Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Line 0 (File "C:\ProgramData\gedvdk\GeDvDK"):

Virus Malware

  • This topic is locked This topic is locked

#1
LaptopsVSComputers

LaptopsVSComputers

    Member

  • Member
  • PipPip
  • 10 posts

I've been having this problem for a while now I first made a topic about it here but when work got busy I was unable to moderate the thread I posted because the company is family owned but I am looking for a way to terminate this virus of my computer so I can enjoying gaming in my spare time like I used to.

Here is a topic from here solved with a similiar problem I believe maybe be the same but the fix said basically for him to do it for his computer any other might be at its own risk I didnt want to try and lose my documents: http://www.geekstogo...ening-the-file/


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
LaptopsVSComputers

LaptopsVSComputers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Clyde (administrator) on CLYDE-PC (07-08-2016 02:25:12)
Running from C:\Users\Clyde\Downloads
Loaded Profiles: Clyde (Available Profiles: Clyde)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
() C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender) C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\updatesrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Bitdefender) C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\bdagent.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Users\Clyde\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373248 2012-03-28] (Alcor Micro Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BDAgent] => C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\bdagent.exe [1066232 2012-02-28] (Bitdefender)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2011-05-23] ()
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\...\Run: [Facebook Update] => C:\Users\Clyde\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-11-03] (Facebook Inc.)
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-03-31] (Electronic Arts)
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26418304 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan SafeBox\safeboxshell.dll [2012-02-22] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan SafeBox\safeboxshell.dll [2012-02-22] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan SafeBox\safeboxshell.dll [2012-02-22] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan SafeBox\safeboxshell.dll [2012-02-22] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-02-18]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Clyde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-05-18]
ShortcutTarget: Curse.lnk -> C:\Users\Clyde\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{5a7ccfe1-9953-4270-8c32-242665312df6}: [DhcpNameServer] 192.168.2.1 142.166.166.166
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3110895061-1688022509-3107457843-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-3110895061-1688022509-3107457843-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Clyde\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3110895061-1688022509-3107457843-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Clyde\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-20] (Unity Technologies ApS)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\bdtbext
FF Extension: bdToolbar - C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\bdtbext [2016-05-31] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\bdtbext
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-29] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Wallet) - C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-22]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2011-03-27] () [File not signed]
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-01] (NVIDIA Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3975544 2012-05-09] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-01] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-03-31] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-27] ()
S3 SafeBox; C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan SafeBox\safeboxservice.exe [75384 2012-02-21] (Bitdefender)
S3 Update Server; C:\Program Files\Common Files\Ultimate Protection Plan\Ultimate Protection Plan Arrakis Server\bin\arrakis3.exe [466736 2011-10-14] (BitDefender)
R2 UPDATESRV; C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\updatesrv.exe [62512 2012-01-23] (Bitdefender)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
S2 vsserv; C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\vsserv.exe [1955080 2012-03-01] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4334232 2015-09-24] (Qualcomm Atheros Communications, Inc.)
R1 BdfNdisf; C:\Program Files\Common Files\Ultimate Protection Plan\Ultimate Protection Plan Firewall\bdfndisf6.sys [90192 2011-11-14] (BitDefender LLC)
R0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [442088 2011-08-16] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Ultimate Protection Plan\Ultimate Protection Plan Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdsandbox; C:\WINDOWS\system32\drivers\bdsandbox.sys [79952 2011-11-17] (BitDefender SRL)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [329800 2011-10-27] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U0 avc3; no ImagePath
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-07 02:25 - 2016-08-07 02:25 - 00024156 _____ C:\Users\Clyde\Downloads\FRST.txt
2016-08-07 02:25 - 2016-08-07 02:25 - 00000000 ____D C:\FRST
2016-08-07 02:24 - 2016-08-07 02:24 - 02393600 _____ (Farbar) C:\Users\Clyde\Downloads\FRST64.exe
2016-07-19 07:01 - 2016-07-19 07:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-07-19 05:24 - 2016-07-20 11:41 - 00000021 _____ C:\Users\Clyde\Desktop\google account.txt
2016-07-12 10:47 - 2016-06-30 22:30 - 00284352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-07-12 10:47 - 2016-06-30 21:49 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-07-12 10:47 - 2016-06-30 21:49 - 00337336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-07-12 10:47 - 2016-06-30 21:35 - 01552104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-07-12 10:47 - 2016-06-30 21:35 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-07-12 10:47 - 2016-06-30 21:35 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-07-12 10:47 - 2016-06-30 21:35 - 00847656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-07-12 10:47 - 2016-06-30 21:35 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-07-12 10:47 - 2016-06-30 21:34 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-07-12 10:47 - 2016-06-30 21:33 - 00730352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-07-12 10:47 - 2016-06-30 21:33 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-07-12 10:47 - 2016-06-30 21:32 - 01603224 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2016-07-12 10:47 - 2016-06-30 21:32 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-07-12 10:47 - 2016-06-30 21:32 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-07-12 10:47 - 2016-06-30 21:25 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-07-12 10:47 - 2016-06-30 21:25 - 02145032 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-07-12 10:47 - 2016-06-30 21:25 - 01987936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-07-12 10:47 - 2016-06-30 21:25 - 00648256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-07-12 10:47 - 2016-06-30 21:25 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-07-12 10:47 - 2016-06-30 21:25 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-07-12 10:47 - 2016-06-30 21:21 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-07-12 10:47 - 2016-06-30 21:21 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-07-12 10:47 - 2016-06-30 21:20 - 00388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2016-07-12 10:47 - 2016-06-30 21:19 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-07-12 10:47 - 2016-06-30 21:11 - 01522160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-07-12 10:47 - 2016-06-30 20:57 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-07-12 10:47 - 2016-06-30 20:56 - 22379520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-07-12 10:47 - 2016-06-30 20:53 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-07-12 10:47 - 2016-06-30 20:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-07-12 10:47 - 2016-06-30 20:52 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10_1.dll
2016-07-12 10:47 - 2016-06-30 20:50 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-07-12 10:47 - 2016-06-30 20:50 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShServiceObj.dll
2016-07-12 10:47 - 2016-06-30 20:49 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-07-12 10:47 - 2016-06-30 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-07-12 10:47 - 2016-06-30 20:48 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-07-12 10:47 - 2016-06-30 20:47 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-07-12 10:47 - 2016-06-30 20:47 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-07-12 10:47 - 2016-06-30 20:47 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-07-12 10:47 - 2016-06-30 20:47 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-07-12 10:47 - 2016-06-30 20:47 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-07-12 10:47 - 2016-06-30 20:47 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-07-12 10:47 - 2016-06-30 20:45 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-07-12 10:47 - 2016-06-30 20:45 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-07-12 10:47 - 2016-06-30 20:44 - 00276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2016-07-12 10:47 - 2016-06-30 20:43 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-07-12 10:47 - 2016-06-30 20:43 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-07-12 10:47 - 2016-06-30 20:42 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-07-12 10:47 - 2016-06-30 20:42 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2016-07-12 10:47 - 2016-06-30 20:42 - 01434112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-07-12 10:47 - 2016-06-30 20:42 - 01240064 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10.dll
2016-07-12 10:47 - 2016-06-30 20:42 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-07-12 10:47 - 2016-06-30 20:42 - 00697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-07-12 10:47 - 2016-06-30 20:42 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-07-12 10:47 - 2016-06-30 20:41 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-07-12 10:47 - 2016-06-30 20:41 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-07-12 10:47 - 2016-06-30 20:41 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-07-12 10:47 - 2016-06-30 20:41 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-07-12 10:47 - 2016-06-30 20:41 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-07-12 10:47 - 2016-06-30 20:41 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2016-07-12 10:47 - 2016-06-30 20:41 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-07-12 10:47 - 2016-06-30 20:40 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-07-12 10:47 - 2016-06-30 20:40 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-07-12 10:47 - 2016-06-30 20:40 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-07-12 10:47 - 2016-06-30 20:39 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-07-12 10:47 - 2016-06-30 20:39 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-07-12 10:47 - 2016-06-30 20:39 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-07-12 10:47 - 2016-06-30 20:39 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-07-12 10:47 - 2016-06-30 20:38 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-07-12 10:47 - 2016-06-30 20:38 - 01671168 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-07-12 10:47 - 2016-06-30 20:38 - 01063936 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-07-12 10:47 - 2016-06-30 20:38 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-07-12 10:47 - 2016-06-30 20:37 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-07-12 10:47 - 2016-06-30 20:37 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-07-12 10:47 - 2016-06-30 20:37 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-07-12 10:47 - 2016-06-30 20:36 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-07-12 10:47 - 2016-06-30 20:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-07-12 10:47 - 2016-06-30 20:34 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-07-12 10:47 - 2016-06-30 20:34 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-07-12 10:47 - 2016-06-30 20:33 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShServiceObj.dll
