10 - 07220184 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2017-04-11 16:16 - 2017-03-27 23:10 - 01293152 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2017-04-11 16:16 - 2017-03-27 23:09 - 00097128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-11 16:16 - 2017-03-27 23:07 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-11 16:16 - 2017-03-27 23:06 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-11 16:16 - 2017-03-27 23:05 - 22221368 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-04-11 16:16 - 2017-03-27 23:05 - 08168512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 16:16 - 2017-03-27 23:05 - 04260576 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-04-11 16:16 - 2017-03-27 23:05 - 01988048 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-04-11 16:16 - 2017-03-27 23:05 - 01848584 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2017-04-11 16:16 - 2017-03-27 23:05 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-04-11 16:16 - 2017-03-27 23:05 - 01504056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-11 16:16 - 2017-03-27 23:05 - 01302136 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-04-11 16:16 - 2017-03-27 23:05 - 01072248 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-04-11 16:16 - 2017-03-27 23:04 - 05721808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2017-04-11 16:16 - 2017-03-27 23:04 - 02262776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-11 16:16 - 2017-03-27 23:04 - 01431232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-11 16:16 - 2017-03-27 23:04 - 00975744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2017-04-11 16:16 - 2017-03-27 23:04 - 00861024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2017-04-11 16:16 - 2017-03-27 23:04 - 00277344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-04-11 16:16 - 2017-03-27 23:04 - 00136032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostUser.dll
2017-04-11 16:16 - 2017-03-27 23:04 - 00116568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2017-04-11 16:16 - 2017-03-27 23:02 - 01980768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-04-11 16:16 - 2017-03-27 23:02 - 00846560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-04-11 16:16 - 2017-03-27 23:02 - 00576408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-04-11 16:16 - 2017-03-27 22:59 - 06667520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 16:16 - 2017-03-27 22:59 - 04023008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-04-11 16:16 - 2017-03-27 22:59 - 02533728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-04-11 16:16 - 2017-03-27 22:58 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-04-11 16:16 - 2017-03-27 22:58 - 01851688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-04-11 16:16 - 2017-03-27 22:58 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-04-11 16:16 - 2017-03-27 22:58 - 01344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2017-04-11 16:16 - 2017-03-27 22:58 - 01277856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-04-11 16:16 - 2017-03-27 22:58 - 01202936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-04-11 16:16 - 2017-03-27 22:58 - 00981888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-04-11 16:16 - 2017-03-27 22:58 - 00961192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-11 16:16 - 2017-03-27 22:58 - 00387872 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2017-04-11 16:16 - 2017-03-27 22:53 - 01414728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-04-11 16:16 - 2017-03-27 22:53 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-04-11 16:16 - 2017-03-27 22:52 - 00306800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll
2017-04-11 16:16 - 2017-03-27 22:48 - 05685760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-04-11 16:16 - 2017-03-27 22:42 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-04-11 16:16 - 2017-03-27 22:42 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2017-04-11 16:16 - 2017-03-27 22:41 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2017-04-11 16:16 - 2017-03-27 22:40 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2017-04-11 16:16 - 2017-03-27 22:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthManagerProxy.dll
2017-04-11 16:16 - 2017-03-27 22:40 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-11 16:16 - 2017-03-27 22:39 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Radios.dll
2017-04-11 16:16 - 2017-03-27 22:39 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerUI.dll
2017-04-11 16:16 - 2017-03-27 22:38 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.dll
2017-04-11 16:16 - 2017-03-27 22:38 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-04-11 16:16 - 2017-03-27 22:38 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-11 16:16 - 2017-03-27 22:37 - 00255488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2017-04-11 16:16 - 2017-03-27 22:37 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apds.dll
2017-04-11 16:16 - 2017-03-27 22:37 - 00177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-11 16:16 - 2017-03-27 22:37 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2017-04-11 16:16 - 2017-03-27 22:37 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.HostName.dll
2017-04-11 16:16 - 2017-03-27 22:37 - 00097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.SystemManagement.dll
2017-04-11 16:16 - 2017-03-27 22:37 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2017-04-11 16:16 - 2017-03-27 22:37 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-04-11 16:16 - 2017-03-27 22:36 - 00769024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsecsnp.dll
2017-04-11 16:16 - 2017-03-27 22:36 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Diagnostics.dll
2017-04-11 16:16 - 2017-03-27 22:36 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinRtTracing.dll
2017-04-11 16:16 - 2017-03-27 22:36 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-11 16:16 - 2017-03-27 22:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-04-11 16:16 - 2017-03-27 22:36 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-11 16:16 - 2017-03-27 22:36 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 16:16 - 2017-03-27 22:36 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-11 16:16 - 2017-03-27 22:36 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicDisplay.sys
2017-04-11 16:16 - 2017-03-27 22:35 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2017-04-11 16:16 - 2017-03-27 22:35 - 00392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.Input.dll
2017-04-11 16:16 - 2017-03-27 22:35 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-11 16:16 - 2017-03-27 22:35 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 16:16 - 2017-03-27 22:35 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-04-11 16:16 - 2017-03-27 22:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-11 16:16 - 2017-03-27 22:35 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2017-04-11 16:16 - 2017-03-27 22:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-04-11 16:16 - 2017-03-27 22:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFi.dll
2017-04-11 16:16 - 2017-03-27 22:35 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2017-04-11 16:16 - 2017-03-27 22:35 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Lights.dll
2017-04-11 16:16 - 2017-03-27 22:35 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-04-11 16:16 - 2017-03-27 22:35 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-11 16:16 - 2017-03-27 22:34 - 00299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2017-04-11 16:16 - 2017-03-27 22:34 - 00237568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-04-11 16:16 - 2017-03-27 22:34 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBroker.dll
2017-04-11 16:16 - 2017-03-27 22:34 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-11 16:16 - 2017-03-27 22:33 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-11 16:16 - 2017-03-27 22:33 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Import.dll
2017-04-11 16:16 - 2017-03-27 22:33 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-04-11 16:16 - 2017-03-27 22:33 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-11 16:16 - 2017-03-27 22:33 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 16:16 - 2017-03-27 22:33 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll
2017-04-11 16:16 - 2017-03-27 22:33 - 00265728 _____ C:\Windows\SysWOW64\Windows.Perception.Stub.dll
2017-04-11 16:16 - 2017-03-27 22:33 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\WinRtTracing.dll
2017-04-11 16:16 - 2017-03-27 22:33 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Core.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 01243136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00332288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00298496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-04-11 16:16 - 2017-03-27 22:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WwaApi.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vaultcli.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2017-04-11 16:16 - 2017-03-27 22:32 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2017-04-11 16:16 - 2017-03-27 22:31 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-11 16:16 - 2017-03-27 22:31 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2017-04-11 16:16 - 2017-03-27 22:31 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2017-04-11 16:16 - 2017-03-27 22:31 - 00390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2017-04-11 16:16 - 2017-03-27 22:31 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll
2017-04-11 16:16 - 2017-03-27 22:30 - 00846336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2017-04-11 16:16 - 2017-03-27 22:30 - 00819200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2017-04-11 16:16 - 2017-03-27 22:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2017-04-11 16:16 - 2017-03-27 22:30 - 00787968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2017-04-11 16:16 - 2017-03-27 22:30 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-04-11 16:16 - 2017-03-27 22:30 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Picker.dll
