wxlfstealth Posted September 16, 2017 ID:1164113 Share Posted September 16, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by Qwerty45 (administrator) on WXLFSTEALTH (01-09-2017 01:42:20) Running from C:\Users\Qwerty45\Downloads Loaded Profiles: Qwerty45 (Available Profiles: Qwerty45 & DefaultAppPool) Platform: Windows 10 Home Version 1703 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE () C:\Windows\System32\msiscxc.exe () C:\Windows\System32\ravcpdkz.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Learnpulse) C:\Users\Qwerty45\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Avid Technology, Inc.) C:\Program Files (x86)\Avid\Application Manager\AvidAppManHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.1.0_x86__wgeqdkkx372wm\Twitter.Windows.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 12.1\FL.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-01] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated) HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools\MMERefresh.exe [84992 2015-06-26] (Avid Technology, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.) HKLM-x32\...\Run: [AppManHelper] => C:\Program Files (x86)\Avid\Application Manager\AvidAppManHelper.exe [617984 2015-06-09] (Avid Technology, Inc.) HKLM-x32\...\Run: [nisdxfk] => C:\Users\Qwerty45\AppData\Local\ntuserlitelist\nisdxfk\nisdxfk.exe [884224 2017-08-29] () Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-29] (Google Inc.) HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.) HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\Run: [Google Update] => C:\Users\Qwerty45\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.) HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd) HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-07-14] (Apple Inc.) HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\Run: [Discord] => C:\Users\Qwerty45\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.) HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\Run: [Screenpresso] => C:\Users\Qwerty45\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [12701760 2017-08-25] (Learnpulse) HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\MountPoints2: {73076b02-afab-11e5-8d74-dc0ea132659d} - "E:\Autorun.exe" HKU\S-1-5-21-46816778-57343354-1960291723-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Qwerty45\AppData\Local\Temp\spvvpme\somweox\wow.dll ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2017-08-06] ShortcutTarget: Avid Application Manager.lnk -> C:\Windows\Installer\{A59C0B17-6673-46E6-9E00-BB25E755A299}\NewShortcut1_E1E0FF1FC1474601A40EFEF248F11D43.exe (Flexera Software LLC) BootExecute: autocheck autochk * native.exebootdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3ca7c2b2-2e4b-4ebd-a2d5-f4ea6b035f3b}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{95b0461c-ad35-4fd9-a9e9-bfb199aa070b}: [DhcpNameServer] 208.201.224.11 208.201.224.33 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130896678514150908&GUID=356F98BF-0B0C-4D53-BC93-B4DB494FEF8B HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130896678518674916&GUID=356F98BF-0B0C-4D53-BC93-B4DB494FEF8B HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com HKU\S-1-5-21-46816778-57343354-1960291723-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM -> {3DA7C27B-E286-4FE9-8B88-89520CC5627A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKLM-x32 -> DefaultScope {3982AC7B-C64F-4B7D-A2FF-38572E31320D} URL = SearchScopes: HKLM-x32 -> {3DA7C27B-E286-4FE9-8B88-89520CC5627A} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP SearchScopes: HKU\.DEFAULT -> {3DA7C27B-E286-4FE9-8B88-89520CC5627A} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP SearchScopes: HKU\S-1-5-21-46816778-57343354-1960291723-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-46816778-57343354-1960291723-1000 -> {3DA7C27B-E286-4FE9-8B88-89520CC5627A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1&rlz=1I7TSNP_enUS508 SearchScopes: HKU\S-1-5-21-46816778-57343354-1960291723-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869 SearchScopes: HKU\S-1-5-21-46816778-57343354-1960291723-1000 -> {B0228A14-39ED-4171-861C-F0CFE0453527} URL = SearchScopes: HKU\S-1-5-21-46816778-57343354-1960291723-1000 -> {D7E76E41-47B9-4A01-BFE0-3542AEA4B2AC} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation) BHO-x32: Media Watch -> {01f7b574-386b-4d5f-b054-57af8651331d} -> C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home4073\ie\MediaWatchV1home4073.dll => No File BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.) BHO-x32: Deals Plugin Extension -> {11111111-1111-1111-1111-110211181106} -> C:\Program Files (x86)\Deals Plugin Extension\Deals Plugin Extension.dll => No File BHO-x32: Better Surf Plus -> {1824FF90-C98E-48A6-838F-E3B6572B0C77} -> C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll => No File BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation) BHO-x32: BetterSurf -> {6E3C6B04-08FE-43BC-8E50-F90285024DEA} -> C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll => No File BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-21] (Sun Microsystems, Inc.) BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-46816778-57343354-1960291723-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-46816778-57343354-1960291723-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-07-24] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-30] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-23] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-23] () FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-21] (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems) FF Plugin HKU\S-1-5-21-46816778-57343354-1960291723-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Qwerty45\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-46816778-57343354-1960291723-1000: @talk.google.com/O1DPlugin -> C:\Users\Qwerty45\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-46816778-57343354-1960291723-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Qwerty45\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin HKU\S-1-5-21-46816778-57343354-1960291723-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Qwerty45\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Qwerty45\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Qwerty45\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.com/ CHR Profile: C:\Users\Qwerty45\AppData\Local\Google\Chrome\User Data\Default [2017-09-01] CHR Extension: (Norton Security Toolbar) - C:\Users\Qwerty45\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-08-29] CHR Extension: (Norton Identity Safe) - C:\Users\Qwerty45\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-19] CHR Extension: (SoundCloud Downloader Free) - C:\Users\Qwerty45\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2016-08-17] CHR Extension: (TubeBuddy for YouTube) - C:\Users\Qwerty45\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2017-08-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\Qwerty45\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Qwerty45\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-08-31] CHR Extension: (Chrome Media Router) - C:\Users\Qwerty45\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-23] CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url> CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [almclanplcamekachfcgegkhccfcfjob] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha595\ch\MediaViewV1alpha595.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [bamnogeacelmodfckoonpifbabnihkne] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode7720\ch\MediaBuzzV1mode7720.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [bpbihhinmelnmebfeckkncdgpdbkpnfj] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha265\ch\MediaViewerV1alpha265.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-23] CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [gmbhobeefeoagiecgdmehhnanncolknm] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home4073\ch\MediaWatchV1home4073.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [iidmoehhpbghchkaogkhmcckhlhebekn] - C:\Program Files (x86)\iRobinHood\iRobinHood Addon\iRobinHoodPartnersVExtension1_42.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ijecbbphegkhdmnicgnddloekamgadpg] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8454\ch\MediaViewV1alpha8454.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com) S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) S4 DigiRefresh; C:\Program Files\Avid\Pro Tools\MMERefresh.exe [84992 2015-06-26] (Avid Technology, Inc.) [File not signed] S4 digiSPTIService64; C:\Program Files\Avid\Pro Tools\digisptiservice64.exe [190464 2015-06-26] (Avid Technology, Inc.) [File not signed] R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd) S4 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [11774544 2017-08-19] () [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] S2 N360; C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\N360.exe [326144 2017-07-14] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) S2 9fb84e2b0df14682486e50657f354d01; no ImagePath ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 3cf6d6da3ead87fe90affbc7820fd373; C:\WINDOWS\system32\drivers\3cf6d6da3ead87fe90affbc7820fd373.sys [78744 2017-08-30] (MTQ0HV) <==== ATTENTION S1 962d106b650173b2fcc2b0d78f709f93; no ImagePath S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20170522.003\BHDrvx64.sys [1862784 2017-05-22] (Symantec Corporation) S1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-25] (Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [46392 2015-12-25] (Disc Soft Ltd) R1 e8d0ca95ef9561120b3a538f54bfba88; C:\WINDOWS\system32\drivers\e8d0ca95ef9561120b3a538f54bfba88.sys [78744 2017-08-29] (MCRITU) <==== ATTENTION S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-07-24] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-07-24] (Symantec Corporation) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-08-30] () S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed] S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20170724.002\IDSvia64.sys [1056920 2017-07-24] (Symantec Corporation) S1 msidntfs; C:\WINDOWS\System32\drivers\msidntfs.sys [81696 2013-07-06] () [File not signed] R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () S3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation) S1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation) R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation) S4 SymELAM; C:\WINDOWS\system32\drivers\N360x64\160A000.055\SymELAM.sys [24608 2017-05-11] (Symantec Corporation) S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-23] (Symantec Corporation) S1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation) S1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45728 2015-10-24] (Toshiba Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-08-29] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-08-29] (Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-01 01:42 - 2017-09-01 01:43 - 000028578 _____ C:\Users\Qwerty45\Downloads\FRST.txt 2017-09-01 01:42 - 2017-09-01 01:42 - 000000000 ____D C:\FRST 2017-09-01 01:41 - 2017-09-01 01:41 - 002395648 _____ (Farbar) C:\Users\Qwerty45\Downloads\FRST64.exe 2017-09-01 00:10 - 2017-09-01 00:14 - 000000000 ____D C:\Users\Qwerty45\Downloads\Kaspersky Rescue2Usb 2017-09-01 00:06 - 2017-09-01 00:07 - 000000000 ____D C:\Users\Qwerty45\Documents\New Student Orientation 2017-08-30 23:09 - 2017-08-30 23:10 - 120186702 _____ C:\Users\Qwerty45\Downloads\Main.mp4 2017-08-30 21:50 - 2017-08-30 21:50 - 040383058 _____ C:\Users\Qwerty45\Downloads\retrogrl.wav 2017-08-30 05:09 - 2017-08-30 05:09 - 000628224 _____ C:\WINDOWS\cd7d79639a751643a609d5814c6c8673.exe 2017-08-30 05:09 - 2017-08-30 05:09 - 000078744 _____ (MTQ0HV) C:\WINDOWS\system32\Drivers\3cf6d6da3ead87fe90affbc7820fd373.sys 2017-08-30 05:09 - 2017-08-30 05:09 - 000046467 _____ C:\WINDOWS\uninstaller.dat 