2016-07-12 10:47 - 2016-06-30 20:32 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-07-12 10:47 - 2016-06-30 20:32 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-07-12 10:47 - 2016-06-30 20:31 - 19347968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-07-12 10:47 - 2016-06-30 20:31 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-07-12 10:47 - 2016-06-30 20:31 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StikyNot.exe
2016-07-12 10:47 - 2016-06-30 20:30 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-07-12 10:47 - 2016-06-30 20:30 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-07-12 10:47 - 2016-06-30 20:30 - 00546816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-07-12 10:47 - 2016-06-30 20:30 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3ui.dll
2016-07-12 10:47 - 2016-06-30 20:29 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-07-12 10:47 - 2016-06-30 20:29 - 03589632 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-07-12 10:47 - 2016-06-30 20:29 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-07-12 10:47 - 2016-06-30 20:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-07-12 10:47 - 2016-06-30 20:29 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2016-07-12 10:47 - 2016-06-30 20:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-07-12 10:47 - 2016-06-30 20:29 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2016-07-12 10:47 - 2016-06-30 20:28 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2016-07-12 10:47 - 2016-06-30 20:27 - 01729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-07-12 10:47 - 2016-06-30 20:27 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2016-07-12 10:47 - 2016-06-30 20:27 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2016-07-12 10:47 - 2016-06-30 20:27 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-07-12 10:47 - 2016-06-30 20:27 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-12 10:47 - 2016-06-30 20:27 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-07-12 10:47 - 2016-06-30 20:26 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-07-12 10:47 - 2016-06-30 20:26 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-07-12 10:47 - 2016-06-30 20:26 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-07-12 10:47 - 2016-06-30 20:26 - 03026944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-07-12 10:47 - 2016-06-30 20:26 - 01755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2016-07-12 10:47 - 2016-06-30 20:26 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2016-07-12 10:47 - 2016-06-30 20:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-07-12 10:47 - 2016-06-30 20:25 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-07-12 10:47 - 2016-06-30 20:25 - 01121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-07-12 10:47 - 2016-06-30 20:25 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-07-12 10:47 - 2016-06-30 20:25 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-07-12 10:47 - 2016-06-30 20:25 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-07-12 10:47 - 2016-06-30 20:25 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-07-12 10:47 - 2016-06-30 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-07-12 10:47 - 2016-06-30 20:24 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-07-12 10:47 - 2016-06-30 20:24 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-07-12 10:47 - 2016-06-30 20:24 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-07-12 10:47 - 2016-06-30 20:23 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-07-12 10:47 - 2016-06-30 20:22 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-07-12 10:47 - 2016-06-30 20:22 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-07-12 10:47 - 2016-06-30 20:21 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2016-07-12 10:47 - 2016-06-30 20:20 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-07-12 10:47 - 2016-06-30 20:19 - 01987072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-07-12 10:47 - 2016-06-30 20:18 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-07-12 10:47 - 2016-06-30 20:18 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-07-12 10:47 - 2016-06-30 20:15 - 02102272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2016-07-12 10:47 - 2016-06-30 20:14 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-07-12 10:47 - 2016-06-30 20:13 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-07-12 10:47 - 2016-06-30 20:13 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-07-12 10:47 - 2016-06-30 20:09 - 02632192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-07-12 10:47 - 2016-06-30 20:08 - 01976832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2016-07-12 10:47 - 2016-06-30 20:08 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-07-12 10:46 - 2016-06-30 22:30 - 00587456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-07-12 10:46 - 2016-06-30 21:50 - 00037232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-07-12 10:46 - 2016-06-30 21:48 - 01238584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2016-07-12 10:46 - 2016-06-30 21:43 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-07-12 10:46 - 2016-06-30 21:38 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-07-12 10:46 - 2016-06-30 21:35 - 01554152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-07-12 10:46 - 2016-06-30 21:35 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-07-12 10:46 - 2016-06-30 21:35 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-07-12 10:46 - 2016-06-30 21:35 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-07-12 10:46 - 2016-06-30 21:34 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-07-12 10:46 - 2016-06-30 21:34 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-07-12 10:46 - 2016-06-30 21:33 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-07-12 10:46 - 2016-06-30 21:33 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-07-12 10:46 - 2016-06-30 21:33 - 00566104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-07-12 10:46 - 2016-06-30 21:33 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-07-12 10:46 - 2016-06-30 21:33 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-07-12 10:46 - 2016-06-30 21:32 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-07-12 10:46 - 2016-06-30 21:32 - 00106928 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2016-07-12 10:46 - 2016-06-30 21:31 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-07-12 10:46 - 2016-06-30 21:31 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-07-12 10:46 - 2016-06-30 21:31 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-07-12 10:46 - 2016-06-30 21:24 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-07-12 10:46 - 2016-06-30 21:23 - 01349640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-07-12 10:46 - 2016-06-30 21:21 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-07-12 10:46 - 2016-06-30 21:20 - 00503600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-07-12 10:46 - 2016-06-30 21:20 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-07-12 10:46 - 2016-06-30 21:20 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-07-12 10:46 - 2016-06-30 21:19 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-07-12 10:46 - 2016-06-30 21:19 - 01355336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2016-07-12 10:46 - 2016-06-30 21:18 - 00064584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2016-07-12 10:46 - 2016-06-30 21:12 - 01866104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-07-12 10:46 - 2016-06-30 21:03 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-07-12 10:46 - 2016-06-30 21:00 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-07-12 10:46 - 2016-06-30 20:59 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-07-12 10:46 - 2016-06-30 20:58 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-07-12 10:46 - 2016-06-30 20:58 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2016-07-12 10:46 - 2016-06-30 20:57 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe
2016-07-12 10:46 - 2016-06-30 20:56 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-07-12 10:46 - 2016-06-30 20:55 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-07-12 10:46 - 2016-06-30 20:54 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-07-12 10:46 - 2016-06-30 20:54 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-07-12 10:46 - 2016-06-30 20:53 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-07-12 10:46 - 2016-06-30 20:53 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-07-12 10:46 - 2016-06-30 20:52 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-07-12 10:46 - 2016-06-30 20:52 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-07-12 10:46 - 2016-06-30 20:52 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2016-07-12 10:46 - 2016-06-30 20:51 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-07-12 10:46 - 2016-06-30 20:51 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-07-12 10:46 - 2016-06-30 20:50 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-07-12 10:46 - 2016-06-30 20:50 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-07-12 10:46 - 2016-06-30 20:50 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FingerprintEnrollment.dll
2016-07-12 10:46 - 2016-06-30 20:49 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Maps.dll
2016-07-12 10:46 - 2016-06-30 20:49 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-07-12 10:46 - 2016-06-30 20:48 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-07-12 10:46 - 2016-06-30 20:48 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-07-12 10:46 - 2016-06-30 20:48 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-07-12 10:46 - 2016-06-30 20:48 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WmpDui.dll