2017-04-11 16:16 - 2017-03-27 22:30 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-04-11 16:16 - 2017-03-27 22:29 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Ocr.dll
2017-04-11 16:16 - 2017-03-27 22:29 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2017-04-11 16:16 - 2017-03-27 22:29 - 00529920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-04-11 16:16 - 2017-03-27 22:29 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2017-04-11 16:16 - 2017-03-27 22:29 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-04-11 16:16 - 2017-03-27 22:29 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.dll
2017-04-11 16:16 - 2017-03-27 22:29 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2017-04-11 16:16 - 2017-03-27 22:28 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-11 16:16 - 2017-03-27 22:28 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-11 16:16 - 2017-03-27 22:28 - 00561664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Wallet.dll
2017-04-11 16:16 - 2017-03-27 22:28 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2017-04-11 16:16 - 2017-03-27 22:28 - 00500224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.dll
2017-04-11 16:16 - 2017-03-27 22:28 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-04-11 16:16 - 2017-03-27 22:28 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.dll
2017-04-11 16:16 - 2017-03-27 22:27 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2017-04-11 16:16 - 2017-03-27 22:27 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2017-04-11 16:16 - 2017-03-27 22:27 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\AccountsRt.dll
2017-04-11 16:16 - 2017-03-27 22:27 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CryptoWinRT.dll
2017-04-11 16:16 - 2017-03-27 22:27 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\WwaApi.dll
2017-04-11 16:16 - 2017-03-27 22:26 - 01534464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-11 16:16 - 2017-03-27 22:26 - 01145344 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2017-04-11 16:16 - 2017-03-27 22:26 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.InkControls.dll
2017-04-11 16:16 - 2017-03-27 22:26 - 00549376 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-04-11 16:16 - 2017-03-27 22:26 - 00468992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-11 16:16 - 2017-03-27 22:26 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2017-04-11 16:16 - 2017-03-27 22:25 - 02333184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-04-11 16:16 - 2017-03-27 22:25 - 01196544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2017-04-11 16:16 - 2017-03-27 22:25 - 00963584 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2017-04-11 16:16 - 2017-03-27 22:25 - 00653312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2017-04-11 16:16 - 2017-03-27 22:24 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-04-11 16:16 - 2017-03-27 22:24 - 06288384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-04-11 16:16 - 2017-03-27 22:24 - 04614656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-04-11 16:16 - 2017-03-27 22:24 - 00901120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-11 16:16 - 2017-03-27 22:24 - 00675840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2017-04-11 16:16 - 2017-03-27 22:23 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-04-11 16:16 - 2017-03-27 22:23 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-04-11 16:16 - 2017-03-27 22:23 - 00589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2017-04-11 16:16 - 2017-03-27 22:23 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2017-04-11 16:16 - 2017-03-27 22:22 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2017-04-11 16:16 - 2017-03-27 22:22 - 00355328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RTMediaFrame.dll
2017-04-11 16:16 - 2017-03-27 22:22 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enrollmentapi.dll
2017-04-11 16:16 - 2017-03-27 22:21 - 03778048 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2017-04-11 16:16 - 2017-03-27 22:21 - 01403392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Editing.dll
2017-04-11 16:16 - 2017-03-27 22:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Editing.dll
2017-04-11 16:16 - 2017-03-27 22:21 - 00458752 _____ (Microsoft Corporation) C:\Windows\system32\RTMediaFrame.dll
2017-04-11 16:16 - 2017-03-27 22:20 - 03307008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2017-04-11 16:16 - 2017-03-27 22:20 - 00795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MiracastReceiver.dll
2017-04-11 16:16 - 2017-03-27 22:20 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-11 16:16 - 2017-03-27 22:19 - 07655424 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2017-04-11 16:16 - 2017-03-27 22:19 - 00746496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2017-04-11 16:16 - 2017-03-27 22:19 - 00713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2017-04-11 16:16 - 2017-03-27 22:19 - 00343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2017-04-11 16:16 - 2017-03-27 22:19 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2017-04-11 16:16 - 2017-03-27 22:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dialclient.dll
2017-04-11 16:16 - 2017-03-27 22:18 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 16:16 - 2017-03-27 22:18 - 01078784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2017-04-11 16:16 - 2017-03-27 22:17 - 06109696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2017-04-11 16:16 - 2017-03-27 22:17 - 00895488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2017-04-11 16:16 - 2017-03-27 22:17 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToReceiver.dll
2017-04-11 16:16 - 2017-03-27 22:17 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-04-11 16:16 - 2017-03-27 22:16 - 03198464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2017-04-11 16:16 - 2017-03-27 22:16 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2017-04-11 16:16 - 2017-03-27 22:16 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2017-04-11 16:16 - 2017-03-27 22:16 - 00134144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ErrorDetails.dll
2017-04-11 16:16 - 2017-03-27 22:15 - 02390016 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2017-04-11 16:16 - 2017-03-27 22:15 - 01247232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2017-04-11 16:16 - 2017-03-27 22:14 - 07468544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-04-11 16:16 - 2017-03-27 22:14 - 03520512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2017-04-11 16:16 - 2017-03-27 22:14 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Ocr.dll
2017-04-11 16:16 - 2017-03-27 22:14 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-04-11 16:16 - 2017-03-27 22:14 - 00641024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-04-11 16:16 - 2017-03-27 22:14 - 00400384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2017-04-11 16:16 - 2017-03-27 22:14 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Geolocation.dll
2017-04-11 16:16 - 2017-03-27 22:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Devices.dll
2017-04-11 16:16 - 2017-03-27 22:13 - 04596224 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2017-04-11 16:16 - 2017-03-27 22:13 - 02138112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2017-04-11 16:16 - 2017-03-27 22:13 - 01656320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Perception.dll
2017-04-11 16:16 - 2017-03-27 22:13 - 01232384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-11 16:16 - 2017-03-27 22:13 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2017-04-11 16:16 - 2017-03-27 22:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2017-04-11 16:16 - 2017-03-27 22:13 - 00611328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.dll
2017-04-11 16:16 - 2017-03-27 22:13 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 02682880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 01004544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 00862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 00827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 00691200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 00654336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 00620544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 00598528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-11 16:16 - 2017-03-27 22:12 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Midi.dll
2017-04-11 16:16 - 2017-03-27 22:11 - 02994176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-04-11 16:16 - 2017-03-27 22:11 - 02646528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2017-04-11 16:16 - 2017-03-27 22:11 - 01981440 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-04-11 16:16 - 2017-03-27 22:11 - 01600000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-11 16:16 - 2017-03-27 22:11 - 01576448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2017-04-11 16:16 - 2017-03-27 22:11 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-11 16:16 - 2017-03-27 22:11 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2017-04-11 16:16 - 2017-03-27 22:11 - 00751104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-11 16:16 - 2017-03-27 22:10 - 08076288 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-04-11 16:16 - 2017-03-27 22:10 - 02483200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-11 16:16 - 2017-03-27 22:10 - 02424320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Perception.dll
2017-04-11 16:16 - 2017-03-27 22:10 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Maps.dll
2017-04-11 16:16 - 2017-03-27 22:10 - 01266176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2017-04-11 16:16 - 2017-03-27 22:10 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-04-11 16:16 - 2017-03-27 22:09 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-11 16:16 - 2017-03-27 22:09 - 03106304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-04-11 16:16 - 2017-03-27 22:09 - 01369088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Phone.dll