2017-08-30 03:05 - 2017-08-30 16:30 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-08-30 01:22 - 2017-09-01 01:10 - 000000417 _____ C:\DelFix.txt 2017-08-30 01:04 - 2017-08-30 01:04 - 000055286 _____ C:\WINDOWS\system32\.crusader 2017-08-30 00:26 - 2017-08-30 01:08 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2017-08-30 00:25 - 2017-08-30 01:07 - 000000000 ____D C:\ProgramData\HitmanPro 2017-08-29 21:09 - 2017-09-01 01:43 - 004331519 _____ C:\WINDOWS\ZAM.krnl.trace 2017-08-29 21:09 - 2017-09-01 01:43 - 000679683 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-08-29 21:09 - 2017-08-29 21:09 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2017-08-29 21:09 - 2017-08-29 21:09 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2017-08-29 21:09 - 2017-08-29 21:09 - 000001184 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-08-29 21:09 - 2017-08-29 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-08-29 21:08 - 2017-08-29 21:10 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-08-29 21:07 - 2017-08-29 21:07 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\Zemana 2017-08-29 05:35 - 2017-08-29 05:35 - 000078744 _____ (MCRITU) C:\WINDOWS\system32\Drivers\e8d0ca95ef9561120b3a538f54bfba88.sys 2017-08-28 02:46 - 2017-08-28 02:46 - 000562254 _____ C:\Users\Qwerty45\Downloads\08. Tory Lanez - Lord Knows Pt. 2 (Prod. By Play Picasso x Tory Lanez) - Part_2.wav 2017-08-28 02:35 - 2017-08-28 02:35 - 001779882 _____ C:\Users\Qwerty45\Downloads\08. Tory Lanez - Lord Knows Pt. 2 (Prod. By Play Picasso x Tory Lanez) - Part_1.wav 2017-08-28 01:33 - 2015-06-28 23:11 - 011080573 _____ C:\Users\Qwerty45\Downloads\01 - Lord Knows.m4a 2017-08-25 20:29 - 2017-08-25 20:29 - 000002266 _____ C:\Users\Qwerty45\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screenpresso.lnk 2017-08-25 20:28 - 2017-08-25 20:28 - 000000000 ____D C:\Users\Qwerty45\AppData\Roaming\Learnpulse 2017-08-25 20:28 - 2017-08-25 20:28 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\Learnpulse 2017-08-25 20:26 - 2017-08-25 20:27 - 012701760 _____ (Learnpulse) C:\Users\Qwerty45\Downloads\Screenpresso.exe 2017-08-24 16:00 - 2017-08-24 16:01 - 000122826 _____ C:\Users\Qwerty45\Downloads\London On Da Track Nexus Expansion.zip 2017-08-23 22:11 - 2017-04-21 03:14 - 000916064 _____ (Adobe Systems Incorporated) C:\Users\Qwerty45\Downloads\setup.exe 2017-08-23 16:22 - 2017-08-29 01:55 - 000003274 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller 2017-08-23 15:49 - 2017-08-23 15:50 - 000597612 _____ C:\WINDOWS\Minidump\082317-55390-01.dmp 2017-08-22 22:35 - 2017-08-22 22:35 - 000000552 _____ C:\WINDOWS\system32\reimage.rep 2017-08-22 00:39 - 2017-08-22 01:03 - 000000000 ____D C:\Users\Qwerty45\AppData\Roaming\obs-studio 2017-08-22 00:39 - 2017-08-22 00:39 - 000001242 _____ C:\Users\Public\Desktop\OBS Studio.lnk 2017-08-22 00:39 - 2017-08-22 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio 2017-08-22 00:38 - 2017-08-22 00:38 - 000000000 ____D C:\Program Files (x86)\obs-studio 2017-08-22 00:37 - 2017-08-22 00:37 - 101899104 _____ (obsproject.com) C:\Users\Qwerty45\Downloads\OBS-Studio-20.0.1-Full-Installer.exe 2017-08-21 23:09 - 2017-08-21 23:09 - 004608178 _____ C:\Users\Qwerty45\Downloads\looperman-l-1351931-0108238-kadoonthetrack-trap-flute-loop-ii.wav 2017-08-21 23:08 - 2017-08-21 23:08 - 004704178 _____ C:\Users\Qwerty45\Downloads\looperman-l-1351931-0108237-kadoonthetrack-trap-loop.wav 2017-08-21 14:09 - 2017-08-21 14:10 - 003704745 _____ C:\Users\Qwerty45\Downloads\MONEY WAYNE.zip 2017-08-21 13:19 - 2017-08-21 13:20 - 000595140 _____ C:\WINDOWS\Minidump\082117-47375-01.dmp 2017-08-21 13:16 - 2017-08-21 13:16 - 013153786 _____ C:\Users\Qwerty45\Downloads\JWAC (1).zip 2017-08-20 20:44 - 2017-08-20 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2017-08-20 20:42 - 2017-08-20 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-08-20 20:42 - 2017-08-20 20:42 - 000000000 ____D C:\Program Files\iTunes 2017-08-20 20:42 - 2017-08-20 20:42 - 000000000 ____D C:\Program Files\iPod 2017-08-20 14:54 - 2017-08-20 14:54 - 000000015 _____ C:\Users\Qwerty45\Documents\license key.txt 2017-08-20 14:46 - 2017-08-20 14:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2017-08-20 14:34 - 2017-08-22 22:05 - 000012710 _____ C:\WINDOWS\system32\Native.exe 2017-08-20 14:34 - 2017-08-22 22:05 - 000000000 ____D C:\ReimageUndo 2017-08-20 00:00 - 2017-08-20 00:00 - 000002297 _____ C:\Users\Qwerty45\Desktop\Discord.lnk 2017-08-20 00:00 - 2017-08-20 00:00 - 000000000 ____D C:\Users\Qwerty45\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2017-08-19 23:59 - 2017-08-24 01:02 - 000000000 ____D C:\Users\Qwerty45\AppData\Roaming\discord 2017-08-19 23:59 - 2017-08-19 23:59 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\Discord 2017-08-19 23:57 - 2017-08-20 00:00 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\SquirrelTemp 2017-08-19 23:56 - 2017-08-19 23:57 - 054332920 _____ (Discord Inc.) C:\Users\Qwerty45\Downloads\DiscordSetup.exe 2017-08-19 16:13 - 2017-08-19 16:14 - 058132076 _____ C:\Users\Qwerty45\Downloads\reqwettteretruiem.mp4 2017-08-16 16:18 - 2017-08-16 16:20 - 000651924 _____ C:\WINDOWS\Minidump\081617-57375-01.dmp 2017-08-16 15:09 - 2017-08-16 15:11 - 000617220 _____ C:\WINDOWS\Minidump\081617-47406-01.dmp 2017-08-16 13:44 - 2017-08-16 13:47 - 000597540 _____ C:\WINDOWS\Minidump\081617-44906-01.dmp 2017-08-16 00:58 - 2017-08-16 00:59 - 051966929 _____ C:\Users\Qwerty45\Downloads\JWAC.zip 2017-08-15 07:30 - 2017-08-15 07:30 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini 2017-08-15 07:30 - 2017-08-15 07:30 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\TileDataLayer 2017-08-14 23:40 - 2017-08-29 23:25 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\llssoft 2017-08-14 23:39 - 2017-08-29 23:25 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\ntuserlitelist 2017-08-14 22:23 - 2017-08-23 15:49 - 000000000 ____D C:\WINDOWS\Minidump 2017-08-13 14:37 - 2017-08-29 23:09 - 000000000 ___HD C:\Program Files (x86)\deon 2017-08-13 14:37 - 2017-08-29 23:08 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\dyapmf 2017-08-13 14:37 - 2017-08-21 01:08 - 000000000 ___HD C:\Program Files (x86)\Midsize 2017-08-13 14:37 - 2017-08-14 23:09 - 000000000 ____D C:\Program Files (x86)\s5 2017-08-13 14:37 - 2017-08-13 14:37 - 002793472 ____N C:\WINDOWS\system32\msiscxc.exe 2017-08-13 14:37 - 2017-08-13 14:37 - 000003856 _____ C:\WINDOWS\System32\Tasks\k72058313 2017-08-13 14:37 - 2017-08-13 14:37 - 000003850 _____ C:\WINDOWS\System32\Tasks\72058313 2017-08-13 14:37 - 2017-08-13 14:37 - 000003850 _____ C:\WINDOWS\System32\Tasks\42112495 2017-08-13 14:37 - 2017-08-13 14:37 - 000003840 _____ C:\WINDOWS\System32\Tasks\54100156 2017-08-13 14:37 - 2017-08-13 14:37 - 000003728 _____ C:\WINDOWS\System32\Tasks\gak72058313k72058313 2017-08-13 14:37 - 2017-08-13 14:37 - 000003722 _____ C:\WINDOWS\System32\Tasks\ga4211249542112495 2017-08-13 14:37 - 2017-08-13 14:37 - 000003720 _____ C:\WINDOWS\System32\Tasks\ga7205831372058313 2017-08-13 14:37 - 2017-08-13 14:37 - 000003710 _____ C:\WINDOWS\System32\Tasks\ga5410015654100156 2017-08-13 14:37 - 2017-08-13 14:37 - 000001302 _____ C:\Users\Qwerty45\Desktop\Google Chrome.lnk 2017-08-13 14:37 - 2017-08-13 14:37 - 000000946 _____ C:\Users\Qwerty45\Desktop\s5.lnk 2017-08-13 14:37 - 2017-08-13 14:37 - 000000020 _____ C:\WINDOWS\b54100156 2017-08-13 14:37 - 2017-08-13 14:37 - 000000000 ____D C:\Users\Qwerty45\AppData\Roaming\et 2017-08-13 14:37 - 2017-08-13 14:37 - 000000000 ____D C:\Program Files (x86)\trusted 2017-08-13 14:35 - 2017-08-14 22:23 - 000000406 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job 2017-08-13 14:35 - 2017-08-14 22:23 - 000000374 _____ C:\WINDOWS\Tasks\Online Application V2G3.job 2017-08-13 14:35 - 2017-08-14 22:23 - 000000374 _____ C:\WINDOWS\Tasks\Online Application V2G2.job 2017-08-13 14:35 - 2017-08-14 22:23 - 000000374 _____ C:\WINDOWS\Tasks\Online Application V2G1.job 2017-08-13 14:35 - 2017-08-13 14:35 - 000003300 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application 2017-08-13 14:35 - 2017-08-13 14:35 - 000003264 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3 2017-08-13 14:35 - 2017-08-13 14:35 - 000003264 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2 2017-08-13 14:35 - 2017-08-13 14:35 - 000003264 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1 2017-08-13 14:34 - 2017-08-30 22:36 - 000000000 ____D C:\Program Files\9fb84e2b0df14682486e50657f354d01 2017-08-13 14:34 - 2017-08-13 14:34 - 000031475 _____ C:\WINDOWS\5a295e92eb7692d6756c9349f3ac22fc.ps1 2017-08-13 14:34 - 2017-08-13 14:34 - 000003476 _____ C:\WINDOWS\System32\Tasks\5a295e92eb7692d6756c9349f3ac22fc 2017-08-13 14:34 - 2017-08-13 14:34 - 000003292 _____ C:\WINDOWS\System32\Tasks\9fb84e2b0df14682486e50657f354d01 2017-08-13 14:34 - 2017-08-13 14:34 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL 2017-08-12 01:30 - 2017-08-12 01:30 - 000164370 _____ C:\Users\Qwerty45\Downloads\The_Precisions___If_This_Is_Love_I'd_Rather_Be_Lonely - Part_1.wav 2017-08-11 23:39 - 2017-08-11 23:39 - 064532328 _____ C:\Users\Qwerty45\Downloads\TOO GOOD [BLVCKFLAME].zip 2017-08-11 14:23 - 2017-08-11 14:23 - 011427151 _____ C:\Users\Qwerty45\Downloads\OUTRO.zip 2017-08-11 13:00 - 2017-08-11 13:00 - 023829605 _____ C:\Users\Qwerty45\Downloads\trill bill.zip 2017-08-11 02:42 - 2017-08-11 02:42 - 004233778 _____ C:\Users\Qwerty45\Downloads\looperman-l-1938010-0111766-heyhobo-lofi-hip-hop-rhodes.wav 2017-08-11 02:41 - 2017-08-11 02:41 - 004844110 _____ C:\Users\Qwerty45\Downloads\looperman-l-0911223-0111819-silencekills-bliss-keys-140-fm.wav 2017-08-11 02:38 - 2017-08-11 02:38 - 002646146 _____ C:\Users\Qwerty45\Downloads\looperman-l-2247732-0111855-hbsamples-hbs-broken-piano-a-128bpm.wav 2017-08-11 02:18 - 2017-08-11 02:18 - 001597800 _____ C:\Users\Qwerty45\Downloads\Travi$ Scott - Drunk (Feat. Young Thug) - Part_4.wav 2017-08-09 06:53 - 2017-07-31 22:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2017-08-09 06:53 - 2017-07-31 22:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-08-09 06:53 - 2017-07-31 22:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-08-09 06:53 - 2017-07-31 22:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-08-09 06:53 - 2017-07-31 22:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-08-09 06:53 - 2017-07-31 22:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-08-09 06:53 - 2017-07-31 22:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-08-09 06:53 - 2017-07-31 22:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-08-09 06:53 - 2017-07-31 22:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-08-09 06:53 - 2017-07-31 22:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-08-09 06:53 - 2017-07-31 22:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-08-09 06:53 - 2017-07-31 21:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-08-09 06:53 - 2017-07-28 01:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2017-08-09 06:53 - 2017-07-28 00:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-08-09 06:53 - 2017-07-28 00:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-08-09 06:53 - 2017-07-28 00:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-08-09 06:53 - 2017-07-28 00:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-08-09 06:53 - 2017-07-28 00:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-08-09 06:53 - 2017-07-28 00:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-08-09 06:53 - 2017-07-28 00:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-08-09 06:53 - 2017-07-28 00:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2017-08-09 06:53 - 2017-07-28 00:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2017-08-09 06:53 - 2017-07-28 00:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2017-08-09 06:53 - 2017-07-28 00:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-08-09 06:53 - 2017-07-28 00:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2017-08-09 06:53 - 2017-07-28 00:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll 2017-08-09 06:53 - 2017-07-28 00:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2017-08-09 06:53 - 2017-07-28 00:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-08-09 06:53 - 2017-07-28 00:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2017-08-09 06:53 - 2017-07-28 00:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2017-08-09 06:53 - 2017-07-28 00:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-08-09 06:53 - 2017-07-28 00:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2017-08-09 06:53 - 2017-07-28 00:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-08-09 06:53 - 2017-07-28 00:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2017-08-09 06:53 - 2017-07-28 00:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-08-09 06:53 - 2017-07-28 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-08-09 06:53 - 2017-07-28 00:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-08-09 06:53 - 2017-07-28 00:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-08-09 06:53 - 2017-07-28 00:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-08-09 06:53 - 2017-07-28 00:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-08-09 06:53 - 2017-07-28 00:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-08-09 06:53 - 2017-07-28 00:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2017-08-09 06:53 - 2017-07-28 00:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2017-08-09 06:53 - 2017-07-28 00:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2017-08-09 06:53 - 2017-07-28 00:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2017-08-09 06:52 - 2017-07-31 22:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2017-08-09 06:52 - 2017-07-31 22:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-08-09 06:52 - 2017-07-31 22:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-08-09 06:52 - 2017-07-31 22:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-08-09 06:52 - 2017-07-31 22:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-08-09 06:52 - 2017-07-31 22:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-08-09 06:52 - 2017-07-31 22:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-08-09 06:52 - 2017-07-31 22:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2017-08-09 06:52 - 2017-07-31 22:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-08-09 06:52 - 2017-07-31 22:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-08-09 06:52 - 2017-07-31 22:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll 2017-08-09 06:52 - 2017-07-31 22:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll 2017-08-09 06:52 - 2017-07-31 22:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2017-08-09 06:52 - 2017-07-31 22:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2017-08-09 06:52 - 2017-07-31 22:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2017-08-09 06:52 - 2017-07-31 22:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2017-08-09 06:52 - 2017-07-31 22:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-08-09 06:52 - 2017-07-31 21:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll 2017-08-09 06:52 - 2017-07-31 18:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll 2017-08-09 06:52 - 2017-07-28 01:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2017-08-09 06:52 - 2017-07-28 01:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2017-08-09 06:52 - 2017-07-28 01:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2017-08-09 06:52 - 2017-07-28 01:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-08-09 06:52 - 2017-07-28 00:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll 2017-08-09 06:52 - 2017-07-28 00:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2017-08-09 06:52 - 2017-07-28 00:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2017-08-09 06:52 - 2017-07-28 00:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-08-09 06:52 - 2017-07-28 00:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll 2017-08-09 06:52 - 2017-07-28 00:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2017-08-09 06:52 - 2017-07-28 00:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll 2017-08-09 06:52 - 2017-07-28 00:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll 2017-08-09 06:52 - 2017-07-28 00:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2017-08-09 06:52 - 2017-07-28 00:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2017-08-09 06:52 - 2017-07-28 00:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys 2017-08-09 06:52 - 2017-07-28 00:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll 2017-08-09 06:52 - 2017-07-28 00:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2017-08-09 06:52 - 2017-07-28 00:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll 2017-08-09 06:52 - 2017-07-28 00:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2017-08-09 06:52 - 2017-07-28 00:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2017-08-09 06:52 - 2017-07-28 00:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll 2017-08-09 06:52 - 2017-07-28 00:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll 2017-08-09 06:52 - 2017-07-28 00:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll 2017-08-09 06:52 - 2017-07-28 00:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2017-08-09 06:52 - 2017-07-28 00:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll 2017-08-09 06:52 - 2017-07-28 00:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2017-08-09 06:52 - 2017-07-28 00:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll 2017-08-09 06:52 - 2017-07-28 00:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2017-08-09 06:52 - 2017-07-28 00:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2017-08-09 06:52 - 2017-07-28 00:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-08-09 06:52 - 2017-07-28 00:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2017-08-09 06:52 - 2017-07-28 00:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll 2017-08-09 06:52 - 2017-07-28 00:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-08-09 06:52 - 2017-07-28 00:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2017-08-09 06:52 - 2017-07-28 00:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2017-08-09 06:52 - 2017-07-28 00:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2017-08-09 06:52 - 2017-07-28 00:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe 2017-08-09 06:52 - 2017-07-28 00:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe 2017-08-09 06:52 - 2017-07-28 00:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll 2017-08-09 06:51 - 2017-07-31 22:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-08-09 06:51 - 2017-07-31 22:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-08-09 06:51 - 2017-07-31 22:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-08-09 06:51 - 2017-07-31 22:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-08-09 06:51 - 2017-07-31 22:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-08-09 06:51 - 2017-07-31 22:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-08-09 06:51 - 2017-07-31 22:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-08-09 06:51 - 2017-07-31 22:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-08-09 06:51 - 2017-07-31 22:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-08-09 06:51 - 2017-07-31 22:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-08-09 06:51 - 2017-07-31 22:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-08-09 06:51 - 2017-07-31 22:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-08-09 06:51 - 2017-07-31 22:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-08-09 06:51 - 2017-07-31 22:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-08-09 06:51 - 2017-07-31 22:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-08-09 06:51 - 2017-07-31 21:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-08-09 06:51 - 2017-07-31 21:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-08-09 06:51 - 2017-07-31 21:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-08-09 06:51 - 2017-07-31 21:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-08-09 06:51 - 2017-07-31 21:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-08-09 06:51 - 2017-07-31 21:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-08-09 06:51 - 2017-07-31 21:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-08-09 06:51 - 2017-07-31 21:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-08-09 06:51 - 2017-07-31 21:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-08-09 06:51 - 2017-07-28 01:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-08-09 06:51 - 2017-07-28 01:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-08-09 06:51 - 2017-07-28 01:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2017-08-09 06:51 - 2017-07-28 01:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll 2017-08-09 06:51 - 2017-07-28 01:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-08-09 06:51 - 2017-07-28 01:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2017-08-09 06:51 - 2017-07-28 01:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-08-09 06:51 - 2017-07-28 01:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2017-08-09 06:51 - 2017-07-28 01:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-08-09 06:51 - 2017-07-28 01:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-08-09 06:51 - 2017-07-28 01:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-08-09 06:51 - 2017-07-28 01:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2017-08-09 06:51 - 2017-07-28 01:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2017-08-09 06:51 - 2017-07-28 01:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2017-08-09 06:51 - 2017-07-28 01:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2017-08-09 06:51 - 2017-07-28 01:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-08-09 06:51 - 2017-07-28 00:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll 2017-08-09 06:51 - 2017-07-28 00:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2017-08-09 06:51 - 2017-07-28 00:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll 2017-08-09 06:51 - 2017-07-28 00:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys 2017-08-09 06:51 - 2017-07-28 00:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll 2017-08-09 06:51 - 2017-07-28 00:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll 2017-08-09 06:51 - 2017-07-28 00:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2017-08-09 06:51 - 2017-07-28 00:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2017-08-09 06:51 - 2017-07-28 00:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2017-08-09 06:51 - 2017-07-28 00:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2017-08-09 06:51 - 2017-07-28 00:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2017-08-09 06:51 - 2017-07-28 00:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll 2017-08-09 06:51 - 2017-07-28 00:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2017-08-09 06:51 - 2017-07-28 00:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-08-09 06:51 - 2017-07-28 00:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2017-08-09 06:51 - 2017-07-28 00:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-08-09 06:51 - 2017-07-28 00:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2017-08-09 06:51 - 2017-07-28 00:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2017-08-09 06:51 - 2017-07-28 00:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2017-08-09 06:51 - 2017-07-28 00:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2017-08-09 06:51 - 2017-07-28 00:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll 2017-08-09 06:51 - 2017-07-28 00:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2017-08-09 06:50 - 2017-07-31 22:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2017-08-09 06:50 - 2017-07-31 22:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-08-09 06:50 - 2017-07-31 22:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-08-09 06:50 - 2017-07-31 22:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-08-09 06:50 - 2017-07-31 22:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-08-09 06:50 - 2017-07-31 22:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-08-09 06:50 - 2017-07-31 22:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys 2017-08-09 06:50 - 2017-07-31 22:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2017-08-09 06:50 - 2017-07-31 21:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-08-09 06:50 - 2017-07-31 21:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-08-09 06:50 - 2017-07-31 21:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-08-09 06:50 - 2017-07-31 21:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-08-09 06:50 - 2017-07-31 21:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys 2017-08-09 06:50 - 2017-07-31 21:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-08-09 06:50 - 2017-07-31 21:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2017-08-09 06:50 - 2017-07-31 21:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-08-09 06:50 - 2017-07-31 21:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2017-08-09 06:50 - 2017-07-31 21:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll 2017-08-09 06:50 - 2017-07-31 21:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2017-08-09 06:50 - 2017-07-31 21:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll 2017-08-09 06:50 - 2017-07-31 21:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-08-09 06:50 - 2017-07-31 21:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2017-08-09 06:50 - 2017-07-31 21:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-08-09 06:50 - 2017-07-31 21:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2017-08-09 06:50 - 2017-07-31 21:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-08-09 06:50 - 2017-07-31 21:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-08-09 06:50 - 2017-07-31 21:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-08-09 06:50 - 2017-07-31 21:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-08-09 06:50 - 2017-07-31 21:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-08-09 06:50 - 2017-07-31 21:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2017-08-09 06:50 - 2017-07-31 21:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-08-09 06:50 - 2017-07-28 01:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2017-08-09 06:50 - 2017-07-28 01:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll 2017-08-09 06:50 - 2017-07-28 01:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-08-09 06:50 - 2017-07-28 01:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2017-08-09 06:50 - 2017-07-28 01:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-08-09 06:50 - 2017-07-28 01:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-08-09 06:50 - 2017-07-28 01:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2017-08-09 06:50 - 2017-07-28 01:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-08-09 06:50 - 2017-07-28 01:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2017-08-09 06:50 - 2017-07-28 01:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2017-08-09 06:50 - 2017-07-28 01:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll 2017-08-09 06:50 - 2017-07-28 01:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-08-09 06:50 - 2017-07-28 01:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2017-08-09 06:50 - 2017-07-28 01:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll 2017-08-09 06:50 - 2017-07-28 01:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2017-08-09 06:50 - 2017-07-28 00:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-08-09 06:50 - 2017-07-28 00:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll 2017-08-09 06:50 - 2017-07-28 00:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll 2017-08-09 06:50 - 2017-07-28 00:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe 2017-08-09 06:50 - 2017-07-28 00:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-08-09 06:50 - 2017-07-28 00:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-08-09 06:50 - 2017-07-28 00:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-08-09 06:50 - 2017-07-28 00:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-08-09 06:50 - 2017-07-28 00:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll 2017-08-09 06:50 - 2017-07-28 00:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2017-08-09 06:50 - 2017-07-28 00:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2017-08-09 06:50 - 2017-07-28 00:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2017-08-09 06:50 - 2017-07-28 00:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll 2017-08-09 06:50 - 2017-07-28 00:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll 2017-08-09 06:50 - 2017-07-28 00:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2017-08-09 06:50 - 2017-07-28 00:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll 2017-08-09 06:50 - 2017-07-28 00:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe 2017-08-09 06:50 - 2017-07-28 00:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-08-09 06:50 - 2017-07-28 00:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2017-08-09 06:50 - 2017-07-28 00:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2017-08-09 06:50 - 2017-07-28 00:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2017-08-09 06:50 - 2017-07-28 00:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-08-09 06:50 - 2017-07-28 00:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2017-08-09 06:50 - 2017-07-28 00:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-08-09 06:50 - 2017-07-28 00:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2017-08-09 06:50 - 2017-07-28 00:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-08-09 06:50 - 2017-07-28 00:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll 2017-08-09 06:50 - 2017-07-28 00:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-08-09 06:50 - 2017-07-28 00:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-08-09 06:50 - 2017-07-28 00:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2017-08-09 06:50 - 2017-07-28 00:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-08-09 06:50 - 2017-07-28 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-08-09 06:50 - 2017-07-28 00:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-08-09 06:50 - 2017-07-28 00:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2017-08-09 06:50 - 2017-07-28 00:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2017-08-09 06:50 - 2017-07-28 00:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll 2017-08-09 06:50 - 2017-07-28 00:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-08-09 06:50 - 2017-07-28 00:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-08-09 06:50 - 2017-07-28 00:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-08-09 06:50 - 2017-07-28 00:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2017-08-09 06:50 - 2017-07-28 00:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2017-08-09 06:50 - 2017-07-28 00:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-08-09 06:50 - 2017-07-28 00:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-08-09 06:50 - 2017-07-28 00:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-08-09 06:50 - 2017-07-28 00:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-08-09 06:50 - 2017-07-28 00:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2017-08-09 06:50 - 2017-07-28 00:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2017-08-09 06:50 - 2017-07-28 00:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2017-08-09 06:50 - 2017-07-28 00:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2017-08-09 06:50 - 2017-07-28 00:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2017-08-09 06:50 - 2017-07-28 00:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-08-09 06:50 - 2017-07-28 00:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe 2017-08-09 06:50 - 2017-07-28 00:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe 2017-08-09 06:49 - 2017-07-31 21:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-08-09 06:49 - 2017-07-31 21:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-08-09 06:49 - 2017-07-31 21:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll 2017-08-09 06:49 - 2017-07-31 21:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2017-08-09 06:49 - 2017-07-31 21:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2017-08-09 06:49 - 2017-07-31 21:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2017-08-09 06:49 - 2017-07-31 21:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2017-08-09 06:49 - 2017-07-31 21:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll 2017-08-09 06:49 - 2017-07-31 21:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2017-08-09 06:49 - 2017-07-31 21:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2017-08-09 06:49 - 2017-07-28 00:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll 2017-08-09 06:49 - 2017-07-28 00:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll 2017-08-09 06:49 - 2017-07-28 00:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll 2017-08-09 06:49 - 2017-07-28 00:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll 2017-08-09 06:49 - 2017-07-28 00:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2017-08-09 06:49 - 2017-07-28 00:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll 2017-08-09 06:49 - 2017-07-28 00:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2017-08-09 06:49 - 2017-07-28 00:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2017-08-09 06:49 - 2017-07-28 00:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2017-08-09 06:49 - 2017-07-28 00:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll 2017-08-09 06:49 - 2017-07-28 00:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2017-08-09 06:49 - 2017-07-28 00:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll 2017-08-09 06:49 - 2017-07-28 00:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-08-09 06:49 - 2017-07-28 00:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll 2017-08-09 00:38 - 2017-08-09 00:41 - 526442953 _____ C:\Users\Qwerty45\Downloads\Woah Dummy Video.mp4 2017-08-08 19:55 - 2017-08-08 19:55 - 000103980 _____ C:\Users\Qwerty45\Downloads\buu_not-for-profit-use - Part_1.wav 2017-08-08 16:10 - 2017-08-08 16:10 - 000016852 _____ C:\Users\Qwerty45\Downloads\Travi$ Scott - Drunk (Feat. Young Thug) - Part_3.wav 2017-08-08 16:09 - 2017-08-08 16:09 - 000007492 _____ C:\Users\Qwerty45\Downloads\Travi$ Scott - Drunk (Feat. Young Thug) - Part_2.wav 2017-08-08 16:06 - 2017-08-08 16:06 - 000008536 _____ C:\Users\Qwerty45\Downloads\Travi$ Scott - Drunk (Feat. Young Thug) - Part_1.wav 2017-08-08 01:09 - 2017-08-08 01:09 - 003253984 _____ C:\Users\Qwerty45\Downloads\ANTIDOTE SAMPLE PITCH IT DOWN 4 SEMITONES AND YOULL GET THE OG SAMPLE CUT.wav 2017-08-08 01:08 - 2017-08-08 01:08 - 003253984 _____ C:\Users\Qwerty45\Downloads\Lee_Fields_-_All_I_Need - Part_1.wav 2017-08-08 00:36 - 2017-08-08 00:36 - 018616336 _____ C:\Users\Qwerty45\Downloads\ACHE_-_Expectation_(1976) - Part_1.wav 2017-08-08 00:36 - 2017-08-08 00:36 - 001234528 _____ C:\Users\Qwerty45\Downloads\ACHE_-_Expectation_(1976) - Part_1 - Part_1.wav 2017-08-07 23:37 - 2017-08-07 23:37 - 000463288 _____ C:\Users\Qwerty45\Downloads\The_four_tops_-_Ask_the_lonely - Part_1.wav 2017-08-07 13:56 - 2017-08-07 13:56 - 001465832 _____ C:\Users\Qwerty45\Downloads\The_Education_of_Sonny_Carson_OST_-_Track_9_-_Flashbulbs - Part_1.wav 2017-08-07 01:53 - 2017-08-07 01:53 - 000028772 _____ C:\Users\Qwerty45\Downloads\Ibanez Pick (1) (1).wav 2017-08-07 01:52 - 2017-08-07 01:52 - 000028772 _____ C:\Users\Qwerty45\Downloads\Ibanez Pick (1).wav 2017-08-06 18:28 - 2017-08-07 02:08 - 000002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk 2017-08-06 18:28 - 2017-08-07 02:08 - 000002085 _____ C:\Users\Public\Desktop\iLok