2016-07-12 10:46 - 2016-06-30 20:48 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2016-07-12 10:46 - 2016-06-30 20:48 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-07-12 10:46 - 2016-06-30 20:47 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-07-12 10:46 - 2016-06-30 20:47 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-07-12 10:46 - 2016-06-30 20:47 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2016-07-12 10:46 - 2016-06-30 20:47 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-07-12 10:46 - 2016-06-30 20:47 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-07-12 10:46 - 2016-06-30 20:47 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-07-12 10:46 - 2016-06-30 20:47 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2016-07-12 10:46 - 2016-06-30 20:47 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-07-12 10:46 - 2016-06-30 20:47 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-07-12 10:46 - 2016-06-30 20:46 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-07-12 10:46 - 2016-06-30 20:46 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2016-07-12 10:46 - 2016-06-30 20:45 - 00619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-07-12 10:46 - 2016-06-30 20:45 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-07-12 10:46 - 2016-06-30 20:45 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2016-07-12 10:46 - 2016-06-30 20:45 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-07-12 10:46 - 2016-06-30 20:45 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-07-12 10:46 - 2016-06-30 20:45 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-07-12 10:46 - 2016-06-30 20:45 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2016-07-12 10:46 - 2016-06-30 20:45 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2016-07-12 10:46 - 2016-06-30 20:45 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2016-07-12 10:46 - 2016-06-30 20:45 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2016-07-12 10:46 - 2016-06-30 20:45 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2016-07-12 10:46 - 2016-06-30 20:44 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-07-12 10:46 - 2016-06-30 20:44 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-07-12 10:46 - 2016-06-30 20:44 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-07-12 10:46 - 2016-06-30 20:44 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-07-12 10:46 - 2016-06-30 20:44 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2016-07-12 10:46 - 2016-06-30 20:44 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2016-07-12 10:46 - 2016-06-30 20:44 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-07-12 10:46 - 2016-06-30 20:44 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00992256 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WLanConn.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-07-12 10:46 - 2016-06-30 20:43 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-07-12 10:46 - 2016-06-30 20:43 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2016-07-12 10:46 - 2016-06-30 20:42 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-07-12 10:46 - 2016-06-30 20:42 - 02012672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2016-07-12 10:46 - 2016-06-30 20:42 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-07-12 10:46 - 2016-06-30 20:42 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-07-12 10:46 - 2016-06-30 20:42 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-07-12 10:46 - 2016-06-30 20:42 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-07-12 10:46 - 2016-06-30 20:42 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-07-12 10:46 - 2016-06-30 20:42 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-07-12 10:46 - 2016-06-30 20:41 - 01159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2016-07-12 10:46 - 2016-06-30 20:41 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-07-12 10:46 - 2016-06-30 20:41 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-07-12 10:46 - 2016-06-30 20:41 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-07-12 10:46 - 2016-06-30 20:41 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-07-12 10:46 - 2016-06-30 20:41 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-07-12 10:46 - 2016-06-30 20:41 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-07-12 10:46 - 2016-06-30 20:40 - 02731008 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-07-12 10:46 - 2016-06-30 20:40 - 02103296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-07-12 10:46 - 2016-06-30 20:40 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-07-12 10:46 - 2016-06-30 20:40 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-07-12 10:46 - 2016-06-30 20:40 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-07-12 10:46 - 2016-06-30 20:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2016-07-12 10:46 - 2016-06-30 20:40 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-07-12 10:46 - 2016-06-30 20:40 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-07-12 10:46 - 2016-06-30 20:39 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-07-12 10:46 - 2016-06-30 20:39 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-07-12 10:46 - 2016-06-30 20:38 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-07-12 10:46 - 2016-06-30 20:38 - 01443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagperf.dll
2016-07-12 10:46 - 2016-06-30 20:38 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2016-07-12 10:46 - 2016-06-30 20:38 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-07-12 10:46 - 2016-06-30 20:38 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IconCodecService.dll
2016-07-12 10:46 - 2016-06-30 20:37 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-07-12 10:46 - 2016-06-30 20:37 - 00638976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-07-12 10:46 - 2016-06-30 20:36 - 03415040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-07-12 10:46 - 2016-06-30 20:36 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2016-07-12 10:46 - 2016-06-30 20:35 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2016-07-12 10:46 - 2016-06-30 20:34 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-07-12 10:46 - 2016-06-30 20:34 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-07-12 10:46 - 2016-06-30 20:34 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2016-07-12 10:46 - 2016-06-30 20:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-07-12 10:46 - 2016-06-30 20:33 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-07-12 10:46 - 2016-06-30 20:33 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-07-12 10:46 - 2016-06-30 20:33 - 06675968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-07-12 10:46 - 2016-06-30 20:33 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2016-07-12 10:46 - 2016-06-30 20:33 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2016-07-12 10:46 - 2016-06-30 20:32 - 02563584 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-07-12 10:46 - 2016-06-30 20:32 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-07-12 10:46 - 2016-06-30 20:31 - 00994816 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2016-07-12 10:46 - 2016-06-30 20:31 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-07-12 10:46 - 2016-06-30 20:31 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WmpDui.dll
2016-07-12 10:46 - 2016-06-30 20:30 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-07-12 10:46 - 2016-06-30 20:30 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-07-12 10:46 - 2016-06-30 20:30 - 00849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-07-12 10:46 - 2016-06-30 20:30 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2016-07-12 10:46 - 2016-06-30 20:30 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-07-12 10:46 - 2016-06-30 20:30 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-07-12 10:46 - 2016-06-30 20:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-07-12 10:46 - 2016-06-30 20:29 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-07-12 10:46 - 2016-06-30 20:29 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-07-12 10:46 - 2016-06-30 20:29 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2016-07-12 10:46 - 2016-06-30 20:29 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-07-12 10:46 - 2016-06-30 20:28 - 03577344 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-07-12 10:46 - 2016-06-30 20:28 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-07-12 10:46 - 2016-06-30 20:28 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2016-07-12 10:46 - 2016-06-30 20:28 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2016-07-12 10:46 - 2016-06-30 20:28 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-07-12 10:46 - 2016-06-30 20:28 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-07-12 10:46 - 2016-06-30 20:28 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2016-07-12 10:46 - 2016-06-30 20:28 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2016-07-12 10:46 - 2016-06-30 20:27 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-07-12 10:46 - 2016-06-30 20:27 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-07-12 10:46 - 2016-06-30 20:27 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-07-12 10:46 - 2016-06-30 20:27 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2016-07-12 10:46 - 2016-06-30 20:27 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2016-07-12 10:46 - 2016-06-30 20:27 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2016-07-12 10:46 - 2016-06-30 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-07-12 10:46 - 2016-06-30 20:26 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-07-12 10:46 - 2016-06-30 20:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2016-07-12 10:46 - 2016-06-30 20:26 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-07-12 10:46 - 2016-06-30 20:26 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2016-07-12 10:46 - 2016-06-30 20:26 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-07-12 10:46 - 2016-06-30 20:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-07-12 10:46 - 2016-06-30 20:26 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-07-12 10:46 - 2016-06-30 20:26 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2016-07-12 10:46 - 2016-06-30 20:25 - 02745856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-07-12 10:46 - 2016-06-30 20:25 - 01508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2016-07-12 10:46 - 2016-06-30 20:25 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-07-12 10:46 - 2016-06-30 20:25 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-07-12 10:46 - 2016-06-30 20:25 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-07-12 10:46 - 2016-06-30 20:25 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-07-12 10:46 - 2016-06-30 20:25 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2016-07-12 10:46 - 2016-06-30 20:24 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-07-12 10:46 - 2016-06-30 20:24 - 01487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2016-07-12 10:46 - 2016-06-30 20:24 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-07-12 10:46 - 2016-06-30 20:24 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-07-12 10:46 - 2016-06-30 20:24 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2016-07-12 10:46 - 2016-06-30 20:24 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2016-07-12 10:46 - 2016-06-30 20:23 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-07-12 10:46 - 2016-06-30 20:23 - 03301376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2016-07-12 10:46 - 2016-06-30 20:23 - 02578432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-07-12 10:46 - 2016-06-30 20:23 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-07-12 10:46 - 2016-06-30 20:23 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-07-12 10:46 - 2016-06-30 20:23 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2016-07-12 10:46 - 2016-06-30 20:23 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-07-12 10:46 - 2016-06-30 20:23 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-07-12 10:46 - 2016-06-30 20:23 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2016-07-12 10:46 - 2016-06-30 20:23 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-07-12 10:46 - 2016-06-30 20:22 - 03053568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-07-12 10:46 - 2016-06-30 20:22 - 00965120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-07-12 10:46 - 2016-06-30 20:21 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-07-12 10:46 - 2016-06-30 20:21 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-07-12 