2017-04-11 16:16 - 2017-03-27 22:08 - 01564160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-11 16:16 - 2017-03-27 22:08 - 00783360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2017-04-11 16:16 - 2017-03-27 22:08 - 00299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RADCUI.dll
2017-04-11 16:16 - 2017-03-27 22:06 - 00999424 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2017-04-11 16:16 - 2017-03-27 21:48 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2017-04-11 16:15 - 2017-03-27 23:36 - 01617760 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-04-11 16:15 - 2017-03-27 23:36 - 01294688 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-04-11 16:15 - 2017-03-27 23:36 - 00565088 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-04-11 16:15 - 2017-03-27 23:36 - 00343904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-04-11 16:15 - 2017-03-27 23:36 - 00142176 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-04-11 16:15 - 2017-03-27 23:35 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-11 16:15 - 2017-03-27 23:28 - 07786336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-11 16:15 - 2017-03-27 23:26 - 00603488 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2017-04-11 16:15 - 2017-03-27 23:22 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll
2017-04-11 16:15 - 2017-03-27 23:20 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2017-04-11 16:15 - 2017-03-27 23:12 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-04-11 16:15 - 2017-03-27 23:11 - 02187616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-11 16:15 - 2017-03-27 23:11 - 01738560 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-04-11 16:15 - 2017-03-27 23:11 - 00402784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-11 16:15 - 2017-03-27 23:10 - 02758648 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-11 16:15 - 2017-03-27 23:10 - 01157008 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2017-04-11 16:15 - 2017-03-27 23:10 - 00178528 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostUser.dll
2017-04-11 16:15 - 2017-03-27 23:10 - 00146776 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
2017-04-11 16:15 - 2017-03-27 23:09 - 02446704 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-04-11 16:15 - 2017-03-27 23:09 - 00682816 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-04-11 16:15 - 2017-03-27 23:09 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-04-11 16:15 - 2017-03-27 23:08 - 01267504 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-04-11 16:15 - 2017-03-27 23:08 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-04-11 16:15 - 2017-03-27 23:08 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-04-11 16:15 - 2017-03-27 23:04 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-04-11 16:15 - 2017-03-27 23:04 - 01276760 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-11 16:15 - 2017-03-27 23:04 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-04-11 16:15 - 2017-03-27 23:04 - 00160088 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostBroker.dll
2017-04-11 16:15 - 2017-03-27 23:00 - 01569184 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-04-11 16:15 - 2017-03-27 23:00 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2017-04-11 16:15 - 2017-03-27 22:58 - 00372440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll
2017-04-11 16:15 - 2017-03-27 22:44 - 07216640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-04-11 16:15 - 2017-03-27 22:41 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2017-04-11 16:15 - 2017-03-27 22:38 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2017-04-11 16:15 - 2017-03-27 22:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-11 16:15 - 2017-03-27 22:37 - 22568960 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-04-11 16:15 - 2017-03-27 22:37 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManagerProxy.dll
2017-04-11 16:15 - 2017-03-27 22:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\DdcWnsListener.dll
2017-04-11 16:15 - 2017-03-27 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2017-04-11 16:15 - 2017-03-27 22:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\RdpRelayTransport.dll
2017-04-11 16:15 - 2017-03-27 22:36 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-11 16:15 - 2017-03-27 22:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2017-04-11 16:15 - 2017-03-27 22:35 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2017-04-11 16:15 - 2017-03-27 22:35 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\Family.Client.dll
2017-04-11 16:15 - 2017-03-27 22:35 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.SystemManagement.dll
2017-04-11 16:15 - 2017-03-27 22:35 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Printers.dll
2017-04-11 16:15 - 2017-03-27 22:34 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2017-04-11 16:15 - 2017-03-27 22:34 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Family.SyncEngine.dll
2017-04-11 16:15 - 2017-03-27 22:34 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2017-04-11 16:15 - 2017-03-27 22:34 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-11 16:15 - 2017-03-27 22:34 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 16:15 - 2017-03-27 22:34 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthTokenBrokerExt.dll
2017-04-11 16:15 - 2017-03-27 22:33 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-11 16:15 - 2017-03-27 22:33 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.dll
2017-04-11 16:15 - 2017-03-27 22:33 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFi.dll
2017-04-11 16:15 - 2017-03-27 22:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\DeviceDirectoryClient.dll
2017-04-11 16:15 - 2017-03-27 22:33 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2017-04-11 16:15 - 2017-03-27 22:33 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.Ngc.dll
2017-04-11 16:15 - 2017-03-27 22:33 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.UserDeviceAssociation.dll
2017-04-11 16:15 - 2017-03-27 22:32 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll
2017-04-11 16:15 - 2017-03-27 22:32 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-04-11 16:15 - 2017-03-27 22:32 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-04-11 16:15 - 2017-03-27 22:32 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Radios.dll
2017-04-11 16:15 - 2017-03-27 22:31 - 00547840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Input.dll
2017-04-11 16:15 - 2017-03-27 22:31 - 00418304 _____ C:\Windows\system32\Windows.Perception.Stub.dll
2017-04-11 16:15 - 2017-03-27 22:31 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-04-11 16:15 - 2017-03-27 22:31 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-04-11 16:15 - 2017-03-27 22:31 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-11 16:15 - 2017-03-27 22:31 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-11 16:15 - 2017-03-27 22:31 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-11 16:15 - 2017-03-27 22:31 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll
2017-04-11 16:15 - 2017-03-27 22:31 - 00236544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-11 16:15 - 2017-03-27 22:31 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-11 16:15 - 2017-03-27 22:31 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-04-11 16:15 - 2017-03-27 22:31 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SerialCommunication.dll
2017-04-11 16:15 - 2017-03-27 22:31 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Lights.dll
2017-04-11 16:15 - 2017-03-27 22:30 - 00692224 _____ (Microsoft Corporation) C:\Windows\system32\CellularAPI.dll
2017-04-11 16:15 - 2017-03-27 22:30 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.AllJoyn.dll
2017-04-11 16:15 - 2017-03-27 22:30 - 00568320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.LowLevel.dll
2017-04-11 16:15 - 2017-03-27 22:30 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFiDirect.dll
2017-04-11 16:15 - 2017-03-27 22:30 - 00340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-11 16:15 - 2017-03-27 22:30 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2017-04-11 16:15 - 2017-03-27 22:30 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\dafpos.dll
2017-04-11 16:15 - 2017-03-27 22:30 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerUI.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Import.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00379904 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-04-11 16:15 - 2017-03-27 22:29 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2017-04-11 16:15 - 2017-03-27 22:29 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-11 16:15 - 2017-03-27 22:28 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2017-04-11 16:15 - 2017-03-27 22:28 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2017-04-11 16:15 - 2017-03-27 22:28 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2017-04-11 16:15 - 2017-03-27 22:28 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Picker.dll
2017-04-11 16:15 - 2017-03-27 22:28 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-04-11 16:15 - 2017-03-27 22:28 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 16:15 - 2017-03-27 22:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2017-04-11 16:15 - 2017-03-27 22:27 - 01060352 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2017-04-11 16:15 - 2017-03-27 22:27 - 00949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll
2017-04-11 16:15 - 2017-03-27 22:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2017-04-11 16:15 - 2017-03-27 22:27 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2017-04-11 16:15 - 2017-03-27 22:27 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-04-11 16:15 - 2017-03-27 22:27 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-04-11 16:15 - 2017-03-27 22:26 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2017-04-11 16:15 - 2017-03-27 22:26 - 00329728 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2017-04-11 16:15 - 2017-03-27 22:26 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2017-04-11 16:15 - 2017-03-27 22:25 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-04-11 16:15 - 2017-03-27 22:25 - 01010176 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2017-04-11 16:15 - 2017-03-27 22:25 - 00966144 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2017-04-11 16:15 - 2017-03-27 22:25 - 00896512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2017-04-11 16:15 - 2017-03-27 22:25 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2017-04-11 16:15 - 2017-03-27 22:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-11 16:15 - 2017-03-27 22:24 - 19416576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-11 16:15 - 2017-03-27 22:24 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2017-04-11 16:15 - 2017-03-27 22:24 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2017-04-11 16:15 - 2017-03-27 22:23 - 09130496 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-04-11 16:15 - 2017-03-27 22:23 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-11 16:15 - 2017-03-27 22:23 - 00691712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-11 16:15 - 2017-03-27 22:23 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-04-11 16:15 - 2017-03-27 22:22 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-11 16:15 - 2017-03-27 22:21 - 23681536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-11 16:15 - 2017-03-27 22:21 - 01589760 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2017-04-11 16:15 - 2017-03-27 22:21 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\CastLaunch.dll
2017-04-11 16:15 - 2017-03-27 22:20 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\MiracastReceiver.dll
2017-04-11 16:15 - 2017-03-27 22:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-11 16:15 - 2017-03-27 22:19 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2017-04-11 16:15 - 2017-03-27 22:19 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2017-04-11 16:15 - 2017-03-27 22:19 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll
2017-04-11 16:15 - 2017-03-27 22:19 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll
2017-04-11 16:15 - 2017-03-27 22:18 - 12181504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-11 16:15 - 2017-03-27 22:18 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-04-11 16:15 - 2017-03-27 22:18 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2017-04-11 16:15 - 2017-03-27 22:17 - 13087232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-11 16:15 - 2017-03-27 22:17 - 05114368 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2017-04-11 16:15 - 2017-03-27 22:17 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-04-11 16:15 - 2017-03-27 22:17 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\PlayToReceiver.dll
2017-04-11 16:15 - 2017-03-27 22:16 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\ErrorDetails.dll
2017-04-11 16:15 - 2017-03-27 22:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll
2017-04-11 16:15 - 2017-03-27 22:15 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-11 16:15 - 2017-03-27 22:15 - 00945664 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2017-04-11 16:15 - 2017-03-27 22:15 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-04-11 16:15 - 2017-03-27 22:15 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2017-04-11 16:15 - 2017-03-27 22:15 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\Geolocation.dll
2017-04-11 16:15 - 2017-03-27 22:15 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2017-04-11 16:15 - 2017-03-27 22:15 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll
2017-04-11 16:15 - 2017-03-27 22:14 - 08126976 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-04-11 16:15 - 2017-03-27 22:14 - 01692160 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-04-11 16:15 - 2017-03-27 22:14 - 01643008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2017-04-11 16:15 - 2017-03-27 22:14 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-04-11 16:15 - 2017-03-27 22:14 - 00913920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2017-04-11 16:15 - 2017-03-27 22:14 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-11 16:15 - 2017-03-27 22:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-11 16:15 - 2017-03-27 22:14 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-11 16:15 - 2017-03-27 22:13 - 06045184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-04-11 16:15 - 2017-03-27 22:13 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-04-11 16:15 - 2017-03-27 22:13 - 02095616 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-11 16:15 - 2017-03-27 22:13 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2017-04-11 16:15 - 2017-03-27 22:13 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2017-04-11 16:15 - 2017-03-27 22:13 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-11 16:15 - 2017-03-27 22:13 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2017-04-11 16:15 - 2017-03-27 22:13 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Midi.dll
2017-04-11 16:15 - 2017-03-27 22:12 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-04-11 16:15 - 2017-03-27 22:12 - 02208768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.3D.dll
2017-04-11 16:15 - 2017-03-27 22:12 - 02026496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-11 16:15 - 2017-03-27 22:12 - 01509376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-11 16:15 - 2017-03-27 22:12 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\CryptoWinRT.dll
2017-04-11 16:15 - 2017-03-27 22:11 - 02914816 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2017-04-11 16:15 - 2017-03-27 22:11 - 01275392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2017-04-11 16:15 - 2017-03-27 22:10 - 02316288 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-11 16:15 - 2017-03-27 22:10 - 01783296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-11 16:15 - 2017-03-27 22:10 - 01637888 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-11 16:15 - 2017-03-27 22:10 - 01586176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2017-04-11 16:15 - 2017-03-27 22:10 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-04-11 16:15 - 2017-03-27 22:10 - 00875520 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2017-04-11 16:15 - 2017-03-27 22:10 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2017-04-11 16:15 - 2017-03-27 22:09 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-04-11 16:15 - 2017-03-27 22:09 - 01328640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2017-04-11 16:15 - 2017-03-27 22:09 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-04-11 16:15 - 2017-03-27 22:09 - 01064448 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-04-11 16:15 - 2017-03-27 22:09 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2017-04-11 16:15 - 2017-03-27 22:08 - 03612672 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-04-11 16:15 - 2017-03-27 22:08 - 03542016 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2017-04-11 16:15 - 2017-03-27 22:08 - 02895872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-11 16:15 - 2017-03-27 22:08 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2017-04-11 16:15 - 2017-03-27 22:07 - 00908800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2017-04-11 16:15 - 2017-03-27 22:07 - 00701952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2017-04-11 16:15 - 2017-03-27 22:07 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\FontProvider.dll
2017-04-11 16:15 - 2017-03-27 22:06 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-04-11 16:15 - 2017-03-27 22:06 - 00924672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-11 16:15 - 2017-03-27 22:05 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-11 16:15 - 2017-03-18 09:50 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-04-11 16:15 - 2017-03-18 09:35 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-04-11 13:31 - 2017-05-04 22:25 - 00000000 ____D C:\Windows\CbsTemp
2017-04-11 12:49 - 2017-05-06 14:42 - 00000000 ____D C:\Users\ckurl\AppData\LocalLow\IObit
2017-04-11 09:08 - 2017-04-11 09:03 - 01018592 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-04-11 09:08 - 2017-04-11 09:03 - 00197336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-04-10 21:32 - 2017-04-10 21:32 - 00000000 ____D C:\ProgramData\BDLogging
2017-04-10 21:32 - 2017-04-10 21:32 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2017-04-10 21:32 - 2017-04-10 21:32 - 00000000 ____D C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
2017-04-10 21:28 - 2017-04-10 21:28 - 00001872 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-04-10 21:28 - 2017-04-10 21:28 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\SUPERAntiSpyware.com
2017-04-10 21:28 - 2017-04-10 21:28 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-04-10 21:28 - 2017-04-10 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-04-10 21:28 - 2017-04-10 21:28 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-04-10 21:24 - 2017-04-10 21:24 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-04-09 18:45 - 2017-04-09 18:45 - 00000000 ____D C:\Windows\IObit
2017-04-09 18:40 - 2017-05-08 07:27 - 00000000 ____D C:\Windows\AppReadiness
2017-04-09 18:40 - 2017-04-09 18:40 - 00000000 ____D C:\Windows\Panther
2017-04-09 10:44 - 2017-04-30 11:10 - 00000000 ____D C:\ProgramData\BSD
2017-04-09 09:59 - 2017-04-09 09:59 - 00001269 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-04-09 09:59 - 2017-04-09 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-04-09 09:59 - 2017-04-09 09:59 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-04-09 09:59 - 2017-03-17 16:39 - 00051904 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2017-04-08 16:32 - 2017-04-08 16:32 - 00000000 ____D C:\ProgramData\YSFLIGHT.COM