License Manager.lnk 2017-08-06 18:28 - 2017-08-07 02:08 - 000000000 ____D C:\Program Files (x86)\iLok License Manager 2017-08-06 18:19 - 2017-08-06 18:21 - 102081890 _____ C:\Users\Qwerty45\Downloads\LicenseSupportInstallerWin64 (1).zip 2017-08-06 18:15 - 2017-08-06 18:15 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\DBG 2017-08-06 18:05 - 2017-08-06 18:05 - 000002027 _____ C:\Users\Public\Desktop\Pro Tools 12.lnk 2017-08-06 18:01 - 2017-08-06 18:01 - 000000000 ____D C:\Users\Qwerty45\AppData\Roaming\Avid 2017-08-06 18:01 - 2017-08-06 18:01 - 000000000 ____D C:\Users\Public\Documents\Avid Video Engine 2017-08-06 17:54 - 2017-08-06 17:54 - 000000000 ____D C:\Users\Qwerty45\AppData\Roaming\FLEXnet 2017-08-06 17:51 - 2017-08-06 18:01 - 000000000 ____D C:\Program Files\Avid 2017-08-06 17:49 - 2017-08-06 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid 2017-08-06 17:48 - 2017-08-06 17:54 - 000000000 ___HD C:\AvidDownloads 2017-08-06 17:48 - 2017-08-06 17:51 - 000000000 ____D C:\Program Files (x86)\Avid 2017-08-06 17:48 - 2017-08-06 17:48 - 000000000 ____D C:\ProgramData\Avid 2017-08-06 16:00 - 2015-06-26 22:02 - 000022880 _____ (Avid Technology, Inc.) C:\WINDOWS\system32\Drivers\diginet.sys 2017-08-06 15:42 - 2017-08-13 14:21 - 000000000 ____D C:\Users\Qwerty45\Downloads\pro tools stuff 2017-08-06 15:38 - 2017-08-06 15:38 - 000000035 _____ C:\Users\Qwerty45\Downloads\Password c.txt 2017-08-04 19:25 - 2017-08-04 19:25 - 007543512 _____ C:\Users\Qwerty45\Downloads\sheesh 90 bpm bwoi.wav 2017-08-04 19:17 - 2017-08-04 19:17 - 002441622 _____ C:\Users\Qwerty45\Downloads\Attack_on_Titan_Season_2_OST_03_-_YouSeeBIGGIRL-T-T_(Reiner_Berthold_Transformation_Theme) - Part_4.wav 2017-08-04 17:34 - 2017-08-04 17:34 - 000033386 _____ C:\Users\Qwerty45\Downloads\Attack_on_Titan_Season_2_OST_03_-_YouSeeBIGGIRL-T-T_(Reiner_Berthold_Transformation_Theme) - Part_3.wav 2017-08-02 23:22 - 2017-08-02 23:30 - 000000000 ____D C:\Users\Qwerty45\Downloads\after effects stuff 2017-08-02 12:03 - 2017-08-02 12:03 - 000037416 _____ C:\Users\Qwerty45\Downloads\Franz_Schubert_-_Piano_Trio_No_2_in_E_flat_major - Part_1.wav ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-31 23:33 - 2017-07-30 21:01 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88C58348-7B8E-40F8-8BAC-B3B5EA8A1725} 2017-08-31 22:43 - 2017-07-30 20:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-08-31 19:47 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-08-31 19:47 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-08-31 02:00 - 2012-11-01 01:55 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\Adobe 2017-08-30 22:19 - 2017-07-30 21:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-08-30 22:18 - 2017-03-18 07:40 - 018087936 _____ C:\WINDOWS\system32\config\HARDWARE 2017-08-30 22:18 - 2017-03-18 07:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2017-08-30 12:52 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF 2017-08-30 12:06 - 2017-07-30 20:20 - 000000000 ____D C:\Users\Qwerty45 2017-08-30 03:09 - 2013-07-07 12:57 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\ElevatedDiagnostics 2017-08-30 03:00 - 2013-06-30 22:13 - 000000000 ____D C:\WINDOWS\pss 2017-08-30 01:04 - 2013-09-10 09:54 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\TopArcadeHits 2017-08-29 23:42 - 2012-11-22 01:49 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\CrashDumps 2017-08-29 23:09 - 2014-01-30 03:18 - 000000258 __RSH C:\ProgramData\ntuser.pol 2017-08-28 01:36 - 2016-09-21 16:07 - 000000032 _____ C:\ProgramData\aceg.ini 2017-08-25 14:33 - 2012-10-29 13:52 - 000002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-23 16:30 - 2012-10-31 20:23 - 000000000 ____D C:\Users\Qwerty45\AppData\Roaming\Adobe 2017-08-23 16:21 - 2015-09-15 21:11 - 000000000 ____D C:\Program Files\Common Files\Adobe 2017-08-23 16:20 - 2015-09-15 21:12 - 000000000 ____D C:\Program Files\Adobe 2017-08-23 15:49 - 2016-09-27 06:36 - 1394984912 _____ C:\WINDOWS\MEMORY.DMP 2017-08-23 01:06 - 2015-09-15 21:21 - 000000000 ____D C:\Users\Qwerty45\Documents\Adobe 2017-08-23 01:06 - 2011-08-21 23:18 - 000000000 ____D C:\ProgramData\Adobe 2017-08-21 14:48 - 2017-05-06 11:33 - 000000000 ____D C:\Users\Qwerty45\Documents\Addictive Keys Logs 2017-08-20 18:58 - 2017-07-30 20:19 - 001390444 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-08-20 18:52 - 2017-05-03 19:12 - 000000000 ____D C:\ProgramData\Gramblr 2017-08-20 14:58 - 2012-11-01 00:44 - 000000000 ____D C:\Temp 2017-08-20 14:10 - 2012-10-29 14:11 - 000000000 ____D C:\Program Files (x86)\TOSHIBA Games 2017-08-20 14:09 - 2009-07-14 01:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-08-20 02:14 - 2017-07-30 20:20 - 000000000 ____D C:\Users\DefaultAppPool 2017-08-20 00:26 - 2016-09-15 14:31 - 000000000 ____D C:\Users\Qwerty45\Downloads\Tone2.ElectraX.VSTi.v1.2-prplxr 2017-08-19 23:39 - 2015-12-31 16:45 - 000000000 ____D C:\Program Files (x86)\Program Files (x86) 2017-08-19 14:46 - 2017-05-03 19:12 - 000000000 ____D C:\Program Files\Gramblr 2017-08-16 16:25 - 2017-07-30 21:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton 360 2017-08-16 16:01 - 2017-07-24 21:56 - 000000000 ____D C:\Users\Qwerty45\Downloads\PhotoshopPortable 2017-08-16 16:01 - 2017-02-16 20:28 - 000000000 ____D C:\Users\Qwerty45\Downloads\EveScripts 2017-08-14 23:44 - 2015-10-18 10:24 - 000000000 ____D C:\Program Files (x86)\Steinberg 2017-08-14 23:26 - 2015-09-15 20:58 - 000000000 ____D C:\ProgramData\boost_interprocess 2017-08-14 22:25 - 2017-03-18 07:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2017-08-11 00:37 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache 2017-08-09 18:08 - 2015-09-10 01:42 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-08-09 17:37 - 2017-07-30 20:14 - 005079592 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-08-09 17:34 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2017-08-09 17:34 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2017-08-09 17:34 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-08-09 17:34 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-08-09 17:34 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-08-09 17:33 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-08-09 17:33 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-08-09 17:33 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-08-09 07:04 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-08-09 07:01 - 2013-07-18 08:10 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-08-09 06:55 - 2012-11-02 19:28 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-08-09 00:37 - 2012-11-01 01:55 - 000000000 ____D C:\Users\Qwerty45\AppData\LocalLow\Adobe 2017-08-08 21:23 - 2015-10-24 23:00 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\Packages 2017-08-07 14:30 - 2015-10-16 13:37 - 000000000 ____D C:\Users\Qwerty45\Downloads\Rodeo (Deluxe) 2017-08-07 13:27 - 2016-09-28 14:40 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\ConnectedDevicesPlatform 2017-08-07 02:38 - 2016-12-28 21:53 - 000004096 _____ C:\Users\Qwerty45\PaceKeyChain 2017-08-06 19:43 - 2016-12-28 03:12 - 000000000 ____D C:\ProgramData\PACE 2017-08-06 19:41 - 2013-02-23 14:42 - 000000000 ____D C:\Users\Qwerty45\AppData\Roaming\SoftGrid Client 2017-08-06 18:29 - 2011-08-21 23:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-08-06 18:28 - 2016-12-01 22:03 - 000033504 _____ C:\WINDOWS\system32\Drivers\iLokDrvr.sys 2017-08-06 18:01 - 2015-10-15 20:48 - 000000000 ____D C:\Program Files\Common Files\Avid 2017-08-06 17:48 - 2012-11-01 00:46 - 000000000 ____D C:\Users\Qwerty45\AppData\Local\Downloaded Installations 2017-08-02 22:51 - 2016-09-04 15:20 - 000000000 ___RD C:\Users\Qwerty45\Creative Cloud Files ==================== Files in the root of some directories ======= 2014-07-18 15:53 - 2015-10-18 10:23 - 054401101 _____ () C:\Program Files\LUXONIX_Purity_1_2_7_DEMO_win.exe 2016-09-21 16:07 - 2017-08-28 01:36 - 000000032 _____ () C:\ProgramData\aceg.ini 2013-02-17 17:45 - 2013-02-21 17:14 - 000002041 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== 2017-08-26 16:13 - 2017-08-26 16:13 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext1328032545817477327.dll 2017-08-23 15:30 - 2017-08-23 15:30 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext1518996440393467507.dll 2017-08-24 15:24 - 2017-08-24 15:24 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext1881813077279115734.dll 2017-08-28 02:10 - 2017-08-28 02:10 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext2692807617637592397.dll 2017-08-23 21:04 - 2017-08-23 21:04 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext2737959611233789991.dll 2017-08-25 21:09 - 2017-08-25 21:09 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext2976824129678821684.dll 2017-08-23 15:56 - 2017-08-23 15:56 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext3106095699349482639.dll 2017-08-25 20:22 - 2017-08-25 20:23 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext3914285489675060232.dll 2017-08-21 22:44 - 2017-08-21 22:44 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext4084062227090207294.dll 2017-08-24 23:22 - 2017-08-24 23:22 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext4185893086871371790.dll 2017-08-30 00:17 - 2017-08-30 00:17 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext5105297303184788124.dll 2017-08-30 01:13 - 2017-08-30 01:13 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext5179390872916468894.dll 2017-08-30 12:53 - 2017-08-30 12:53 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext5306205000494281459.dll 2017-08-24 01:06 - 2017-08-24 01:06 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext5377410593191451090.dll 2017-08-28 01:27 - 2017-08-28 01:27 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext5859297050172832128.dll 2017-08-30 22:24 - 2017-08-30 22:24 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext6107483296596590129.dll 2017-08-29 12:38 - 2017-08-29 12:38 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext6277541176908701097.dll 2017-08-28 23:44 - 2017-08-28 23:44 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext7297753989428358316.dll 2017-08-29 23:43 - 2017-08-29 23:43 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext7531531463534043506.dll 2017-08-22 22:40 - 2017-08-22 22:40 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext9136312590766163320.dll 2017-08-23 18:19 - 2017-08-23 18:19 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext921789644283613885.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-28 01:51 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by Qwerty45 (01-09-2017 01:44:34) Running from C:\Users\Qwerty45\Downloads Windows 10 Home Version 1703 (X64) (2017-07-31 01:17:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= 7EF49B7320A04AFCADD3 (S-1-5-21-46816778-57343354-1960291723-1006 - Limited - Enabled) 8FF3F883D5384719B362 (S-1-5-21-46816778-57343354-1960291723-1007 - Limited - Enabled) Administrator (S-1-5-21-46816778-57343354-1960291723-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-46816778-57343354-1960291723-503 - Limited - Disabled) Guest (S-1-5-21-46816778-57343354-1960291723-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-46816778-57343354-1960291723-1002 - Limited - Enabled) Qwerty45 (S-1-5-21-46816778-57343354-1960291723-1000 - Administrator - Enabled) => C:\Users\Qwerty45 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 (Disabled - Out of date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 (Disabled - Out of date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117} FW: Norton 360 (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_2_1) (Version: 14.2.1 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated) Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_5) (Version: 1.0.5 - Adobe Systems Incorporated) Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_6) (Version: 1.0.6 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated) Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_1_2) (Version: 11.1.2 - Adobe Systems Incorporated) Adobe Photoshop (HKLM\...