10:46 - 2016-06-30 20:21 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2016-07-12 10:46 - 2016-06-30 20:19 - 06471168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-07-12 10:46 - 2016-06-30 20:19 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-07-12 10:46 - 2016-06-30 20:19 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2016-07-12 10:46 - 2016-06-30 20:19 - 00581632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-07-12 10:46 - 2016-06-30 20:19 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-07-12 10:46 - 2016-06-30 20:17 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-07-12 10:46 - 2016-06-30 20:17 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-07-12 10:46 - 2016-06-30 20:16 - 02771968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2016-07-12 10:46 - 2016-06-30 20:16 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2016-07-12 10:46 - 2016-06-30 20:15 - 04413440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-07-12 10:46 - 2016-06-30 20:15 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-07-12 10:46 - 2016-06-30 20:15 - 02217984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2016-07-12 10:46 - 2016-06-30 20:15 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-07-12 10:46 - 2016-06-30 20:15 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-07-12 10:46 - 2016-06-30 20:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2016-07-12 10:46 - 2016-06-30 20:14 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-07-12 10:46 - 2016-06-30 20:13 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2016-07-12 10:46 - 2016-06-30 20:13 - 02519552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-07-12 10:46 - 2016-06-30 20:12 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-07-12 10:46 - 2016-06-30 20:11 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-07-12 10:45 - 2016-06-30 22:30 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-07-12 10:45 - 2016-06-30 22:30 - 01223872 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-07-12 10:45 - 2016-06-30 22:30 - 00559808 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-07-12 10:45 - 2016-06-30 22:30 - 00310464 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-07-12 10:45 - 2016-06-30 22:30 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-07-12 10:45 - 2016-06-30 22:30 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-07-12 10:45 - 2016-06-30 21:49 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-07-12 10:45 - 2016-06-30 21:48 - 02656408 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 10:45 - 2016-06-30 21:45 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-07-12 10:45 - 2016-06-30 21:43 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-07-12 10:45 - 2016-06-30 21:39 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-07-12 10:45 - 2016-06-30 21:38 - 01083656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2016-07-12 10:45 - 2016-06-30 21:38 - 00256192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-07-12 10:45 - 2016-06-30 21:38 - 00032552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-07-12 10:45 - 2016-06-30 21:33 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-07-12 10:45 - 2016-06-30 21:32 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-07-12 10:45 - 2016-06-30 21:32 - 06536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-07-12 10:45 - 2016-06-30 21:32 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-07-12 10:45 - 2016-06-30 21:32 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2016-07-12 10:45 - 2016-06-30 21:23 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-07-12 10:45 - 2016-06-30 21:23 - 00925576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-07-12 10:45 - 2016-06-30 21:23 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-07-12 10:45 - 2016-06-30 21:23 - 00451936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-07-12 10:45 - 2016-06-30 21:21 - 28851224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2016-07-12 10:45 - 2016-06-30 21:21 - 02403168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-07-12 10:45 - 2016-06-30 21:21 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-07-12 10:45 - 2016-06-30 21:20 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-07-12 10:45 - 2016-06-30 21:19 - 00569752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-07-12 10:45 - 2016-06-30 21:17 - 01536600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-07-12 10:45 - 2016-06-30 21:12 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-07-12 10:45 - 2016-06-30 21:11 - 00521152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-07-12 10:45 - 2016-06-30 21:10 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-07-12 10:45 - 2016-06-30 21:07 - 28083144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2016-07-12 10:45 - 2016-06-30 21:03 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-07-12 10:45 - 2016-06-30 20:56 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-07-12 10:45 - 2016-06-30 20:55 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-07-12 10:45 - 2016-06-30 20:55 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IconCodecService.dll
2016-07-12 10:45 - 2016-06-30 20:54 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2016-07-12 10:45 - 2016-06-30 20:53 - 01567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-07-12 10:45 - 2016-06-30 20:53 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-07-12 10:45 - 2016-06-30 20:52 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-07-12 10:45 - 2016-06-30 20:52 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-07-12 10:45 - 2016-06-30 20:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-07-12 10:45 - 2016-06-30 20:51 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2016-07-12 10:45 - 2016-06-30 20:50 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-07-12 10:45 - 2016-06-30 20:50 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-07-12 10:45 - 2016-06-30 20:50 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-07-12 10:45 - 2016-06-30 20:50 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-07-12 10:45 - 2016-06-30 20:48 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-07-12 10:45 - 2016-06-30 20:48 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-07-12 10:45 - 2016-06-30 20:48 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2016-07-12 10:45 - 2016-06-30 20:48 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-07-12 10:45 - 2016-06-30 20:47 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-07-12 10:45 - 2016-06-30 20:47 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-07-12 10:45 - 2016-06-30 20:47 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmdskmgr.dll
2016-07-12 10:45 - 2016-06-30 20:46 - 00565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-07-12 10:45 - 2016-06-30 20:46 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2016-07-12 10:45 - 2016-06-30 20:46 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll
2016-07-12 10:45 - 2016-06-30 20:46 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2016-07-12 10:45 - 2016-06-30 20:45 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-07-12 10:45 - 2016-06-30 20:45 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-07-12 10:45 - 2016-06-30 20:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-07-12 10:45 - 2016-06-30 20:44 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-07-12 10:45 - 2016-06-30 20:44 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-12 10:45 - 2016-06-30 20:43 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-07-12 10:45 - 2016-06-30 20:43 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-07-12 10:45 - 2016-06-30 20:43 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-07-12 10:45 - 2016-06-30 20:42 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-07-12 10:45 - 2016-06-30 20:42 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-07-12 10:45 - 2016-06-30 20:41 - 01037824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2016-07-12 10:45 - 2016-06-30 20:41 - 01001472 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-07-12 10:45 - 2016-06-30 20:41 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-07-12 10:45 - 2016-06-30 20:41 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-07-12 10:45 - 2016-06-30 20:41 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2016-07-12 10:45 - 2016-06-30 20:41 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-07-12 10:45 - 2016-06-30 20:40 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-07-12 10:45 - 2016-06-30 20:40 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2016-07-12 10:45 - 2016-06-30 20:39 - 01872896 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-07-12 10:45 - 2016-06-30 20:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2016-07-12 10:45 - 2016-06-30 20:37 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-07-12 10:45 - 2016-06-30 20:37 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2016-07-12 10:45 - 2016-06-30 20:36 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-07-12 10:45 - 2016-06-30 20:36 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-07-12 10:45 - 2016-06-30 20:34 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2016-07-12 10:45 - 2016-06-30 20:32 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-07-12 10:45 - 2016-06-30 20:32 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2016-07-12 10:45 - 2016-06-30 20:32 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-07-12 10:45 - 2016-06-30 20:32 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2016-07-12 10:45 - 2016-06-30 20:31 - 01385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-07-12 10:45 - 2016-06-30 20:31 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-07-12 10:45 - 2016-06-30 20:31 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-07-12 10:45 - 2016-06-30 20:31 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2016-07-12 10:45 - 2016-06-30 20:31 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-07-12 10:45 - 2016-06-30 20:30 - 02902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2016-07-12 10:45 - 2016-06-30 20:30 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-07-12 10:45 - 2016-06-30 20:30 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-07-12 10:45 - 2016-06-30 20:30 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-07-12 10:45 - 2016-06-30 20:30 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2016-07-12 10:45 - 2016-06-30 20:29 - 04646912 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2016-07-12 10:45 - 2016-06-30 20:28 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-07-12 10:45 - 2016-06-30 20:28 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2016-07-12 10:45 - 2016-06-30 20:28 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2016-07-12 10:45 - 2016-06-30 20:27 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-07-12 10:45 - 2016-06-30 20:27 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-07-12 10:45 - 2016-06-30 20:27 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-07-12 10:45 - 2016-06-30 20:27 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-07-12 10:45 - 2016-06-30 20:27 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2016-07-12 10:45 - 2016-06-30 20:27 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-07-12 10:45 - 2016-06-30 20:26 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-07-12 10:45 - 2016-06-30 20:26 - 01063936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-07-12 10:45 - 2016-06-30 20:26 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-07-12 10:45 - 2016-06-30 20:26 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2016-07-12 10:45 - 2016-06-30 20:25 