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-08 07:21 - 2016-05-29 18:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-05-08 07:19 - 2016-08-22 04:06 - 00000000 ____D C:\Users\ckurl
2017-05-08 07:19 - 2016-05-28 10:44 - 00000000 __SHD C:\Users\ckurl\IntelGraphicsProfiles
2017-05-08 07:17 - 2016-08-22 04:33 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-08 07:17 - 2016-08-22 04:00 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-07 20:40 - 2016-07-31 16:43 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-07 20:40 - 2016-07-15 23:04 - 00786432 _____ C:\Windows\system32\config\BBI
2017-05-07 20:32 - 2016-08-22 03:56 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-05-07 18:50 - 2016-06-11 22:06 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Spotify
2017-05-07 18:28 - 2017-03-26 10:37 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-05-07 13:16 - 2016-07-16 04:45 - 00000000 ____D C:\Windows\INF
2017-05-07 11:52 - 2016-05-28 17:22 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-07 11:27 - 2017-02-08 18:38 - 00000000 ____D C:\Users\ckurl\Documents\DAVAProject
2017-05-07 02:00 - 2016-05-30 10:26 - 00000000 ____D C:\Users\ckurl\AppData\Local\Adobe
2017-05-06 23:44 - 2016-09-11 07:43 - 00000000 ____D C:\Games
2017-05-06 23:44 - 2016-09-02 17:23 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-05-06 23:44 - 2016-08-22 04:45 - 00000000 ____D C:\inetpub
2017-05-06 23:44 - 2016-08-20 18:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-05-06 23:44 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-06 23:44 - 2016-05-28 17:25 - 00000000 ____D C:\Program Files\TrueKey
2017-05-06 23:44 - 2016-03-05 06:34 - 00000000 ____D C:\Intel
2017-05-06 22:13 - 2017-04-02 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-05-06 22:13 - 2017-04-02 09:59 - 00000000 ____D C:\ProgramData\IObit
2017-05-06 14:45 - 2016-08-22 04:05 - 02058910 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-06 14:22 - 2016-10-25 22:20 - 00000000 ____D C:\AdwCleaner
2017-05-06 14:06 - 2016-05-29 08:44 - 00000000 ____D C:\Users\ckurl\AppData\Local\CrashDumps
2017-05-05 22:45 - 2016-10-31 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-05 18:56 - 2016-07-11 21:01 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-05 08:04 - 2016-08-03 20:16 - 00000236 _____ C:\Users\ckurl\Desktop\Text Document.txt
2017-05-04 22:24 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-04 20:28 - 2016-09-02 17:14 - 00000000 ____D C:\ProgramData\Autodesk
2017-05-04 17:21 - 2016-07-09 18:09 - 00000000 ____D C:\Users\ckurl\AppData\Local\HP
2017-05-04 16:37 - 2016-09-02 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-05-04 15:52 - 2015-10-29 23:28 - 00000000 ____D C:\Users\Default.migrated
2017-05-03 19:33 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\spool
2017-05-03 18:07 - 2016-11-15 08:23 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\CyberLink
2017-05-03 18:07 - 2016-03-05 06:54 - 00000000 ____D C:\ProgramData\CyberLink
2017-05-03 07:19 - 2017-01-29 15:56 - 00000000 ____D C:\ProgramData\Norton
2017-05-02 21:43 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-05-02 07:25 - 2017-02-02 21:18 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\vlc
2017-05-01 21:05 - 2017-03-14 17:34 - 00000000 ____D C:\ProgramData\Betternet
2017-05-01 16:02 - 2016-08-22 03:56 - 00251728 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-01 14:37 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-01 14:33 - 2016-03-05 07:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-01 14:05 - 2016-03-05 06:55 - 00000000 ____D C:\Program Files\CyberLink
2017-05-01 14:05 - 2016-03-05 06:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-01 14:04 - 2016-08-22 03:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-05-01 07:03 - 2016-11-30 22:13 - 00007602 _____ C:\Users\ckurl\AppData\Local\Resmon.ResmonCfg
2017-04-30 16:23 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\NDF
2017-04-30 15:37 - 2016-03-05 06:51 - 00000000 ____D C:\Program Files (x86)\HP
2017-04-30 15:37 - 2015-08-06 08:21 - 00000000 ____D C:\SWSetup
2017-04-30 15:36 - 2016-11-13 10:03 - 00002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power Media Player 14.lnk
2017-04-30 15:36 - 2016-03-05 06:41 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-04-30 15:36 - 2016-03-05 06:41 - 00000000 ____D C:\ProgramData\install_clap
2017-04-30 15:35 - 2016-03-05 06:41 - 00000000 ____D C:\ProgramData\Temp
2017-04-30 13:45 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-30 13:45 - 2016-05-28 10:44 - 00000000 ____D C:\Users\ckurl\AppData\Local\Packages
2017-04-30 13:39 - 2017-03-05 18:32 - 00001550 _____ C:\Users\ckurl\Desktop\sublime_text.lnk
2017-04-30 13:26 - 2017-04-02 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IOTransfer
2017-04-30 13:26 - 2017-03-04 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-04-30 13:26 - 2017-03-04 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-04-30 13:25 - 2017-04-02 10:49 - 00002362 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-04-30 13:24 - 2016-08-20 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-04-30 13:24 - 2016-07-24 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-30 13:24 - 2016-03-05 06:33 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-30 13:23 - 2016-08-20 19:56 - 00000000 ____D C:\Program Files\Java
2017-04-30 13:21 - 2016-07-24 08:57 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-30 13:02 - 2017-04-02 09:59 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\IObit
2017-04-30 13:02 - 2017-04-02 09:59 - 00000000 ____D C:\Program Files (x86)\IObit
2017-04-30 12:58 - 2017-01-09 16:36 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-04-30 12:37 - 2016-09-10 14:18 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly
2017-04-30 12:30 - 2016-11-24 13:09 - 00002355 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-30 12:30 - 2016-11-24 13:09 - 00002343 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-30 12:26 - 2017-03-21 19:25 - 00000000 ____D C:\Users\ckurl\Documents\Backups
2017-04-30 11:47 - 2016-08-22 04:33 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 11:47 - 2016-08-22 04:33 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-30 10:50 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\Tasks_Migrated