\{9B08B2EC-C82E-4D24-A3E0-57646E2CE480}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Amazon Music Importer (HKLM-x32\...\{98823CC0-51DA-565C-FF90-DCC72D47BD24}) (Version: 2.0.1 - Amazon Services LLC) Hidden Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC) Antares Auto-Tune Evo TDM (HKLM-x32\...\{E43E5F45-E924-4D83-9DB9-8D74BCF7A9DD}) (Version: 6.00.0009 - Antares Audio Technologies) Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB) Avid Application Manager (HKLM-x32\...\{A59C0B17-6673-46E6-9E00-BB25E755A299}) (Version: 2.4.0.6360 - Avid Technology, Inc.) Avid Effects (HKLM\...\{0B7B27FF-F720-44B2-94C5-EE410050539B}) (Version: 12.1.0.94 - Avid Technology, Inc.) Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 12.1.0.94 - Avid Technology, Inc.) Avid Pro Tools (HKLM\...\{478452E8-ED47-49C9-8B1D-59AD0A57E60A}) (Version: 12.1.0.94 - Avid Technology, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.430 - Corel Inc.) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) D110 (HKLM-x32\...\{55C4B9E9-39C8-4BD6-9BCF-41BE40393A5F}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0114 - Disc Soft Ltd) Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden Discord (HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\Discord) (Version: 0.0.298 - Discord Inc.) Ease Audio Converter 5.30 (HKLM-x32\...\Ease Audio Converter_is1) (Version: - ) ElectraX full (HKLM-x32\...\Tone2 ElectraX full_is1) (Version: - Tone2) FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio 12.1.2 (HKLM\...\FL Studio 12.1.2_is1) (Version: - ) FL Studio ASIO (HKLM\...\FL Studio ASIO) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden Gramblr (HKLM\...\Gramblr) (Version: 2.9.67 - Gramblr Team) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife) HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPAppStudio (HKLM-x32\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) Hidden HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation) Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.13 - PACE Anti-Piracy) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.) iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.03 - iZotope, Inc.) iZotope Nectar Elements (HKLM-x32\...\iZotope Nectar Elements_is1) (Version: 1.00 - iZotope, Inc.) Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.59.2 - JMicron Technology Corp.) Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel) LUXONIX Purity DEMO (HKLM-x32\...\LUXONIX_Purity) (Version: 1.2.7 DEMO - LUXONIX) Luxonix Purity VSTi v1.1.2 (HKLM-x32\...\Luxonix Purity VSTi_is1) (Version: - ) MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.4.2.419 - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments) Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden Network64 (HKLM\...\{CE47BA54-78AC-409F-9151-BDF5BE15A804}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden Norton 360 (HKLM-x32\...\N360) (Version: 22.10.0.85 - Symantec Corporation) Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project) Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION PACE License Support Win64 (HKLM\...\{233E2172-6B0E-4444-8BBA-C0D2BB9D7C37}) (Version: 3.1.7.1901 - PACE Anti-Piracy, Inc.) Hidden PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden PACE License Support Win64 (HKLM-x32\...\InstallShield_{233E2172-6B0E-4444-8BBA-C0D2BB9D7C37}) (Version: 3.1.7.1901 - PACE Anti-Piracy, Inc.) PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) PS_AIO_07_D110_SW_Min (HKLM-x32\...\{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.) QuickTransfer (HKLM-x32\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6323 - Realtek Semiconductor Corp.) reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - ) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Rosetta Stone Ltd Services (HKLM-x32\...\{FFF186B6-4D02-4D8D-A776-C43E062E01A9}) (Version: 3.2.18 - Rosetta Stone Ltd.) Rosetta Stone TOTALe (HKLM-x32\...\{4010ADCB-1347-D570-FCF1-3002CABEBD2F}) (Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden Rosetta Stone TOTALe (HKLM-x32\...\{8A1FEA5E-8DB8-AD80-5C14-AEF33D16EF5A}) (Version: 4.1.1 - Rosetta Stone, Ltd) Hidden Rosetta Stone TOTALe (HKLM-x32\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd) Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden Screenpresso (HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\Screenpresso) (Version: 1.7.0.0 - Learnpulse) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden SolutionCenter (HKLM-x32\...\{8E4B1BE8-DCF3-4B90-A726-B28107442623}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden Status (HKLM-x32\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden Sugar Bytes Effectrix Demo 1.4.3 (HKLM\...\Effectrix_is1) (Version: 1.4.3 - Sugar Bytes) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1032 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated) Toolbox (HKLM-x32\...\{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}) (Version: 140.0.424.000 - Hewlett-Packard) Hidden Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION) Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation) TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION) TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation) Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation) TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION) Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation) TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation) TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.30 - TOSHIBA Corporation) TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION) TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION) TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA) TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.3C - TOSHIBA) Hidden Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.3C - TOSHIBA) Hidden WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) XLN Online Installer (HKLM\...\XLN Online Installer Inno Setup ID_is1) (Version: - ) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.) Zynaptiq UNMIX DRUMS 1.0.1 (Win32) (HKLM-x32\...\{1A9FF1F0-7997-41CB-82D9-1661DBA43004}) (Version: 1.0.1 Build 5 - Zynaptiq) Zynaptiq UNMIX DRUMS 1.0.1 (x64) (HKLM\...\{A69D5782-6E75-49AE-8559-FFDE2AD3DE29}) (Version: 1.0.1 Build 5 - Zynaptiq) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-BDF8E70C4DC9}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Qwerty45\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Qwerty45\AppData\Roaming\unincar\cumadis.dll => No File <==== ATTENTION CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Qwerty45\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Qwerty45\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Qwerty45\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Qwerty45\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Qwerty45\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Qwerty45\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Qwerty45\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-46816778-57343354-1960291723-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> \\?\globalroot\Device\HarddiskVolume2\Users\Qwerty45\AppData\Local\Temp\spvvpme\somweox\wow.dll => No File ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] () ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation) ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-29] () ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] () ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.) ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal) ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\windows\SysWOW64\WSCM64.dll [2015-02-27] () ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation) ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation) ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-29] () ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-07-18] () ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation) ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal) FolderExtensions: [ShellFolder for CD Burning] -> {fbeb8a05-beee-4442-804e-409d6c4515e9} => \\?\globalroot\Device\HarddiskVolume2\Users\Qwerty45\AppData\Local\Temp\spvvpme\somweox\wow.dll -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0074551D-2763-4950-B66A-8EDC31E98073} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {04367D5D-79DB-4496-8643-D075517BFA5A} - System32\Tasks\9fb84e2b0df14682486e50657f354d01 => sc start 9fb84e2b0df14682486e50657f354d01 <==== ATTENTION Task: {044A34FF-8FC0-47E1-88A5-FDB3D4B3EE74} - System32\Tasks\AdobeAAMUpdater-1.0-Foxy1-Qwerty45 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {0B907308-7DC3-4600-B3F2-1CABCEC6BD44} - System32\Tasks\72058313 => C:\Program Files (x86)\Midsize\belushi.exe <==== ATTENTION Task: {0C816F3A-8102-46D5-A105-9D6485D62E84} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2017-07-14] (Symantec Corporation) Task: {0FB12037-5454-47F0-9EA6-4D956725EE1E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1072AF4D-DFA5-485E-AEDE-D29FC624701B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {14662B22-C042-4A4C-B294-792DB50EE983} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION) Task: {165E7116-B1BA-4576-9555-20F036241DFB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated) Task: {17263487-C0B5-4256-AD11-6D3E6CCAE652} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation) Task: {213C676E-C327-4CA8-A2CF-A97CD44B5BA6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-46816778-57343354-1960291723-1000Core => C:\Users\Qwerty45\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {21B27300-0B53-4D43-8474-0071C5533422} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {230C56DD-CC1A-4282-A783-364866E7EE3B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {25A5701F-473E-4228-85ED-E735F5FF8A6C} - System32\Tasks\ga4211249542112495 => C:\Users\Qwerty45\AppData\Local\belushi.exe Task: {28684D6E-8ECF-4724-BA75-0411AB5C3092} - System32\Tasks\54100156 => C:\Program Files (x86)\Tg\belushi.exe <==== ATTENTION Task: {2A3352D0-BC51-4C74-9B77-CB77E1AF4063} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2D691A94-E9ED-42DA-BBD6-4E47CAD216F5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {32CD12E2-7184-4953-9A7F-2CB702679DE7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {37E678B0-80AF-4BF5-AB12-D36544AC1B9D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {38C3C139-0C11-4244-B39A-44803186094E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {39ED74B0-F708-4514-972E-57581B16F437} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {3E38D741-5C9D-493E-9FE0-671880A93606} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION Task: {42F46E08-6A86-42D7-A4E1-57D51DD2CBE5} - System32\Tasks\ga7205831372058313 => C:\Program Files (x86)\Midsize\belushi.exe Task: {4874C1A8-FDF8-4243-BC0E-BFF658466C44} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {4930DF5F-6630-42C1-BD68-62FEDAB0DB2A} - System32\Tasks\Updater21806.exe => C:\Users\Qwerty45\AppData\Local\Updater21806\Updater21806.exe <==== ATTENTION Task: {4A0B886C-8DF8-4BDC-B13E-C0BA6BC5412B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {4C213A4E-103B-4129-85F1-35F1564B5893} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5524916F-104A-4FA5-9969-66728A72D2AB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {60F02232-E50B-4DD0-A658-8E0D4DAD4448} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-46816778-57343354-1960291723-1000UA => C:\Users\Qwerty45\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {633C8A62-9A96-4E2C-A4F3-B20EEE4E6C8A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {646D8DB5-7448-4792-9AFC-68423CEDE267} - System32\Tasks\gak72058313k72058313 => C:\Program Files (x86)\trusted\trusted.exe [2017-08-13] (stocks) Task: {64EEADCE-F26A-4FAC-8FAC-46CC1CB83E43} - System32\Tasks\ga5410015654100156 => C:\Program Files (x86)\Tg\belushi.exe Task: {6AF2081A-00A3-4574-AF01-508BC969351D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-08-09] (Microsoft Corporation) Task: {6EBF7769-E76C-43EC-8EE8-8E08DE8DCF19} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: {765467D8-F1EB-41EB-99CA-60D37BA7BE20} - System32\Tasks\{02E8938B-77B1-4B85-B39D-1A9FEEE9AE2B} => C:\windows\system32\pcalua.exe -a "C:\Users\Qwerty45\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZLQ34Z2\wlsetup-web.exe" -d C:\Users\Qwerty45\Desktop Task: {7752ECD6-7E18-4728-9D16-1588E25120F3} - System32\Tasks\eh => C:\Program Files (x86)\Image-Line\FL Studio 12.1\FL.exe [2015-08-11] (Image-Line) Task: {7B63278D-519F-46BE-A2CE-B0CC7E12B95C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {7BC96433-8B59-4A11-9F18-5262707E62BD} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation) Task: {7C118ABB-43DA-422A-A112-7793AF1A9C78} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {7F5DD076-48E2-44B1-BB48-26E469BB8694} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {814E97B6-B49C-4538-8E2D-06FD4F6EF85A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-46816778-57343354-1960291723-1000UA1d2b47eb019552 => C:\Users\Qwerty45\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {81DEAEB2-7FFA-43BD-AB5B-5442551AE3A3} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: {83CD15E6-78E4-4759-9F18-F8C56D4784F6} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION Task: {84977A4D-1245-4127-B525-E57ABD9A02C6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {8989F02E-951F-40C5-85A5-D805C7C85595} - \Microsoft\Windows\Media Center\mcupdate_scheduled -> No File <==== ATTENTION Task: {9039B8A4-9BB1-4F11-9E6B-59D02FF1785A} - System32\Tasks\{B5F3BE4F-3DF9-4526-B788-1C09136DC0AF} => C:\windows\system32\pcalua.exe -a "C:\Users\Qwerty45\Downloads\wlsetup-web (1).exe" -d C:\Users\Qwerty45\Desktop Task: {94DBB326-E4ED-4B25-8A74-D3BB93D114E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {966BC96D-F988-4FBC-9347-49D45294C1CF} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2017-07-13] (Adobe Systems Incorporated) Task: {A876E2D3-F668-42C1-BBEF-4E2F94C4B723} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {AD04852E-9D6B-4F43-8F02-7B542BCF6346} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {B0B96072-0402-4B82-A3F9-E78E91ABFA3B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B56865AE-E127-4FFE-9D1F-D308DD51DCE7} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation) Task: {B79E1AAB-C17F-4DF8-9946-0558BF9F1665} - System32\Tasks\5a295e92eb7692d6756c9349f3ac22fc => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\WINDOWS\5a295e92eb7692d6756c9349f3ac22fc.ps1" <==== ATTENTION Task: {B843A927-CE21-4A45-A9F1-30AB73ECA7DB} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: {B8FAD605-2921-4EEA-801A-2C9A163419F1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C30A8561-BC14-49B2-938E-FFE5E2231D9F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C357ED8B-1006-4F46-AAB2-A73D64F11176} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {C593677A-1D91-4073-A140-5CC7F528AAF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-46816778-57343354-1960291723-1000Core1d2b47eade154a => C:\Users\Qwerty45\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {C71D0C17-5CA1-45C5-8DCA-52297A318F90} - System32\Tasks\{838766B3-652E-4A71-ACC9-B60A6C97C59F} => C:\WINDOWS\system32\pcalua.exe -a E:\Autorun.exe -d E:\ Task: {D32A2485-6BEC-45EC-A9F0-163C5AD97B66} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation) Task: {D7B105F1-A888-44E3-A9E9-51F296E5A0B5} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D8DD1B16-E4E9-4320-B762-D7F7C2BD2270} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {DAEF5D1A-B8B4-4380-B106-45004F8CA530} - System32\Tasks\{378E9AC8-C0F4-4C21-919D-40576465C793} => C:\windows\system32\pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe" Task: {DB9DDE4C-E485-40D1-89D1-FF89FC7DC4F8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {DC01740B-B66C-4DFC-B9D3-60E3A43F3262} - System32\Tasks\k72058313 => C:\Program Files (x86)\trusted\trusted.exe [2017-08-13] (stocks) Task: {DC9DA170-18EC-4088-A722-28C4C99960A5} - System32\Tasks\42112495 => C:\Users\Qwerty45\AppData\Local\belushi.exe <==== ATTENTION Task: {E19FDF11-916B-4011-96A7-D74BEEFFA68D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {E99D8BDF-2CD3-4415-AE4F-9E3317B5F292} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {F311C6B3-0E3B-4C57-A97E-68B946370F4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {F3F8EE29-04AF-4DA5-9091-28838F2527F1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {FBEBED4A-E9B5-49C9-8ADD-6433E85A3963} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {FDAF80A9-BB2C-4DE3-BA9A-AD37CDF60BB8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FDE5FECE-E336-4644-AECF-7A6469D09539} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-07-18 00:50 - 2017-07-18 00:50 - 000492112 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll 2017-08-29 21:09 - 2017-08-29 21:09 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2015-10-24 18:50 - 2015-02-27 17:38 - 000721263 _____ () C:\windows\SysWOW64\WSCM64.dll 2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-08-13 14:37 - 2017-08-13 14:37 - 002793472 ____N () C:\WINDOWS\SYSTEM32\MSISCXC.EXE 2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-07-31 22:13 - 2017-07-31 22:13 - 000429568 ____N () C:\WINDOWS\SYSTEM32\RAVCPDKZ.EXE 2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll 2017-08-20 20:38 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll 2017-08-20 20:38 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll 2017-06-08 14:37 - 2017-06-08 14:37 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-08-25 14:19 - 2017-08-25 14:20 - 010600960 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2017-08-25 14:19 - 2017-08-25 14:20 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll 2017-08-23 15:38 - 2017-08-23 15:39 - 024502272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe 2017-08-23 15:38 - 2017-08-23 15:39 - 009145344 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\EntCommon.dll 2017-08-08 21:21 - 2017-08-08 21:21 - 003544488 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-08-19 15:11 - 2017-08-19 16:16 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-08-19 15:11 - 2017-08-19 16:14 - 029627904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-08-19 15:11 - 2017-08-19 16:16 - 000358912 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll 2017-08-19 15:11 - 2017-08-19 16:16 - 002536448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2017-08-19 15:11 - 2017-08-19 16:16 - 020719104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2017-08-19 15:11 - 2017-08-19 16:16 - 002415104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2017-08-19 15:11 - 2017-08-19 16:15 - 003065856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2017-06-08 14:37 - 2017-06-08 14:37 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-06-14 14:26 - 2017-06-14 14:27 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll 2017-08-19 15:11 - 2017-08-19 16:16 - 001370112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-07-26 23:15 - 2017-07-26 23:16 - 032960512 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe 2017-07-26 23:15 - 2017-07-26 23:16 - 009161728 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\EntCommon.dll 2017-07-13 18:37 - 2017-07-13 18:38 - 003500456 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-07-26 23:15 - 2017-07-26 23:16 - 013154304 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.Visuals.dll 2017-07-08 16:46 - 2017-07-08 16:46 - 000016384 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.1.0_x86__wgeqdkkx372wm\Twitter.Windows.exe 2017-08-25 14:33 - 2017-08-23 04:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll 2017-08-25 14:33 - 2017-08-23 04:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll 2017-07-13 20:50 - 2017-07-13 20:50 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2017-07-13 20:51 - 2017-07-13 20:51 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-10-05 19:18 - 2016-10-05 19:18 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-24 18:51 - 2015-04-28 18:22 - 001498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2015-10-24 18:51 - 2014-05-19 20:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2013-08-23 12:43 - 2013-08-23 12:43 - 003386880 _____ () c:\program files (x86)\avid\application manager\jre\bin\client\jvm.dll 2017-08-30 22:24 - 2017-08-30 22:24 - 000110592 _____ () C:\Users\Qwerty45\AppData\Local\Temp\ext6107483296596590129.dll 2017-07-08 16:46 - 2017-07-08 16:46 - 017818112 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.1.0_x86__wgeqdkkx372wm\Twitter.Windows.dll 2015-01-17 05:27 - 2015-01-17 11:27 - 026940728 _____ () C:\Program Files (x86)\Image-Line\Shared\dsp_ipp.dll 2015-03-18 12:18 - 2015-03-18 18:18 - 000534840 _____ () C:\Program Files (x86)\Image-Line\Shared\QuickFontCache.dll 2014-12-02 15:32 - 2014-12-02 21:32 - 000486712 _____ () C:\Program Files (x86)\Image-Line\Shared\freetype.dll 2016-09-23 16:49 - 2015-06-11 07:02 - 000120632 _____ () c:\program files\image-line\fl studio asio\ilwasapi2asio.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\PACE:7CEB1E8A235CA015 [1] AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [120] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 17:03 - 2017-08-13 14:37 - 000001282 _____ C:\WINDOWS\system32\Drivers\etc\hosts 162.222.193.86 aoaomo.tremorhub.com 188.95.50.62 bobomo.tremorhub.com 162.222.193.86 www.howcast.com 162.222.193.86 howcast.com 162.222.193.86 www.ustream.tv 162.222.193.86 ustream.tv 162.222.193.86 www.livestream.com 162.222.193.86 livestream.com 162.222.193.86 www.dailymotion.com 162.222.193.86 dailymotion.com 192.192.3.8 www.virustotal.com 192.192.3.8 virustotal.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-46816778-57343354-1960291723-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Qwerty45\Pictures\CHAPTER 2 FINALIZED (2).jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: DigiRefresh => 2 MSCONFIG\Services: digiSPTIService64 => 3 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: EvtEng => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: GamesAppIntegrationService => 3 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: gramblrclient => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: IviRegMgr => 2 MSCONFIG\Services: JavkSmZpb => 2 MSCONFIG\Services: LMIRescue_f92948e0-2ce6-4f43-b62f-6b067e3b7d80 => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MyWiFiDHCPDNS => 3 MSCONFIG\Services: NetHttpService => 2 MSCONFIG\Services: Norton PC Checkup Application Launcher => 2 MSCONFIG\Services: PaceLicenseDServices => 2 MSCONFIG\Services: PassThru Service => 2 MSCONFIG\Services: PSI_SVC_2 => 2 MSCONFIG\Services: RegSrvc => 2 MSCONFIG\Services: ReimageRealTimeProtector => 2 MSCONFIG\Services: RosettaStoneDaemon => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Thpsrv => 2 MSCONFIG\Services: TMachInfo => 3 MSCONFIG\Services: TODDSrv => 2 MSCONFIG\Services: TosCoSrv => 2 MSCONFIG\Services: TOSHIBA eco Utility Service => 2 MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3 MSCONFIG\Services: TPCHSrv => 3 MSCONFIG\Services: UNS => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon MSCONFIG\startupreg: DAEMON Tools Lite => "E:\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Google Update => "C:\Users\Qwerty45\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: HP Update => regsvr32.exe C:\Users\Qwerty45\AppData\Local\HP\idqbe32.dll MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe MSCONFIG\startupreg: HTC => rundll32 "C:\Users\Qwerty45\AppData\Local\Google\HTC\idpjhpgbbb.dll",DllRegisterServer MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray MSCONFIG\startupreg: Internet Security => C:\Users\Qwerty45\AppData\Roaming\tdefender.