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-07-12 10:45 - 2016-06-30 20:25 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-07-12 10:45 - 2016-06-30 20:25 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2016-07-12 10:45 - 2016-06-30 20:25 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2016-07-12 10:45 - 2016-06-30 20:25 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2016-07-12 10:45 - 2016-06-30 20:24 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-07-12 10:45 - 2016-06-30 20:24 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-07-12 10:45 - 2016-06-30 20:23 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2016-07-12 10:45 - 2016-06-30 20:23 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-07-12 10:45 - 2016-06-30 20:21 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-07-12 10:45 - 2016-06-30 20:20 - 03555840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2016-07-12 10:45 - 2016-06-30 20:20 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-07-12 10:45 - 2016-06-30 20:20 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-07-12 10:45 - 2016-06-30 20:18 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-07-12 10:45 - 2016-06-30 20:16 - 02062336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-07-12 10:45 - 2016-06-30 20:15 - 03459584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2016-07-12 10:45 - 2016-06-30 20:15 - 02679808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-07-12 10:45 - 2016-06-30 20:15 - 02501632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-07-12 10:45 - 2016-06-30 20:15 - 01626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-07-12 10:45 - 2016-06-30 20:14 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-07-12 10:45 - 2016-06-30 20:14 - 01498624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-07-12 10:45 - 2016-06-30 20:14 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-07-12 10:45 - 2016-06-30 20:13 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-07-12 10:45 - 2016-06-30 20:13 - 00835072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-07-12 10:45 - 2016-06-30 20:12 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-07-12 10:45 - 2016-06-30 20:08 - 00879616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2016-07-12 10:44 - 2016-06-30 21:49 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-07-12 10:44 - 2016-06-30 21:49 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-07-12 10:44 - 2016-06-30 21:49 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-07-12 10:44 - 2016-06-30 21:49 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-07-12 10:44 - 2016-06-30 21:49 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-07-12 10:44 - 2016-06-30 21:32 - 01040800 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-07-12 10:44 - 2016-06-30 21:24 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-07-12 10:44 - 2016-06-30 21:23 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-07-12 10:44 - 2016-06-30 21:23 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-07-12 10:44 - 2016-06-30 21:19 - 00836760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2016-07-12 10:44 - 2016-06-30 20:55 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LegacyNetUX.dll
2016-07-12 10:44 - 2016-06-30 20:52 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-07-12 10:44 - 2016-06-30 20:50 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2016-07-12 10:44 - 2016-06-30 20:50 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2016-07-12 10:44 - 2016-06-30 20:49 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LegacyNetUXHost.exe
2016-07-12 10:44 - 2016-06-30 20:47 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3ui.dll
2016-07-12 10:44 - 2016-06-30 20:47 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-07-12 10:44 - 2016-06-30 20:46 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2016-07-12 10:44 - 2016-06-30 20:45 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-07-12 10:44 - 2016-06-30 20:44 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2016-07-12 10:44 - 2016-06-30 20:44 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-07-12 10:44 - 2016-06-30 20:43 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2016-07-12 10:44 - 2016-06-30 20:43 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2016-07-12 10:44 - 2016-06-30 20:43 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2016-07-12 10:44 - 2016-06-30 20:42 - 00651776 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2016-07-12 10:44 - 2016-06-30 20:42 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-07-12 10:44 - 2016-06-30 20:42 - 00429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2016-07-12 10:44 - 2016-06-30 20:42 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2016-07-12 10:44 - 2016-06-30 20:42 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-07-12 10:44 - 2016-06-30 20:41 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-07-12 10:44 - 2016-06-30 20:41 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2016-07-12 10:44 - 2016-06-30 20:40 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2016-07-12 10:44 - 2016-06-30 20:40 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-07-12 10:44 - 2016-06-30 20:39 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-07-12 10:44 - 2016-06-30 20:38 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2016-07-12 10:44 - 2016-06-30 20:36 - 02445312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-07-12 10:44 - 2016-06-30 20:34 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-07-12 10:44 - 2016-06-30 20:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-07-12 10:44 - 2016-06-30 20:31 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-07-12 10:44 - 2016-06-30 20:31 - 00882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-07-12 10:44 - 2016-06-30 20:30 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2016-07-12 10:44 - 2016-06-30 20:30 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmdskmgr.dll
2016-07-12 10:44 - 2016-06-30 20:30 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-07-12 10:44 - 2016-06-30 20:29 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-07-12 10:44 - 2016-06-30 20:29 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-07-12 10:44 - 2016-06-30 20:29 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-07-12 10:44 - 2016-06-30 20:29 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2016-07-12 10:44 - 2016-06-30 20:28 - 03046400 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2016-07-12 10:44 - 2016-06-30 20:28 - 00442880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-07-12 10:44 - 2016-06-30 20:27 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2016-07-12 10:44 - 2016-06-30 20:26 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WLanConn.dll
2016-07-12 10:44 - 2016-06-30 20:25 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-07-12 10:44 - 2016-06-30 20:25 - 01228800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-07-12 10:44 - 2016-06-30 20:25 - 00645632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll
2016-07-12 10:44 - 2016-06-30 20:25 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2016-07-12 10:44 - 2016-06-30 20:24 - 04404736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-07-12 10:44 - 2016-06-30 20:24 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-07-12 10:44 - 2016-06-30 20:23 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-07-12 10:44 - 2016-06-30 20:18 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2016-07-12 10:44 - 2016-06-30 20:08 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-07-12 10:44 - 2016-06-28 04:20 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-07 02:25 - 2012-08-25 01:39 - 00000328 _____ C:\WINDOWS\system32\checkdnsid.xml
2016-08-07 02:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-07 02:22 - 2012-09-28 19:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-07 02:20 - 2012-08-24 23:17 - 00000380 _____ C:\Users\Clyde\AppData\Roaming\sp_data.sys
2016-08-06 20:07 - 2012-02-18 00:37 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-06 19:57 - 2012-11-03 22:52 - 00000928 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3110895061-1688022509-3107457843-1001UA.job
2016-08-06 14:34 - 2012-06-25 04:38 - 00000830 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-08-06 11:07 - 2012-02-18 00:37 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-06 02:00 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-02 02:17 - 2016-05-18 04:06 - 00000000 ____D C:\Users\Clyde\AppData\Roaming\Curse Client
2016-08-01 21:22 - 2012-09-01 19:30 - 00000000 ____D C:\Users\Clyde\AppData\Roaming\Skype
2016-07-31 06:34 - 2012-09-01 19:29 - 00000000 ____D C:\ProgramData\Skype
2016-07-31 06:33 - 2015-12-26 05:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-31 06:33 - 2014-07-11 01:09 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-07-31 06:30 - 2012-06-25 04:38 - 00000828 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-07-31 06:28 - 2016-05-27 03:19 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-31 06:28 - 2016-02-13 06:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-30 18:37 - 2016-05-27 04:10 - 00000000 ____D C:\Windows.old
2016-07-27 12:25 - 2012-08-25 00:34 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-24 21:44 - 2014-06-29 17:44 - 00000152 _____ C:\Users\Clyde\Desktop\the list.txt
2016-07-19 07:02 - 2016-05-27 03:21 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-19 07:02 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-17 22:57 - 2012-11-03 22:52 - 00000906 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3110895061-1688022509-3107457843-1001Core.job
2016-07-14 03:22 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-14 03:22 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-13 11:34 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-13 07:05 - 2016-05-27 03:24 - 00000000 ____D C:\Users\Clyde
2016-07-13 07:05 - 2016-02-13 06:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-13 05:34 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-07-13 05:34 - 2013-03-13 12:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-13 05:34 - 2013-03-13 12:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-13 05:34 - 2012-08-25 01:53 - 00525562 _____ C:\bdlog.txt
2016-07-13 05:32 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-07-13 05:32 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-07-13 05:31 - 2016-02-13 06:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-13 05:31 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-07-13 05:31 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-07-13 05:31 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-07-13 05:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-07-13 05:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-13 05:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-07-13 05:31 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-13 05:31 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-13 05:31 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-07-13 05:31 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-07-13 02:03 - 2013-07-23 03:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 01:57 - 2012-08-25 01:12 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2012-08-24 23:17 - 2016-08-07 02:20 - 0000380 _____ () C:\Users\Clyde\AppData\Roaming\sp_data.sys
2012-06-25 04:51 - 2012-06-25 04:52 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-06-25 04:50 - 2012-06-25 04:51 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-06-25 04:50 - 2012-06-25 04:50 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3110895061-1688022509-3107457843-1001\$cb71d2beb615abc3f0b2331bd505f383
 