2017-04-30 10:05 - 2016-06-11 22:09 - 00000000 ____D C:\Users\ckurl\AppData\Local\Spotify
2017-04-30 09:15 - 2015-07-10 04:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-30 07:27 - 2016-08-22 04:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-04-29 20:59 - 2016-08-22 03:59 - 00023379 _____ C:\Windows\system32\Drivers\rtkhdasetting.zip
2017-04-29 19:31 - 2016-08-22 04:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-04-29 19:05 - 2016-09-02 21:56 - 00002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bang & Olufsen.lnk
2017-04-29 19:04 - 2016-08-22 03:59 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-04-29 16:17 - 2016-09-02 18:20 - 00000000 ____D C:\Users\ckurl\Documents\maya
2017-04-29 15:20 - 2016-12-03 17:17 - 00000000 ____D C:\Users\ckurl\Documents\Python
2017-04-29 09:53 - 2017-02-12 00:21 - 00003654 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-04-29 09:52 - 2016-08-22 04:33 - 00003828 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8620
2017-04-29 07:45 - 2016-09-04 13:16 - 00000000 ____D C:\ProgramData\Google
2017-04-27 19:39 - 2016-05-28 17:22 - 00000000 ____D C:\Users\ckurl\AppData\Local\Google
2017-04-27 16:32 - 2017-04-04 00:29 - 00000000 ____D C:\ProgramData\wondershare
2017-04-27 07:32 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\rescache
2017-04-24 22:32 - 2017-02-11 16:18 - 00000000 ____D C:\Users\ckurl\.gimp-2.8
2017-04-24 07:47 - 2017-02-11 16:21 - 00000000 ____D C:\Users\ckurl\AppData\Local\gtk-2.0
2017-04-19 17:45 - 2017-02-09 17:22 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-04-19 17:44 - 2016-08-22 04:00 - 06437312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-04-19 17:44 - 2016-08-22 04:00 - 02479736 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-04-19 17:44 - 2016-08-22 04:00 - 01762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-04-19 17:44 - 2016-08-22 04:00 - 00392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-04-19 17:44 - 2016-08-22 04:00 - 00082040 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-04-19 17:44 - 2016-08-22 04:00 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-04-19 15:29 - 2016-08-22 04:00 - 07915387 _____ C:\Windows\system32\nvcoproc.bin
2017-04-19 00:25 - 2016-08-14 08:01 - 00000218 _____ C:\Users\ckurl\AppData\Roaming\WB.CFG
2017-04-18 23:41 - 2016-08-22 04:05 - 01860954 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-18 22:46 - 2017-04-02 17:39 - 00001573 _____ C:\Users\ckurl\Desktop\Road Rush Racer.lnk
2017-04-17 14:33 - 2017-02-12 00:26 - 00003304 _____ C:\Windows\System32\Tasks\{BDA69597-C186-49A4-856F-CFDA838F02C2}
2017-04-17 14:33 - 2017-01-29 21:09 - 00003458 _____ C:\Windows\System32\Tasks\{D952195F-F2FE-479E-8CAC-E5117817E8CF}
2017-04-17 14:33 - 2016-10-29 19:46 - 00003618 _____ C:\Windows\System32\Tasks\{792C56D5-DC60-4C20-8BB6-DACFE96AE1E2}
2017-04-15 19:03 - 2016-08-22 04:33 - 00004552 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-15 19:03 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-15 19:03 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-14 16:00 - 2016-04-26 23:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ___SD C:\Windows\system32\F12
2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\setup
2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\Provisioning
2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-11 19:04 - 2016-07-15 23:04 - 00000000 ____D C:\Windows\system32\Dism
2017-04-11 19:01 - 2017-03-26 10:30 - 00000000 ____D C:\Users\ckurl\AppData\Local\Bluestacks
2017-04-11 19:01 - 2017-03-25 15:56 - 00000000 ____D C:\Users\ckurl\AppData\LocalLow\Heroes and Generals
2017-04-11 19:01 - 2016-09-02 18:20 - 00000000 ____D C:\ProgramData\FLEXnet
2017-04-11 19:01 - 2016-08-14 07:01 - 00000000 __HDC C:\ProgramData\{3A83B8C4-5F70-453E-A723-B5672F107885}
2017-04-11 19:01 - 2016-08-05 20:06 - 00000000 ____D C:\Users\ckurl\vmlogs
2017-04-11 19:01 - 2016-08-05 20:05 - 00000000 ____D C:\Users\ckurl\AppData\Local\Nox
2017-04-11 18:56 - 2017-04-04 00:27 - 00000000 ____D C:\Program Files (x86)\KeepVid
2017-04-11 18:56 - 2016-08-05 20:10 - 00000000 ____D C:\Users\ckurl\.android
2017-04-10 20:25 - 2016-07-15 23:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-04-09 10:55 - 2016-11-24 13:06 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2017-04-09 10:55 - 2016-10-19 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ophcrack
2017-04-09 10:55 - 2016-09-26 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KGB Archiver
2017-04-09 10:55 - 2016-09-13 17:34 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Global Offensive
2017-04-09 10:51 - 2016-07-16 04:47 - 00000000 __RSD C:\Windows\Media
2017-04-09 10:51 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\security
2017-04-09 10:51 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\Registration
2017-04-09 10:51 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\Help
2017-04-09 10:44 - 2015-07-10 04:04 - 00000187 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2017-04-29 06:38 - 2017-04-29 20:58 - 0000061 _____ () C:\Users\ckurl\AppData\Roaming\DATA.del
2017-05-01 14:10 - 2017-05-01 15:47 - 0000115 _____ () C:\Users\ckurl\AppData\Roaming\LogFile.txt
2016-08-27 06:31 - 2016-08-27 06:31 - 2768916 _____ () C:\Users\ckurl\AppData\Roaming\sb250.dat
2016-08-14 08:01 - 2017-04-19 00:25 - 0000218 _____ () C:\Users\ckurl\AppData\Roaming\WB.CFG
2017-05-01 14:50 - 2017-05-01 14:50 - 0000600 _____ () C:\Users\ckurl\AppData\Roaming\winscp.rnd
2017-04-24 07:47 - 2017-04-24 07:47 - 0000843 _____ () C:\Users\ckurl\AppData\Local\recently-used.xbel
2016-11-30 22:13 - 2017-05-01 07:03 - 0007602 _____ () C:\Users\ckurl\AppData\Local\Resmon.ResmonCfg
2017-03-26 10:50 - 2017-03-26 10:50 - 0000552 _____ () C:\Users\ckurl\AppData\Local\TroubleshooterConfig.json
2016-11-02 18:34 - 2016-12-21 11:17 - 0000906 _____ () C:\Users\ckurl\AppData\Local\_settings.ini
2016-08-19 10:52 - 2016-08-19 10:52 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2017-05-07 09:59 - 2017-05-07 09:59 - 0008192 _____ () C:\Users\ckurl\AppData\Local\Temp\iuqebq21.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-04 07:41