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KeNotify => "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM MSCONFIG\startupreg: Norton Download Manager{N360216032-SHPD-FSD40014} => C:\Users\Public\Downloads\Norton\{N360216032-SHPD-FSD40014}\NortonN360Downloader.exe /m MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3 MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe HKLM\...\StartupApproved\StartupFolder: => "Avid Application Manager.lnk" HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\StartupApproved\StartupFolder: => "depleting.lnk" HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\StartupApproved\Run: => "fool" HKU\S-1-5-21-46816778-57343354-1960291723-1000\...\StartupApproved\Run: => "chicagoans" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{945D0509-2D2C-40F9-A00D-C108B2ED06D8}C:\users\qwerty45\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\qwerty45\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{926D7698-8EFF-4640-BD1E-2B19B79D8031}C:\users\qwerty45\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\qwerty45\appdata\roaming\spotify\spotify.exe FirewallRules: [{B953947A-13A1-4802-9BD7-CD6FA363C5CE}] => (Allow) LPort=8317 FirewallRules: [{3EE2E7CC-2BC1-4C24-AC8A-BA3983FCBACD}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{C4BE876A-F01C-43D2-94A8-3BA940543E0F}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{B7598162-6477-4E3B-B36C-0643E719ADB9}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{C0230BA6-8447-469E-95F6-8FD03B85F8B5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{AE70206F-009F-47E2-A03F-8E789DB1C01D}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{82B42763-B8A1-4A9A-B108-44939B65D140}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{FE933922-3458-4733-A1F1-EBB0056C4054}] => (Allow) LPort=443 FirewallRules: [{809FA8C6-3F84-4EF0-88F4-06E7841EE0A4}] => (Allow) LPort=443 FirewallRules: [{86F1EA63-73FB-406B-93AD-1F811A61554D}] => (Allow) LPort=37674 FirewallRules: [{ADD9ABBB-6BBF-40D1-8D70-BF5FD597769F}] => (Allow) LPort=37674 FirewallRules: [{3B66A809-E8BE-4B8C-93C7-275B4C4BB14F}] => (Allow) LPort=37675 FirewallRules: [{0CB64445-CA01-4B2B-8F35-C4D02417C9F0}] => (Allow) C:\Users\Qwerty45\AppData\Local\Temp\7zS4142\setup\hpznui40.exe FirewallRules: [{DB78D0BA-F1A0-48AD-B169-CD7CB49047A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{319446BE-F0D4-4AC2-8A3F-7A7DB883FCEB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{EE853505-7C9F-4F8C-8891-DE783274C109}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{0B2AB488-C5A5-4772-9F31-FF1E4E1E379D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{9FB9CDE4-8579-49C8-A81D-89F7923B7675}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{F70377C9-DD74-4024-8D81-0B85BEA64C61}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{95C6028D-E9A0-4A25-B80C-20F18152EA01}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{4C08DE53-365D-4B74-AA82-EE6102F8FF8D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{FF9BAE26-BE32-4ADD-9F13-9CF53CBA70C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{AF4F0E96-A53E-4A42-B26C-5957789B09D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{54806090-E4B8-4E8F-94F6-D032478E4F12}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{6BC0FEEC-DCF1-4127-B896-A74078F63D22}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{18DB864A-D15B-4FF5-B866-C1464C9CF187}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{5009DAB6-DF0B-405D-A1C9-0457372589E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{ADACEF2E-8977-466C-B664-05DC7BE9A2D4}] => (Allow) C:\Users\Qwerty45\AppData\Local\Temp\7zSFFEA.tmp\SymNRT.exe FirewallRules: [{F5AF263F-CC1D-4A2E-9698-0CB05A6B7662}] => (Allow) C:\Users\Qwerty45\AppData\Local\Temp\7zSFFEA.tmp\SymNRT.exe FirewallRules: [{0AF973F1-F8B9-49FF-9197-06D9CF696787}] => (Allow) C:\Users\Qwerty45\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [{FC631D23-AF4A-43A8-B6BD-83CA54A35A37}] => (Allow) C:\Users\Qwerty45\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [{5D7BF45F-324D-4965-A407-4F8433504C9C}] => (Allow) C:\Users\Qwerty45\AppData\Local\Temp\7zSB156.tmp\SymNRT.exe FirewallRules: [{2C92C927-263B-44A8-8BF9-4B842F737FC3}] => (Allow) C:\Users\Qwerty45\AppData\Local\Temp\7zSB156.tmp\SymNRT.exe FirewallRules: [{C7553E8D-690E-4B78-A34B-98D86E23AC14}] => (Allow) C:\Users\Qwerty45\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [{B514358E-1248-4C21-BB8D-C6D8B185787D}] => (Allow) C:\Users\Qwerty45\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [{44EE3369-3A9C-456B-9B5D-2AF7023B5BC6}] => (Allow) LPort=10255 FirewallRules: [{8B3FBEDB-60B6-4156-8964-F9B1869C3C35}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{DA1456A2-7987-4FA0-8082-5EE3901D9B7B}] => (Allow) LPort=2869 FirewallRules: [{D6181CA6-806B-43C9-B0F9-63BD10988E2C}] => (Allow) LPort=1900 FirewallRules: [{66D93A01-98EC-4DFD-B3F2-7B5B7433557B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{2D81A8DE-FA2F-41A2-A158-64FEFD1B295A}] => (Allow) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe FirewallRules: [{922074AB-CFFD-456D-8700-16A42F308B61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BDD2D085-309B-4F48-8D5C-A9734687483B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1AD72442-6E3A-49DB-8AD7-9412F8D80F1E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6A9A21AE-C648-4E31-A088-CB05FFB0F047}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A1827AA6-EBE6-4D12-960C-9E1DE2248D99}] => (Allow) C:\Program Files\Avid\Pro Tools\AvidVideoEngine.exe FirewallRules: [TCP Query User{B1DCF615-073E-40F7-B6E5-E4E39C7F4A55}C:\program files (x86)\avid\application manager\avidappmanhelper.exe] => (Allow) C:\program files (x86)\avid\application manager\avidappmanhelper.exe FirewallRules: [UDP Query User{542CA5E8-BCA7-46DC-9939-C7BD3F7022F1}C:\program files (x86)\avid\application manager\avidappmanhelper.exe] => (Allow) C:\program files (x86)\avid\application manager\avidappmanhelper.exe FirewallRules: [{ACE2C3DB-1978-4752-9312-C3F039ADC86C}] => (Allow) C:\Program Files (x86)\Tg\belushi.exe FirewallRules: [{C5121901-CAD0-4060-A499-96670C61321F}] => (Allow) C:\Program Files (x86)\Midsize\belushi.exe FirewallRules: [{E65DDD6E-8CE3-4312-8760-39E3453FD063}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{9276238B-355C-4AB0-AA38-4891F7BB602F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-08-2017 03:09:34 Scheduled Checkpoint 29-08-2017 14:06:17 Scheduled Checkpoint 29-08-2017 20:19:22 AFTER REIMAGE ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Photosmart D110 Description: HP Photosmart D110 Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Hewlett-Packard Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/30/2017 10:19:50 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support. Error: (08/30/2017 09:49:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WXLFSTEALTH) Description: Activation of app 9E2F88E3.Twitter_wgeqdkkx372wm!x554f661dyd360y462cy8743yf8a99b7d41dbx failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/30/2017 04:19:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: DTLite.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException at DTClient.ViewModel.Wizards.Base.DTWizardBase.CanClose() at System.Linq.Enumerable.All[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Func`2<System.__Canon,Boolean>) at DTClient.BaseWindow.RequestClose(Boolean, Boolean) at DTClient.BaseApp.Application_SessionEnding(System.Object, System.Windows.SessionEndingCancelEventArgs) at System.Windows.Application.OnSessionEnding(System.Windows.SessionEndingCancelEventArgs) at System.Windows.Application.WmQueryEndSession(IntPtr, IntPtr ByRef) at System.Windows.Application.AppFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) Error: (08/30/2017 12:47:55 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support. Error: (08/30/2017 03:14:32 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support. Error: (08/30/2017 03:12:53 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support. Error: (08/30/2017 01:08:41 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support. Error: (08/30/2017 12:12:14 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support. Error: (08/30/2017 12:02:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WXLFSTEALTH) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/29/2017 11:42:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WXLFSTEALTH) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (08/30/2017 10:36:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The 9fb84e2b0df14682486e50657f354d01 service failed to start due to the following error: The system cannot find the path specified. Error: (08/30/2017 10:33:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The -- service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/30/2017 10:33:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the -- service to connect. Error: (08/30/2017 10:26:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service hung on starting. Error: (08/30/2017 10:20:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The msidntfs service failed to start due to the following error: Access is denied. Error: (08/30/2017 10:19:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (08/30/2017 10:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PCCUJobMgr service failed to start due to the following error: The requested resource is in use. Error: (08/30/2017 10:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The N360 service failed to start due to the following error: The requested resource is in use. Error: (08/30/2017 10:19:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The 9fb84e2b0df14682486e50657f354d01 service failed to start due to the following error: The system cannot find the path specified. Error: (08/30/2017 10:19:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CldFlt service failed to start due to the following error: The request is not supported. CodeIntegrity: =================================== Date: 2017-08-13 14:36:27.966 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-13 14:36:27.963 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-13 14:32:19.748 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-13 14:32:19.746 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-13 14:28:24.485 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-13 14:28:24.481 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-13 14:28:24.397 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-13 14:28:24.393 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-13 14:28:24.079 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-13 14:28:24.074 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 40% Total physical RAM: 8098.68 MB Available physical RAM: 4852.04 MB Total Virtual: 8610.68 MB Available Virtual: 5061.2 MB ==================== Drives ================================ Drive c: (TI106240W0D) (Fixed) (Total:681.25 GB) (Free:207.84 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (Nexus 2) (CDROM) (Total:3.21 GB) (Free:0 GB) UDF Drive f: (IDK) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 1F0FF995) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=681.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=867 MB) - (Type=27) Partition 4: (Not Active) - (Size=15.1 GB) - (Type=17) ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 00107179) Partition 1: (Active) - (Size=1.9 GB) - (Type=0C) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Valinorum Posted September 17, 2017 ID:1164316 Share Posted September 17, 2017 Please follow the link below and attach the logs Link to post Share on other sites More sharing options...
wxlfstealth Posted September 25, 2017 Author ID:1166872 Share Posted September 25, 2017 On 9/17/2017 at 1:32 AM, Valinorum said: Please follow the link below and attach the logs this thread is no longer open to replies, i'm afraid Link to post Share on other sites More sharing options...
Valinorum Posted September 25, 2017 ID:1166916 Share Posted September 25, 2017 I meant follow the instructions from that thread and attach the logs here. Link to post Share on other sites More sharing options...
Recommended Posts