Some files in TEMP:
====================
C:\Users\Clyde\AppData\Local\Temp\swLqRN.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-07 04:53
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Clyde (2016-08-07 02:27:38)
Running from C:\Users\Clyde\Downloads
Windows 10 Home Version 1511 (X64) (2016-05-27 10:48:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3110895061-1688022509-3107457843-500 - Administrator - Disabled)
Clyde (S-1-5-21-3110895061-1688022509-3107457843-1001 - Administrator - Enabled) => C:\Users\Clyde
DefaultAccount (S-1-5-21-3110895061-1688022509-3107457843-503 - Limited - Disabled)
Guest (S-1-5-21-3110895061-1688022509-3107457843-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3110895061-1688022509-3107457843-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.142.60386 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.142.60386 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_G75 Series_ENG (HKLM-x32\...\AsusScr_G75 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Buildbox version 1.0.18 (HKLM-x32\...\{48821C7F-98B9-48F6-B703-8F384F57EE14}_is1) (Version: 1.0.18 - Secret Headquarters, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Dragonica version TEST (HKLM-x32\...\{46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1) (Version: TEST - Gala Networks Europe Ltd.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GameFast (HKLM\...\GameFast_is1) (Version: 1.0.1.1 - ASUSTEK Computer Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
NVIDIA 3D Vision Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Opera 12.10 (HKLM-x32\...\Opera 12.10.1652) (Version: 12.10.1652 - Opera Software ASA)
Opera 12.11 (HKLM-x32\...\Opera 12.11.1661) (Version: 12.11.1661 - Opera Software ASA)
Opera 12.12 (HKLM-x32\...\Opera 12.12.1707) (Version: 12.12.1707 - Opera Software ASA)
Opera 12.13 (HKLM-x32\...\Opera 12.13.1734) (Version: 12.13.1734 - Opera Software ASA)
Opera 12.14 (HKLM-x32\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.23.2817 - Electronic Arts, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rotation Desktop for G Series (HKLM\...\Rotation Desktop for G Series_is1) (Version: 1.1.3.2 - ASUSTEK Computer Inc)
Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.8.58233.4 - Roxio)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.43.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Ultimate Protection Plan (HKLM\...\Ultimate Protection Plan) (Version: 15.0.37 - Ultimate Protection Plan)
Ultimate Protection Plan (Version: 15.0.37 - Ultimate Protection Plan) Hidden
Unity Web Player (HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3110895061-1688022509-3107457843-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Clyde\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {11D9458C-FB82-462F-93D6-3DA2242A616B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {1E5AD80D-34E4-45E1-A87E-FA3246C38743} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {267DD16F-746C-4FF3-A0AD-0EBD7B96A752} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2E11EBBF-E86F-4B0F-A45D-FC8FD1C1AC5F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {2ED919AA-AA40-454B-972C-34FD63038EAE} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {2F644B68-2155-48F4-881F-FE81AA1B3FAB} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {31EFCC11-03C2-4421-81C7-A25F3492D690} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {38B7D34F-EEDC-4CA3-9793-908E2F1324FB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {3B7DDF0A-2725-415E-8AD1-CE58D5ECA216} - System32\Tasks\{44725981-573B-4F92-84E1-F3CB2A6CC1D0} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.10.0.116.259&amp;LastError=12002
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3D9636E6-8AC8-439C-89E7-8B2DF430DB56} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {3FE7C24F-04F3-4E99-936F-8E96D3C9DEBD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {40E70221-74D9-4252-A042-3C29877B4B67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {48548D31-04F3-4CA4-B1D0-68A2BCE999BB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4F7E2C9C-E576-4596-B712-8D38D8036412} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {53B333CA-34FD-43AC-84B0-2CE1363D1044} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {53E341C4-46BE-4003-9309-BA8436188F0A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3110895061-1688022509-3107457843-1001UA => C:\Users\Clyde\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-03] (Facebook Inc.)
Task: {54F72862-E9A2-4F2F-A363-A9097B462BF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {60E334AC-79BB-4EF9-9A27-4F89136A8211} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {665D5989-1A59-419C-9BF5-2F18EE4F76B4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {761F749D-B256-41A1-850F-299B483D07D8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {7A5E6EAB-F9D6-4814-A12B-A139A3983667} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {8CCADAF0-8E6F-4BA3-A735-548693CD63FF} - System32\Tasks\WindowsUpdategedvdk0x8429524 => C:\ProgramData\gedvdk\htnHad.vbs [2016-05-28] ()
Task: {8EB56AE8-3417-49B2-8286-7A2DF88D7352} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {938E205A-A100-4E30-A43E-BDA6A642D910} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {99217E8D-87DC-41B5-AA0F-CC7E57A43F15} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
Task: {A19D01CC-B43D-4DC5-AA14-4F654CC3063E} - System32\Tasks\{71B78313-9B63-44E0-B8A3-2EDEAF3F7C77} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.73.106.456/en/abandoninstall?page=tsWLM
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C1FD254F-059F-4BCC-B6AB-5A6703EAAB56} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {C6C54BB9-04B5-4912-AE03-E5E52158BF63} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CCAC4A7F-6BF6-4699-A5E8-D5CBC334BD82} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3110895061-1688022509-3107457843-1001Core => C:\Users\Clyde\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-03] (Facebook Inc.)
Task: {CE57FA67-A32D-4749-97B7-293486FF06DC} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {D74246E8-CBC2-4A76-A672-1FB272FBC9DA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D799E6D5-CC45-41AE-8411-D880D2411B12} - System32\Tasks\{D94EB73D-D85E-4D1D-899E-D1984DAADC7F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116.259/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {E09B8425-48B7-4FE5-B540-DAF7986CBC82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {E29D9401-1C85-49DE-A79A-264E333333FA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E497FA32-887C-4FBD-998F-D5E078542804} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2012-03-09] (ASUSTek Computer Inc.)
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FCC15DC5-AB69-4EF9-8064-7BDAB30DBD75} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3110895061-1688022509-3107457843-1001Core.job => C:\Users\Clyde\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3110895061-1688022509-3107457843-1001UA.job => C:\Users\Clyde\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-27 03:19 - 2015-07-13 10:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-25 04:48 - 2011-03-27 13:23 - 00113840 _____ () C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
2012-01-23 20:17 - 2012-01-23 20:17 - 00184016 _____ () C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\framework.dll
2011-10-15 00:08 - 2011-10-15 00:08 - 00262832 _____ () C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\txmlutil.dll
2012-01-23 20:18 - 2012-01-23 20:18 - 00144912 _____ () C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\connector.dll
2012-01-23 20:18 - 2012-01-23 20:18 - 00076408 _____ () C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\bdmltusrsrv.dll
2012-12-27 00:41 - 2012-12-27 00:41 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2012-06-25 04:38 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2016-03-03 04:29 - 2016-05-01 22:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-02-15 07:29 - 2016-05-01 22:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-31 01:05 - 2016-05-01 22:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-03 04:29 - 2016-05-01 22:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-31 01:05 - 2016-05-01 22:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-31 01:05 - 2016-05-01 22:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-31 01:05 - 2016-05-01 22:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-15 07:30 - 2016-05-01 22:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-12 10:45 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-01-23 20:40 - 2012-01-23 20:40 - 00160856 _____ () C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\popup.dll
2012-03-23 19:40 - 2012-03-23 19:40 - 00107520 _____ () C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\UI\popup.ui
2012-02-09 13:49 - 2012-02-09 13:49 - 00098544 _____ () C:\Program Files\Ultimate Protection Plan\Ultimate Protection Plan\bdmetrics.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-07-12 10:45 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-28 01:08 - 2016-05-28 01:08 - 00959168 _____ () C:\Users\Clyde\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-05-28 07:49 - 2016-05-28 07:49 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 10:47 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 10:47 - 2016-06-30 20:49 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-07-12 10:45 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 10:45 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 10:45 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 10:45 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2011-05-23 01:04 - 2011-05-23 01:04 - 00084464 _____ () C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
2011-12-23 10:24 - 2011-12-23 10:24 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
2016-05-31 01:05 - 2016-05-01 22:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-31 01:05 - 2016-05-01 22:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-28 07:49 - 2016-05-28 07:49 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-28 07:49 - 2016-05-28 07:49 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-08-01 20:32 - 2016-05-01 23:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-28 01:08 - 2016-05-28 01:08 - 00679624 _____ () C:\Users\Clyde\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2012-01-31 09:25 - 2012-01-31 09:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-02-06 19:32 - 2012-02-06 19:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-02-08 16:55 - 2012-02-08 16:55 - 00131712 _____ () C:\Program Files (x86)\ASUS\AI Recovery\DiskInfo.dll
2012-03-09 12:39 - 2012-03-09 12:39 - 00049792 _____ () C:\Program Files (x86)\ASUS\AI Recovery\RecoveryDVDLang.dll
2012-06-25 04:38 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-01-12 17:17 - 2012-01-12 17:17 - 00204800 _____ () C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
2014-01-20 14:16 - 2014-01-20 14:16 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-12-11 14:08 - 2014-12-05 18:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 14:08 - 2014-12-05 18:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 14:08 - 2014-12-05 18:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 14:08 - 2014-12-05 18:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2011-11-25 13:29 - 2011-11-25 13:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2011-11-25 13:28 - 2011-11-25 13:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-25 13:42 - 2011-11-25 13:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-25 13:26 - 2011-11-25 13:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 16:05 - 2011-07-19 16:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 20:17 - 2011-08-15 20:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 16:04 - 2011-07-19 16:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
2015-07-21 15:20 - 2015-07-13 10:14 - 16307888 _____ () C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Clyde\Downloads\353.62-desktop-win8-win7-winvista-64bit-international-whql.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\Buildbox_win.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\chromeinstall-7u21.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\CurseClientSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\GeForce_Experience_v2.5.12.11.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\GlyphInstall-0-160.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\online-download-accelerator_setup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\online-download-accelerator_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\raidcall_v7.3.6.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\setup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\TeamSpeak3-Client-win64-3.0.16.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\uplayermediaplayer-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\audacity-win-2.0.2.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\BR_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\chromeinstall-7u7.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\Diablo III Launcher.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\FacebookVideoCallSetup_v1.2.205.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\TERA-Setup-HC.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\UnityWebPlayer.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\ventrilo-3.0.8-Windows-i386.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\...\sony.com -> sony.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{88C68930-81E5-48F5-8971-4B555DCD921B}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{CE84773C-B183-4B82-B34E-07834E6DAB83}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{F2F22495-2300-4B93-A800-11012CBF2216}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{857FDDA6-33C7-46BB-AF38-732218B82937}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{C2F47C15-A37E-4E10-94E2-EB59DA2C8009}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0D3BF4A1-1BFD-4529-8204-C55A7E7E5519}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{06D5E29F-4BA1-4FA1-B083-41CB56EA5D6F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0FFA18EF-6184-43A0-9180-2C38B0BBBA14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4150A887-7B1C-482A-A67A-1AB6FBE27D45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8365954D-6857-4695-B44A-2419AF0F6545}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5D8BC435-57CA-4004-B867-509B71D6FEC1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{52B39604-F7B7-498D-8288-E592D7832770}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4B1321B2-6F6C-4D1C-BD5F-94838FC3D3EA}] => (Allow) C:\Users\Clyde\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{CBA293C0-AF6F-48A0-9BDC-9DDCA8A627F0}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{63406A1F-0538-4F5F-8E5B-C5433BFA3282}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{27A0A56E-FBA5-4FD6-8480-AE132BD42341}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{331C890E-F190-4D2D-8EC4-07187E8F0F01}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{B5032819-D7D9-4548-BC04-EAD1F34FC667}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{33B6A73A-AC5E-40B4-97A7-B49D7012C4DF}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{BA2C9084-C429-4BC7-8322-1EA2A85103A1}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{2DE1FA16-8105-4B91-8244-62DD841DA4FF}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{1E0E9A8E-2E07-41C9-93E6-634CE5655267}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{9F8E1A08-079F-4547-875F-B00D625EE95F}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{DD9D017E-4B46-42C6-BA7D-DBC3716A5EAA}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{E6E7BA69-93F6-4B47-83E4-F0BC0EE33D43}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{31EFCFD5-5C7F-4B6B-8504-F26E781359F4}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{A1EFA3E7-9938-46F9-B631-E1F3536FA8A0}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{5F507487-0CE6-4836-87F6-BD1D57CFFB92}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{8A7F5B0C-49FA-4E76-AFC4-005AB43BE5EB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{14A511A2-B996-40DE-8682-3A026685C1F0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4F0DD565-9A0D-4220-86E0-671D7BD225C5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0E4A7F13-3179-404B-983D-C65861080238}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B542039E-5A73-4782-A0C5-D341E681BA5E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5D810C91-4B8B-46B3-BB7F-3DF58CDD0D3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{913F811C-C8D9-483E-B9BC-56FAA95E7B98}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEF773F3-ACBE-48D8-887B-BDAEDB45DC01}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{38644560-033A-416D-BFF9-B6619B19FAF0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{33DB49E3-53E6-4334-933E-397BA0CF5E07}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7ED68725-4B23-47E0-A22A-71E429039028}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5FAEA3D0-04C4-48D8-B56A-804C62FC48FA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{739D8E39-AC66-4445-A1F3-2F2365EF372A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{12B16596-73B6-4E60-B731-1DD065A9719C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{D6FE0EBA-88A3-4C70-9983-045FA617FF33}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3702CCD1-6B24-47C3-B746-E9B7B12D39F8}] => (Allow) LPort=1900
FirewallRules: [{5A91AC63-3975-4121-8662-306E9525B30E}] => (Allow) LPort=2869
FirewallRules: [{C0590ADF-92EC-43D3-9E17-09DBE85F6C57}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
 