==================== End of FRST.txt ============================

Link to post
Share on other sites

Alright, let's give this a go.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

fixlist.txt

Link to post
Share on other sites

Fix Log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by ckurl (08-05-2017 14:40:35) Run:1
Running from F:\iAmInfected\FRST64
Loaded Profiles: ckurl (Available Profiles: ckurl)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]

CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (Adblock for Youtube™) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-05-03]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

S3 MFE_RR; C:\Users\ckurl\AppData\Local\Temp\mfe_rr.sys [24120 2017-05-06] (McAfee, Inc.) <==== ATTENTION
S0 D46ABDF2; system32\drivers\D46ABDF2.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

Task: {00615077-DD07-4963-B529-208732E0CC98} - \LUMOS\TBW\TBW_04_00 -> No File <==== ATTENTION
Task: {066FDB27-482E-45EC-89FE-296A667BEF47} - \LUMOS\TBW\TBW_07_00 -> No File <==== ATTENTION
Task: {0E6157E1-9324-4F79-AC2F-0596760AA289} - \LUMOS\TBW\TBW_20_30 -> No File <==== ATTENTION
Task: {11486291-E2F9-4EE7-910A-470A06389DFF} - \Auslogics\Driver Updater\Start Driver Updater оn ckurl logon -> No File <==== ATTENTION
Task: {19C37EF1-1335-4460-B43D-3AF1D9063D1A} - \LUMOS\TBW\TBW_18_00 -> No File <==== ATTENTION
Task: {1AA14685-00A4-46CA-A3A0-524A35C08D62} - \LUMOS\TBW\TBW_09_00 -> No File <==== ATTENTION
Task: {1D491542-565C-4D42-9C3A-8327E8698C03} - \LUMOS\TBW\TBW_10_00 -> No File <==== ATTENTION
Task: {1F930566-392B-4389-879A-60A5F17BF86A} - \LUMOS\TBW\TBW_05_30 -> No File <==== ATTENTION
Task: {23E29108-D829-42F6-AE0D-D612C6B15C40} - \LUMOS\TBW\TBW_08_00 -> No File <==== ATTENTION
Task: {258AB952-D067-4A4C-B5F9-A0A7CE4333DE} - \LUMOS\TBW\TBW_06_00 -> No File <==== ATTENTION
Task: {31F2C749-E3F5-405F-BE25-C6AB8493AF06} - \LUMOS\TBW\TBW_06_30 -> No File <==== ATTENTION
Task: {33D1363B-6D6D-4058-B2BF-41506E76FD76} - \LUMOS\TBW\TBW_00_30 -> No File <==== ATTENTION
Task: {3F2B1D6F-7BC1-4AA4-ACD8-38BCB8421B3D} - \LUMOS\TBW\TBW_19_00 -> No File <==== ATTENTION
Task: {4353D761-CAA6-401D-A9F8-016FBE030398} - \LUMOS\TBW\TBW_21_30 -> No File <==== ATTENTION
Task: {4683F5E9-B5D6-4639-A8DD-A11F0427AC13} - \LUMOS\TBW\TBW_11_30 -> No File <==== ATTENTION
Task: {4B474376-DB93-48CE-BB10-6D0DC4A189BF} - \LUMOS\TBW\TBW_12_00 -> No File <==== ATTENTION
Task: {570D73E8-473C-4611-8E63-319EA59BC8E4} - \LUMOS\TBW\TBW_01_00 -> No File <==== ATTENTION
Task: {58652A9D-3B8B-4596-951F-9DAA9880BD62} - \LUMOS\TBW\TBW_18_30 -> No File <==== ATTENTION
Task: {59D14286-9C19-408B-B974-F313B0B0FC37} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION
Task: {64EF5A71-0F8E-45DE-B6A8-67CA93417278} - \LUMOS\TBW\TBW_02_30 -> No File <==== ATTENTION
Task: {662D2B71-DF00-49B8-9288-E9218EBD5F5B} - \LUMOS\TBW\TBW_23_00 -> No File <==== ATTENTION
Task: {663C14AB-0200-49F2-A7C1-635EB0C630CD} - \LUMOS\TBW\TBW_14_30 -> No File <==== ATTENTION
Task: {6AEC7E8A-3555-4F99-885C-26A156468358} - \LUMOS\TBW\TBW_07_30 -> No File <==== ATTENTION
Task: {70357E3C-EC2A-44DE-97BF-6620BDCCE2CF} - \LUMOS\TBW\TBW_02_00 -> No File <==== ATTENTION
Task: {706FF03A-76EB-4301-ADEE-0D7AA2B80C37} - \LUMOS\TBW\TBW_17_00 -> No File <==== ATTENTION
Task: {7163B70E-D9C2-4664-B09A-4B088E5B43EB} - \LUMOS\TBW\TBW_15_00 -> No File <==== ATTENTION
Task: {73FEA031-3747-4D9A-B2E7-5142E8441DA8} - \LUMOS\TBW\TBW_13_00 -> No File <==== ATTENTION
Task: {763690B7-F07B-4672-996D-1049B67D2F1A} - \LUMOS\TBW\TBW_13_30 -> No File <==== ATTENTION
Task: {7C7E0AB9-8E3D-4D54-900A-1894713952F3} - \LUMOS\TBW\TBW_23_30 -> No File <==== ATTENTION
Task: {7CA047E5-F6FF-4312-939B-BD0B41906552} - \LUMOS\TBW\TBW_22_30 -> No File <==== ATTENTION
Task: {7F004AD8-97CE-4218-B29F-D423DA5739BB} - \LUMOS\TBW\TBW_03_30 -> No File <==== ATTENTION
Task: {8490D1E7-7C5A-4505-A69C-FC678D0329B6} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
Task: {93D1A584-2E08-4B3A-988C-5F43839092B7} - \LUMOS\TBW\TBW_00_00 -> No File <==== ATTENTION
Task: {95B87259-C355-438B-98D0-3996291B8C94} - \LUMOS\TBW\TBW_19_30 -> No File <==== ATTENTION
Task: {98E9A800-5DD9-4AEA-99DE-B7ACBCAF6C51} - \LUMOS\TBW\TBW_16_30 -> No File <==== ATTENTION
Task: {98F7D864-643F-4B06-8BCE-105F38E8E408} - \LUMOS\TBW\TBW_10_30 -> No File <==== ATTENTION
Task: {9BBAA623-5637-4AB6-B1A2-D02BFD2AA917} - \LUMOS\TBW\TBW_16_00 -> No File <==== ATTENTION
Task: {9FBDB771-1A2A-4AA5-AC16-7BB81A07B935} - \LUMOS\TBW\TBW_14_00 -> No File <==== ATTENTION
Task: {A04BE138-B8D0-4884-AFC5-EE20360D641A} - System32\Tasks\{BDA69597-C186-49A4-856F-CFDA838F02C2} => pcalua.exe -a "C:\Program Files (x86)\UX Pack\uxuninst.exe"
Task: {A226D1C6-80D7-4B66-A2C4-60F0D7B29C3B} - \LUMOS\TBW\TBW_05_00 -> No File <==== ATTENTION
Task: {ABFDEB59-EF7D-42FF-945C-8EF93C0A26FC} - \LUMOS\TBW\TBW_11_00 -> No File <==== ATTENTION
Task: {AFF2EAB9-3C96-4026-8355-2FCA2C0A4323} - System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => powershell.exe -NoProfile -WindowStyle Hidden -command cmd.exe /c if exist C:\Users\ckurl\AppData\Local\Packages\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2 start explorer.exe shell:appsFolder\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2!App
Task: {B65F44B6-3A8C-46CA-8199-9061FE7DE060} - \LUMOS\TBW\TBW_22_00 -> No File <==== ATTENTION
Task: {C2A071E2-CDEA-4B77-8B95-B91B32E537E5} - \LUMOS\TBW\TBW_04_30 -> No File <==== ATTENTION
Task: {C986952E-0BBD-409A-AB94-9E76A333A9E3} - \LUMOS\TBW\TBW_09_30 -> No File <==== ATTENTION
Task: {CF0D73FD-4D4A-4B93-8CDC-B97C707868B2} - \LUMOS\TBW\TBW_03_00 -> No File <==== ATTENTION
Task: {D04459FA-C462-41A7-9452-B6114EF22E20} - \LUMOS\TBW\TBW_01_30 -> No File <==== ATTENTION
Task: {D1B49010-67AF-4CE1-9F7B-30005A024538} - System32\Tasks\{792C56D5-DC60-4C20-8BB6-DACFE96AE1E2} => pcalua.exe -a C:\Users\ckurl\AppData\Local\{2D001B5C-09A8-77E4-6430-520C4058AE94}\uninst.exe -c -FN="C:\Users\ckurl\AppData\Local\{2D5D1BE6-080F-7690-6339-5142BFEBAC7C}\synctask.exe"-P=/Uninstall /s /noun /DelSelfDir
Task: {D4B869AC-5FA5-42EB-A6BD-524DA6022FBE} - \LUMOS\TBW\TBW_20_00 -> No File <==== ATTENTION
Task: {E8ABAC0E-18E7-4C95-B6FC-29967670B6EA} - \LUMOS\TBW\TBW_08_30 -> No File <==== ATTENTION
Task: {ED545D42-49C3-4C07-A529-4C11A95EBD5B} - \LUMOS\TBW\TBW_17_30 -> No File <==== ATTENTION
Task: {F1ACF427-6DC0-46B2-8169-D5875F5B04C7} - \LUMOS\TBW\TBW_15_30 -> No File <==== ATTENTION
Task: {F5919863-BE80-4B09-ACB0-FACDB74FD707} - \LUMOS\TBW\TBW_21_00 -> No File <==== ATTENTION
Task: {FA774262-2713-4544-A3DA-E6414D962C40} - \LUMOS\TBW\TBW_12_30 -> No File <==== ATTENTION

AlternateDataStreams: C:\Users\ckurl:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [135]

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\D46ABDF2.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\D46ABDF2.sys => ""="Driver"

C:\ProgramData\install_clap
C:\ProgramData\ntuser.pol
C:\Users\ckurl\AppData\Local\kxgdc
C:\Windows\SysWOW64\5a4d4b35566e6f7e6335507a686b7e696870623b5a756f72364d72696e683559573548534e4f5f544c55566e6f7e63