==================== Restore Points =========================
 
13-07-2016 01:51:24 Windows Update
13-07-2016 01:52:11 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/07/2016 02:20:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22022797
 
Error: (08/07/2016 02:20:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22022797
 
Error: (08/07/2016 02:20:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/06/2016 08:13:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1031
 
Error: (08/06/2016 08:13:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1031
 
Error: (08/06/2016 08:13:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/06/2016 03:16:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172
 
Error: (08/06/2016 03:16:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172
 
Error: (08/06/2016 03:16:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/05/2016 05:58:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1157
 
 
System errors:
=============
Error: (08/03/2016 08:58:56 PM) (Source: DCOM) (EventID: 10016) (User: Clyde-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Clyde-PCClydeS-1-5-21-3110895061-1688022509-3107457843-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (08/03/2016 08:58:56 PM) (Source: DCOM) (EventID: 10016) (User: Clyde-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Clyde-PCClydeS-1-5-21-3110895061-1688022509-3107457843-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (08/02/2016 03:21:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (07/31/2016 06:30:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BitDefender Virus Shield service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (07/31/2016 06:29:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BitDefender Virus Shield service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/31/2016 06:28:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (07/31/2016 06:28:37 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:35:01 AM on ‎7/‎31/‎2016 was unexpected.
 
Error: (07/13/2016 04:16:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.225.1417.0).
 
Error: (07/13/2016 05:36:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BitDefender Virus Shield service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/13/2016 05:35:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
CodeIntegrity:
===================================
  Date: 2016-07-31 02:49:48.366
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-07-31 02:49:48.343
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-07-31 02:49:48.296
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-07-31 02:49:48.271
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-07-31 02:49:48.219
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-07-31 02:49:47.724
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-07-31 02:49:47.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-07-31 02:49:47.663
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-07-31 02:49:21.121
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-07-31 02:49:21.062
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 35%
Total physical RAM: 12247.91 MB
Available physical RAM: 7893.71 MB
Total Virtual: 24535.91 MB
Available Virtual: 19077.29 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:278.98 GB) (Free:79.91 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:393.86 GB) (Free:393.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 527CD163)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,


Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome via control panel .
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

Next

Download the enclosed =>Attached File  fixlist.txt   5.39KB   190 downloads file. Save it in the location FRST64 is.(C:\Users\Clyde\Downloads) Run FRST and click on the Fix button. Wait until finished.
The tool will make a log in the location FRST is,(C:\Users\Clyde\Downloads) (Fixlog.txt). Please post it to your reply.

Next

Please download AdwCleaner by Xplode onto your Desktop.
[list]
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [C1].txt Log
  • The JRT.txt Log






  • 0

#5
LaptopsVSComputers

LaptopsVSComputers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

It won't let me delete google chrome i go to unistall and nothing happens


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Can we follow through with the rest of the instructions then.
  • 0

#7
LaptopsVSComputers

LaptopsVSComputers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Clyde (2016-08-08 14:53:07) Run:1
Running from C:\Users\Clyde\Downloads
Loaded Profiles: Clyde (Available Profiles: Clyde)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3110895061-1688022509-3107457843-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
U0 avc3; no ImagePath
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\$Recycle.Bin\S-1-5-21-3110895061-1688022509-3107457843-1001\$cb71d2beb615abc3f0b2331bd505f383
C:\Users\Clyde\AppData\Local\Temp\swLqRN.exe 
Task: {1E5AD80D-34E4-45E1-A87E-FA3246C38743} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3D9636E6-8AC8-439C-89E7-8B2DF430DB56} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {3FE7C24F-04F3-4E99-936F-8E96D3C9DEBD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {40E70221-74D9-4252-A042-3C29877B4B67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {48548D31-04F3-4CA4-B1D0-68A2BCE999BB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4F7E2C9C-E576-4596-B712-8D38D8036412} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {53B333CA-34FD-43AC-84B0-2CE1363D1044} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {665D5989-1A59-419C-9BF5-2F18EE4F76B4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {761F749D-B256-41A1-850F-299B483D07D8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7A5E6EAB-F9D6-4814-A12B-A139A3983667} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {8EB56AE8-3417-49B2-8286-7A2DF88D7352} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {938E205A-A100-4E30-A43E-BDA6A642D910} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C6C54BB9-04B5-4912-AE03-E5E52158BF63} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D74246E8-CBC2-4A76-A672-1FB272FBC9DA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E29D9401-1C85-49DE-A79A-264E333333FA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Clyde\Downloads\353.62-desktop-win8-win7-winvista-64bit-international-whql.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\Buildbox_win.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\chromeinstall-7u21.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\CurseClientSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\GeForce_Experience_v2.5.12.11.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\GlyphInstall-0-160.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\online-download-accelerator_setup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\online-download-accelerator_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\raidcall_v7.3.6.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\setup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\TeamSpeak3-Client-win64-3.0.16.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Downloads\uplayermediaplayer-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\audacity-win-2.0.2.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\BR_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\chromeinstall-7u7.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\Diablo III Launcher.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\FacebookVideoCallSetup_v1.2.205.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\TERA-Setup-HC.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\UnityWebPlayer.exe:BDU [0]
AlternateDataStreams: C:\Users\Clyde\Documents\ventrilo-3.0.8-Windows-i386.exe:BDU [0]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
avc3 => service removed successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\$Recycle.Bin\S-1-5-21-3110895061-1688022509-3107457843-1001\$cb71d2beb615abc3f0b2331bd505f383 => moved successfully
C:\Users\Clyde\AppData\Local\Temp\swLqRN.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E5AD80D-34E4-45E1-A87E-FA3246C38743}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E5AD80D-34E4-45E1-A87E-FA3246C38743}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D9636E6-8AC8-439C-89E7-8B2DF430DB56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D9636E6-8AC8-439C-89E7-8B2DF430DB56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FE7C24F-04F3-4E99-936F-8E96D3C9DEBD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FE7C24F-04F3-4E99-936F-8E96D3C9DEBD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40E70221-74D9-4252-A042-3C29877B4B67}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40E70221-74D9-4252-A042-3C29877B4B67}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48548D31-04F3-4CA4-B1D0-68A2BCE999BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48548D31-04F3-4CA4-B1D0-68A2BCE999BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F7E2C9C-E576-4596-B712-8D38D8036412}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F7E2C9C-E576-4596-B712-8D38D8036412}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53B333CA-34FD-43AC-84B0-2CE1363D1044}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53B333CA-34FD-43AC-84B0-2CE1363D1044}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{665D5989-1A59-419C-9BF5-2F18EE4F76B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{665D5989-1A59-419C-9BF5-2F18EE4F76B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{761F749D-B256-41A1-850F-299B483D07D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{761F749D-B256-41A1-850F-299B483D07D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A5E6EAB-F9D6-4814-A12B-A139A3983667}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A5E6EAB-F9D6-4814-A12B-A139A3983667}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EB56AE8-3417-49B2-8286-7A2DF88D7352}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EB56AE8-3417-49B2-8286-7A2DF88D7352}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{938E205A-A100-4E30-A43E-BDA6A642D910}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{938E205A-A100-4E30-A43E-BDA6A642D910}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6C54BB9-04B5-4912-AE03-E5E52158BF63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6C54BB9-04B5-4912-AE03-E5E52158BF63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D74246E8-CBC2-4A76-A672-1FB272FBC9DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D74246E8-CBC2-4A76-A672-1FB272FBC9DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E29D9401-1C85-49DE-A79A-264E333333FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E29D9401-1C85-49DE-A79A-264E333333FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
C:\Users\Clyde\Downloads\353.62-desktop-win8-win7-winvista-64bit-international-whql.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\Buildbox_win.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\chromeinstall-7u21.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\CurseClientSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\GeForce_Experience_v2.5.12.11.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\GlyphInstall-0-160.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\online-download-accelerator_setup (1).exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\online-download-accelerator_setup.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\raidcall_v7.3.6.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\setup (1).exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\TeamSpeak3-Client-win64-3.0.16.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Downloads\uplayermediaplayer-setup.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Documents\audacity-win-2.0.2.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Documents\BR_setup.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Documents\chromeinstall-7u7.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Documents\Diablo III Launcher.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Documents\FacebookVideoCallSetup_v1.2.205.0.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Documents\TERA-Setup-HC.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Documents\UnityWebPlayer.exe => ":BDU" ADS removed successfully.
C:\Users\Clyde\Documents\ventrilo-3.0.8-Windows-i386.exe => ":BDU" ADS removed successfully.
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {EE45A63D-8404-4F80-AB03-0A5A3A46F590}.
0 out of 1 jobs canceled.
 