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\Software\MozillaPlugins\gingersoftware.com/gingerPlugin => key removed successfully
C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll => not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
HKLM\System\CurrentControlSet\Services\MFE_RR => key removed successfully
MFE_RR => service removed successfully
HKLM\System\CurrentControlSet\Services\D46ABDF2 => key removed successfully
D46ABDF2 => service removed successfully
HKLM\System\CurrentControlSet\Services\Partizan => key removed successfully
Partizan => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00615077-DD07-4963-B529-208732E0CC98} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00615077-DD07-4963-B529-208732E0CC98} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_04_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{066FDB27-482E-45EC-89FE-296A667BEF47} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{066FDB27-482E-45EC-89FE-296A667BEF47} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_07_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E6157E1-9324-4F79-AC2F-0596760AA289} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E6157E1-9324-4F79-AC2F-0596760AA289} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_20_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11486291-E2F9-4EE7-910A-470A06389DFF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11486291-E2F9-4EE7-910A-470A06389DFF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\Driver Updater\Start Driver Updater оn ckurl logon => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19C37EF1-1335-4460-B43D-3AF1D9063D1A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C37EF1-1335-4460-B43D-3AF1D9063D1A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_18_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AA14685-00A4-46CA-A3A0-524A35C08D62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AA14685-00A4-46CA-A3A0-524A35C08D62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_09_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D491542-565C-4D42-9C3A-8327E8698C03} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D491542-565C-4D42-9C3A-8327E8698C03} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_10_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F930566-392B-4389-879A-60A5F17BF86A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F930566-392B-4389-879A-60A5F17BF86A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_05_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23E29108-D829-42F6-AE0D-D612C6B15C40} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23E29108-D829-42F6-AE0D-D612C6B15C40} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_08_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{258AB952-D067-4A4C-B5F9-A0A7CE4333DE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{258AB952-D067-4A4C-B5F9-A0A7CE4333DE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_06_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31F2C749-E3F5-405F-BE25-C6AB8493AF06} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31F2C749-E3F5-405F-BE25-C6AB8493AF06} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_06_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33D1363B-6D6D-4058-B2BF-41506E76FD76} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33D1363B-6D6D-4058-B2BF-41506E76FD76} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_00_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F2B1D6F-7BC1-4AA4-ACD8-38BCB8421B3D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F2B1D6F-7BC1-4AA4-ACD8-38BCB8421B3D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_19_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4353D761-CAA6-401D-A9F8-016FBE030398} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4353D761-CAA6-401D-A9F8-016FBE030398} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_21_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4683F5E9-B5D6-4639-A8DD-A11F0427AC13} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4683F5E9-B5D6-4639-A8DD-A11F0427AC13} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_11_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B474376-DB93-48CE-BB10-6D0DC4A189BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B474376-DB93-48CE-BB10-6D0DC4A189BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_12_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{570D73E8-473C-4611-8E63-319EA59BC8E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{570D73E8-473C-4611-8E63-319EA59BC8E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_01_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58652A9D-3B8B-4596-951F-9DAA9880BD62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58652A9D-3B8B-4596-951F-9DAA9880BD62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_18_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59D14286-9C19-408B-B974-F313B0B0FC37} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59D14286-9C19-408B-B974-F313B0B0FC37} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC10_PerformanceMonitor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64EF5A71-0F8E-45DE-B6A8-67CA93417278} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64EF5A71-0F8E-45DE-B6A8-67CA93417278} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_02_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{662D2B71-DF00-49B8-9288-E9218EBD5F5B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{662D2B71-DF00-49B8-9288-E9218EBD5F5B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_23_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{663C14AB-0200-49F2-A7C1-635EB0C630CD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{663C14AB-0200-49F2-A7C1-635EB0C630CD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_14_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AEC7E8A-3555-4F99-885C-26A156468358} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AEC7E8A-3555-4F99-885C-26A156468358} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_07_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70357E3C-EC2A-44DE-97BF-6620BDCCE2CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70357E3C-EC2A-44DE-97BF-6620BDCCE2CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_02_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{706FF03A-76EB-4301-ADEE-0D7AA2B80C37} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{706FF03A-76EB-4301-ADEE-0D7AA2B80C37} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_17_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7163B70E-D9C2-4664-B09A-4B088E5B43EB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7163B70E-D9C2-4664-B09A-4B088E5B43EB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_15_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73FEA031-3747-4D9A-B2E7-5142E8441DA8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73FEA031-3747-4D9A-B2E7-5142E8441DA8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_13_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{763690B7-F07B-4672-996D-1049B67D2F1A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{763690B7-F07B-4672-996D-1049B67D2F1A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_13_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C7E0AB9-8E3D-4D54-900A-1894713952F3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C7E0AB9-8E3D-4D54-900A-1894713952F3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_23_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CA047E5-F6FF-4312-939B-BD0B41906552} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CA047E5-F6FF-4312-939B-BD0B41906552} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_22_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F004AD8-97CE-4218-B29F-D423DA5739BB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F004AD8-97CE-4218-B29F-D423DA5739BB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_03_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8490D1E7-7C5A-4505-A69C-FC678D0329B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8490D1E7-7C5A-4505-A69C-FC678D0329B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93D1A584-2E08-4B3A-988C-5F43839092B7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93D1A584-2E08-4B3A-988C-5F43839092B7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_00_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95B87259-C355-438B-98D0-3996291B8C94} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B87259-C355-438B-98D0-3996291B8C94} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_19_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98E9A800-5DD9-4AEA-99DE-B7ACBCAF6C51} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98E9A800-5DD9-4AEA-99DE-B7ACBCAF6C51} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_16_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98F7D864-643F-4B06-8BCE-105F38E8E408} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98F7D864-643F-4B06-8BCE-105F38E8E408} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_10_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BBAA623-5637-4AB6-B1A2-D02BFD2AA917} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BBAA623-5637-4AB6-B1A2-D02BFD2AA917} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_16_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FBDB771-1A2A-4AA5-AC16-7BB81A07B935} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FBDB771-1A2A-4AA5-AC16-7BB81A07B935} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_14_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A04BE138-B8D0-4884-AFC5-EE20360D641A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A04BE138-B8D0-4884-AFC5-EE20360D641A} => key removed successfully
C:\Windows\System32\Tasks\{BDA69597-C186-49A4-856F-CFDA838F02C2} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BDA69597-C186-49A4-856F-CFDA838F02C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A226D1C6-80D7-4B66-A2C4-60F0D7B29C3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A226D1C6-80D7-4B66-A2C4-60F0D7B29C3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_05_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABFDEB59-EF7D-42FF-945C-8EF93C0A26FC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABFDEB59-EF7D-42FF-945C-8EF93C0A26FC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_11_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFF2EAB9-3C96-4026-8355-2FCA2C0A4323} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFF2EAB9-3C96-4026-8355-2FCA2C0A4323} => key removed successfully
C:\Windows\System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MSFT_TaskSettings3\CaesarsSlots => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B65F44B6-3A8C-46CA-8199-9061FE7DE060} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B65F44B6-3A8C-46CA-8199-9061FE7DE060} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_22_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2A071E2-CDEA-4B77-8B95-B91B32E537E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2A071E2-CDEA-4B77-8B95-B91B32E537E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_04_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C986952E-0BBD-409A-AB94-9E76A333A9E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C986952E-0BBD-409A-AB94-9E76A333A9E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_09_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF0D73FD-4D4A-4B93-8CDC-B97C707868B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF0D73FD-4D4A-4B93-8CDC-B97C707868B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_03_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D04459FA-C462-41A7-9452-B6114EF22E20} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D04459FA-C462-41A7-9452-B6114EF22E20} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_01_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1B49010-67AF-4CE1-9F7B-30005A024538} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1B49010-67AF-4CE1-9F7B-30005A024538} => key removed successfully
C:\Windows\System32\Tasks\{792C56D5-DC60-4C20-8BB6-DACFE96AE1E2} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{792C56D5-DC60-4C20-8BB6-DACFE96AE1E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4B869AC-5FA5-42EB-A6BD-524DA6022FBE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B869AC-5FA5-42EB-A6BD-524DA6022FBE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_20_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8ABAC0E-18E7-4C95-B6FC-29967670B6EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8ABAC0E-18E7-4C95-B6FC-29967670B6EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_08_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED545D42-49C3-4C07-A529-4C11A95EBD5B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED545D42-49C3-4C07-A529-4C11A95EBD5B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_17_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1ACF427-6DC0-46B2-8169-D5875F5B04C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1ACF427-6DC0-46B2-8169-D5875F5B04C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_15_30 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5919863-BE80-4B09-ACB0-FACDB74FD707} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5919863-BE80-4B09-ACB0-FACDB74FD707} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_21_00 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA774262-2713-4544-A3DA-E6414D962C40} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA774262-2713-4544-A3DA-E6414D962C40} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_12_30 => key removed successfully
C:\Users\ckurl => ":Heroes & Generals" ADS removed successfully.
C:\ProgramData\Temp => ":ECF54A0E" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\D46ABDF2.sys => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\D46ABDF2.sys => key removed successfully
C:\ProgramData\install_clap => moved successfully
C:\ProgramData\ntuser.pol => moved successfully
C:\Users\ckurl\AppData\Local\kxgdc => moved successfully
C:\Windows\SysWOW64\5a4d4b35566e6f7e6335507a686b7e696870623b5a756f72364d72696e683559573548534e4f5f544c55566e6f7e63 => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29011216 B
Java, Flash, Steam htmlcache => 261692113 B
Windows/system/drivers => 2343192 B
Edge => 206234 B
Chrome => 534758194 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6786 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 1703534 B
NetworkService => 16592 B
ckurl => 14011973 B

RecycleBin => 17338900241 B
EmptyTemp: => 16.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:42:11 ====

 

THIS REMOVED ALL OF MY CHROME EXTENSIONS, SAVED PASSWORDS, AND ACCOUNTS. Is there any way to get them back automatically? I use onetab and some very important tabs were saved. Or do i just have to deal with it. The faulty search enginge was removed but i still have (muxh less) pop up ads.

Link to post
Share on other sites

Can you check in Google Chrome if you are still signed in? If not, sign in, and all your extensions, passwords, accounts, etc. should comeback.

Link to post
Share on other sites

In that case, it's possible that the adware is living inside your Google Chrome installation, and the next step would be to uninstall and reinstall it. If you sign in your Google account and have the sync enabled, you'll be able to access your bookmarks, extensions, passwords, etc. everywhere.

Link to post
Share on other sites

From what I can see, you aren't infected by an adware. The ads you are getting are from the various websites you visit, and most of them look intrusive (welcome to the world of malvertising). I see that you have Adblock installed, but in 2017, it really is outdated and of no use. Only uBlock Origin seems to be really efficient from my experience.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.