========= End ofCMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End ofCMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End ofCMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1398548 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 74275161 B
Java, Flash, Steam htmlcache => 8229 B
Windows/system/drivers => 85568976 B
Edge => 154631536 B
Chrome => 775557076 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 11006 B
NetworkService => 85368 B
Clyde => 969091883 B
 
RecycleBin => 6117038 B
EmptyTemp: => 1.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:55:55 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by Clyde (Administrator) on Mon 08/08/2016 at 15:23:08.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Users\Clyde\AppData\Local\{A631BA1B-97F4-4A8D-9320-A3C2BA80869C} (Empty Folder)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARINSTALLER_UPDATE-5E96EC0B.pf (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/08/2016 at 15:26:42.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ill try and find the other log but i know when i ran it it said there was no malware lmao

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
If you can't find the log just run it again and post it.

Next

Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#9
LaptopsVSComputers

LaptopsVSComputers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

When I click Scan Now the screen just reloads


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Try it again a bit later,
Next

Please run a Malwarebytes scan, if you already have Malwarebyytes you may skip the download part

Open Malwarebytes and do the following:
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.


  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    [list]
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.






  • 0

Advertisements


#11
LaptopsVSComputers

LaptopsVSComputers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/8/2016
Scan Time: 5:41 PM
Logfile: MWfile.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.08.09.01
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Clyde
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325181
Time Elapsed: 34 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Trojan.Agent.AI, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8CCADAF0-8E6F-4BA3-A735-548693CD63FF}, Quarantined, [b64fa0a93d5d1e1845732e916a9afe02], 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WindowsUpdategedvdk0x8429524, Delete-on-Reboot, [f70e40094654c1759696d00914ee6c94], 
 
Registry Values: 1
Trojan.Agent.AI, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8CCADAF0-8E6F-4BA3-A735-548693CD63FF}|Path, \WindowsUpdategedvdk0x8429524, Quarantined, [b64fa0a93d5d1e1845732e916a9afe02]
 
Registry Data: 1
PUM.Optional.DisableShowSearch, HKU\S-1-5-21-3110895061-1688022509-3107457843-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),Replaced,[c441fe4b0694e452bd587cfdaa5a54ac]
 
Folders: 93
Trojan.Agent.AI, C:\ProgramData\gedvdk, Quarantined, [e12494b5a1f9c96d208704bbee1655ab], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ar, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\bg, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ca, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\cs, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\da, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\de, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\el, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\en_GB, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\en_US, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\es, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\es_419, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\et, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\fi, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\fil, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\fr, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\he, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\hi, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\hu, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\id, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\it, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ja, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ko, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\lt, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\lv, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ms, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\nl, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\no, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\pl, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\pt_BR, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\pt_PT, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ro, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ru, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sk, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sl, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sr, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sv, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\th, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\tr, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\uk, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\vi, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\zh_CN, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\zh_TW, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_metadata, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
 
Files: 109
RiskWare.MisusedLegit.AI, C:\ProgramData\gedvdk\swLqRN.exe, Quarantined, [f31286c3386272c4b01d21142fd233cd], 
PUP.Optional.DownLoadAdmin, C:\Users\Clyde\Downloads\uplayermediaplayer-setup.exe, Quarantined, [13f214350a90c37313bcf5a9fa07aa56], 
PUP.Optional.DownWare, C:\Users\Clyde\Downloads\online-download-accelerator_setup (1).exe, Quarantined, [32d3c0897f1b4fe7609679d6e91836ca], 
PUP.Optional.DownWare, C:\Users\Clyde\Downloads\online-download-accelerator_setup.exe, Quarantined, [b055371243575cdaf303ada29869a759], 
Trojan.Agent, C:\Windows\System32\Tasks\WINDOWSUPDATEGEDVDK0X8429524, Quarantined, [7d8811380694989e0c54756911f13ac6], 
Trojan.Agent.AI, C:\ProgramData\gedvdk\htnHad.vbs, Quarantined, [e12494b5a1f9c96d208704bbee1655ab], 
Trojan.Agent.AI, C:\ProgramData\gedvdk\tMVbog.txt, Quarantined, [e12494b5a1f9c96d208704bbee1655ab], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\manifest.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\icon_128.png, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\icon_16.png, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\main.html, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\main.js, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ar\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\bg\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ca\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\cs\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\da\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\de\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\el\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\en_GB\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\en_US\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\es\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\es_419\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\et\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\fi\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\fil\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\fr\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\he\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\hi\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\hu\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\id\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\it\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ja\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ko\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\lt\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\lv\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ms\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\nl\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\no\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\pl\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\pt_BR\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\pt_PT\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ro\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\ru\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sk\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sl\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sr\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\sv\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\th\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\tr\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\uk\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\vi\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\zh_CN\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_locales\zh_TW\messages.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_metadata\computed_hashes.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\_metadata\verified_contents.json, Quarantined, [917465e46e2c85b10c8d48539d67f50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_background.js, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_window.js, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css\craw_window.css, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html\craw_window.html, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\flapper.gif, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_128.png, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_16.png, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button.png, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_close.png, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_hover.png, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_maximize.png, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_pressed.png, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
PUP.Optional.HijackModifiedExtension, C:\Users\Clyde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW\messages.json, Quarantined, [6b9acc7d1d7d241207922c6fb94bf50b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Not trying to jump the gun on it but I havent had a pop up since :) in the program it says all these viruses are quarantined are they safe to leave there or should i delete them I kind of dont want to touch these since the pop up stopped xD

  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
They are perfectly safe there. Though on occasion other security software may scan those files and alert you that they may be infected files.

Keep them for a few days then if you want delete them.

Are there any other issues with the computer ?
  • 0

#13
LaptopsVSComputers

LaptopsVSComputers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Oh okay sounds good! No that was the only major problem I believe thank you! :) If anything happens or reoccurs I'll let you know!


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Can you uninstall chrome, we need to do this ?

Try it again

Let me now. If you can't we will use revo uninstall. I'll give the instructions.
  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Are you still with me ?
  • 0






Similar Topics


Also tagged with one or more of these keywords: Virus, Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP