Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser is super slow - PUM.Optional.ProxyHijacker detected

Browser

  • Please log in to reply

#1
missmoody

missmoody

    Member

  • Member
  • PipPip
  • 17 posts

Hello, 

 

My browser is ridiculously slow and almost unusable at the moment. I've run many scans with various programs and the only one that's found anything is Malwarebytes: PUM.Optional.ProxyHijacker 

 

Malwarebytes quarantines it but after removing it, rebooting, and rescanning, it reappears. 

 

I would really appreciate any help you can give me.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
     
    •  
  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    missmoody

    missmoody

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts
    Here's the first log. 
     
    # AdwCleaner v6.047 - Logfile created 09/07/2017 at 15:19:34
    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-05-19.1 [Local]
    # Operating System : Windows 10 Home  (X64)
    # Username : MoodyMiss - LAPTOP-PD9G7JHJ
    # Running from : C:\Users\MoodyMiss\Desktop\Malware Tools\AdwCleaner.exe
    # Mode: Clean
     
     
     
    ***** [ Services ] *****
     
     
     
    ***** [ Folders ] *****
     
    [-] Folder deleted: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
     
     
    ***** [ Files ] *****
     
    [-] File deleted: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
    [#] File deleted: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
    [#] File deleted: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
    [-] File deleted: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
    [-] File deleted: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal
     
     
    ***** [ DLL ] *****
     
     
     
    ***** [ WMI ] *****
     
     
     
    ***** [ Shortcuts ] *****
     
     
     
    ***** [ Scheduled Tasks ] *****
     
     
     
    ***** [ Registry ] *****
     
     
     
    ***** [ Web browsers ] *****
     
    [-] [C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: faoigfclahgbjjjaopddafnnapmeppnc
    [-] [C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gngocbkfmikdgphklgmmehbjjlfgdemm
     
     
    *************************
     
    :: "Tracing" keys deleted
    :: Winsock settings cleared
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[C0].txt - [3436 Bytes] - [27/06/2017 19:38:48]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1736 Bytes] - [09/07/2017 15:19:34]
    C:\AdwCleaner\AdwCleaner[S0].txt - [5337 Bytes] - [18/06/2017 01:56:58]
    C:\AdwCleaner\AdwCleaner[S1].txt - [3668 Bytes] - [27/06/2017 19:34:59]
    C:\AdwCleaner\AdwCleaner[S2].txt - [2401 Bytes] - [09/07/2017 15:14:16]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2028 Bytes] ##########

    • 0

    #4
    missmoody

    missmoody

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    Here's the log of the second scan. 

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.3 (04.10.2017)
    Operating System: Windows 10 Home x64 
    Ran by MoodyMiss (Administrator) on 09/07/2017 at 15:36:31.63
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 1 
     
    Successfully deleted: C:\WINDOWS\wininit.ini (File) 
     
     
     
    Registry: 1 
     
    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_58B6F8ECAF76F56F8565A106D625FE62 (Registry Value) 
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 09/07/2017 at 15:40:35.72
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • 0

    #5
    missmoody

    missmoody

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    Here are the FRST logs. 

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
    Ran by MoodyMiss (administrator) on LAPTOP-PD9G7JHJ (09-07-2017 16:08:55)
    Running from C:\Users\MoodyMiss\Desktop\Malware Tools
    Loaded Profiles: MoodyMiss (Available Profiles: MoodyMiss & Visitor)
    Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Andrea Vacondio) C:\Program Files\PDFsam Enhanced\creator-ws.exe
    () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Andrea Vacondio) C:\Program Files\PDFsam Enhanced 4\creator-ws.exe
    (ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Lenovo) C:\Program Files\Lenovo\BTlocker\RestartThread.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    (Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
    (Lenovo) C:\Program Files\Lenovo\BTlocker\BTDemoService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
    () C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Cisco) C:\Users\MoodyMiss\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
    (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Microsoft Corporation) C:\Windows\System32\Locator.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Lenovo) C:\Users\MoodyMiss\AppData\Local\Apps\2.0\BRYE9YZO.XP7\G2T636RX.C6P\lsb...tion_2d7b41b05b24775e_0001.0006_589ac911618caaca\LSB.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartApp.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek semiconductor)
    HKLM\...\Run: [BTLocker] => C:\Program Files\Lenovo\BtLocker\BTLocker.exe [677304 2015-07-15] (Lenovo)
    HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-08-30] ()
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
    HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
    HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp.)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [PhotoMasterImportAgent] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe [675608 2016-09-22] (CyberLink Corp.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Discord] => C:\Users\MoodyMiss\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Spotify Web Helper] => C:\Users\MoodyMiss\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-24] (Spotify Ltd)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Spotify] => C:\Users\MoodyMiss\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-24] (Spotify Ltd)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [VideoGuardMonitor] => C:\Users\MoodyMiss\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2449160 2017-02-09] (Cisco)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-12] (SUPERAntiSpyware)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [GoogleChromeAutoLaunch_58B6F8ECAF76F56F8565A106D625FE62] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)
    Startup: C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-07-09]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2015-08-11] ()
    BootExecute: autocheck autochk * sdnclean64.exe
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    ProxyEnable: [S-1-5-21-3099505937-1185706521-667985844-1001] => Proxy is enabled.
    ProxyServer: [S-1-5-21-3099505937-1185706521-667985844-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{5611333e-72eb-4eba-8a0b-06ccc90c0d2f}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{c2ee8550-2bc8-4c46-b26a-180a3681a1c8}: [DhcpNameServer] 172.20.10.1
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    SearchScopes: HKU\S-1-5-21-3099505937-1185706521-667985844-1001 -> DefaultScope {F7C2DF14-BBE7-41FA-8823-81F664D37420} URL = 
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-07] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-21] (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-21] (Oracle Corporation)
    DPF: HKLM-x32 {EBB176D2-AF75-4706-832F-4C8448F72757} hxxps://www.shopandscan.com/TNSClickrc.CAB
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
     
    FireFox:
    ========
    FF DefaultProfile: ui4axywz.default
    FF DefaultProfile: okk8xxud.default
    FF ProfilePath: C:\Users\MoodyMiss\AppData\Roaming\Mozilla\Firefox\Profiles\ui4axywz.default [2017-07-06]
    FF Homepage: Mozilla\Firefox\Profiles\ui4axywz.default -> www.google.com
    FF NetworkProxy: Mozilla\Firefox\Profiles\ui4axywz.default -> type", 0
    FF Extension: (LastPass: Free Password Manager) - C:\Users\MoodyMiss\AppData\Roaming\Mozilla\Firefox\Profiles\ui4axywz.default\Extensions\[email protected] [2017-06-09]
    FF ProfilePath: C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default [2017-04-19]
    FF Extension: (Czech (CZ) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Deutsch (DE) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (English (US) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Español (España) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Finnish Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Français Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Galego (España) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Hebrew (IL) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Magyar (HU) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Italiano (IT) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Japanese Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Korean (KR) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Nederlands (NL) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Polski Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Russian (RU) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Slovenski jezik Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (српски (sr) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Svenska (SE) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension
    FF Extension: (PDFsam Enhanced Creator) - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension [2016-12-11] [not signed]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-21] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: PDFsam Enhanced -> C:\Program Files (x86)\PDFsam Enhanced\np-previewer.dll [2016-07-06] (Andrea Vacondio)
    FF Plugin-x32: PDFsam Enhanced 4 -> C:\Program Files (x86)\PDFsam Enhanced 4\np-previewer.dll [2017-02-22] (Andrea Vacondio)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2017-07-09] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2017-07-09] <==== ATTENTION
     
    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR DefaultSearchKeyword: Default -> lp
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default [2017-07-09]
    CHR Extension: (Google Slides) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-19]
    CHR Extension: (Google Docs) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-19]
    CHR Extension: (Google Drive) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-20]
    CHR Extension: (YouTube) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-19]
    CHR Extension: (Adblock Plus) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
    CHR Extension: (OneTab) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20]
    CHR Extension: (Tidy Sidebar) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2017-02-16]
    CHR Extension: (Flix Plus by Lifehacker) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2017-05-23]
    CHR Extension: (Radioplayer) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2017-05-25]
    CHR Extension: (Google Sheets) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-19]
    CHR Extension: (Facebook™ Chat Privacy) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2016-11-19]
    CHR Extension: (Google Docs Offline) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]
    CHR Extension: (Pinterest Save Button) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-26]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-07-07]
    CHR Extension: (Social Fixer for Facebook) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-07-07]
    CHR Extension: (Cookies) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2017-07-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
    CHR Extension: (Gmail) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-19]
    CHR Extension: (Chrome Media Router) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-03]
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-05]
    CHR HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
    R2 BTDemoService; C:\Program Files\Lenovo\BtLocker\BTDemoService.exe [145336 2015-07-15] (Lenovo)
    S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-06] (Lenovo)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
    R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (Lenovo)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel Corporation)
    R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
    S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-08-24] (Lenovo)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
    R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
    R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
    S3 PDFsam Enhanced; C:\Program Files\PDFsam Enhanced\ws.exe [2322496 2016-07-06] (Andrea Vacondio)
    S3 PDFsam Enhanced 4; C:\Program Files\PDFsam Enhanced 4\ws.exe [1880416 2017-02-22] (Andrea Vacondio)
    S3 PDFsam Enhanced 4 CrashHandler; C:\Program Files\PDFsam Enhanced 4\crash-handler-ws.exe [931680 2017-02-22] (Andrea Vacondio)
    R2 PDFsam Enhanced 4 Creator; C:\Program Files\PDFsam Enhanced 4\creator-ws.exe [739168 2017-02-22] (Andrea Vacondio)
    S3 PDFsam Enhanced CrashHandler; C:\Program Files\PDFsam Enhanced\crash-handler-ws.exe [921664 2016-07-06] (Andrea Vacondio)
    R2 PDFsam Enhanced Creator; C:\Program Files\PDFsam Enhanced\creator-ws.exe [734272 2016-07-06] (Andrea Vacondio)
    R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
    R2 RestartThread; C:\Program Files\Lenovo\BtLocker\RestartThread.exe [35768 2015-07-15] (Lenovo)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
    R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
    S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
    R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-09] (Malwarebytes)
    R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek                                            )
    R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
    R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-11] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-06-27] ()
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
    S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-08] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-08] (Zemana Ltd.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-07-09 16:08 - 2017-07-09 16:08 - 00000000 ____D C:\FRST
    2017-07-09 15:40 - 2017-07-09 16:00 - 00000754 _____ C:\Users\MoodyMiss\Desktop\JRT.txt
    2017-07-09 15:19 - 2017-07-09 15:19 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\252C3DF2.sys
    2017-07-08 21:53 - 2017-07-08 21:52 - 01474450 _____ C:\Users\MoodyMiss\Desktop\Steps Recorder.zip
    2017-07-08 21:27 - 2017-07-09 01:13 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2017-07-08 17:39 - 2017-07-09 16:09 - 00132155 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-07-08 17:39 - 2017-07-09 16:09 - 00100762 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-07-08 17:39 - 2017-07-08 17:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2017-07-08 17:39 - 2017-07-08 17:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
    2017-07-08 17:39 - 2017-07-08 17:39 - 00001224 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Zemana
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2017-07-08 11:54 - 2017-07-08 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-07-07 02:21 - 2017-07-07 02:21 - 00022526 _____ C:\Users\MoodyMiss\Downloads\Epping Forest District Council - 07-07-17.html
    2017-07-07 02:21 - 2017-07-07 02:21 - 00000000 ____D C:\Users\MoodyMiss\Downloads\Epping Forest District Council - 07-07-17_files
    2017-07-06 22:33 - 2017-07-06 22:33 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Unity
    2017-07-06 22:31 - 2017-07-06 22:31 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Panoramik
    2017-07-06 18:38 - 2017-07-06 18:38 - 00000000 ____D C:\Users\MoodyMiss\Downloads\Steam - Bookworm
    2017-07-06 17:43 - 2017-07-06 17:43 - 00000000 ___DL C:\Users\MoodyMiss\AppData\LocalLow\PlayReady
    2017-07-06 15:31 - 2017-07-06 15:32 - 19578880 _____ C:\Users\MoodyMiss\Downloads\Turbo Lister - Import to funny-peculiar.tdb
    2017-07-04 21:18 - 2017-07-04 21:18 - 00003352 _____ C:\WINDOWS\System32\Tasks\Restart Snagit
    2017-07-03 17:13 - 2017-07-09 15:59 - 00004430 _____ C:\WINDOWS\System32\Tasks\SmartAppLiveUpdater
    2017-07-03 12:27 - 2017-07-09 15:57 - 00003376 _____ C:\WINDOWS\System32\Tasks\SmartAppMonitor
    2017-07-03 12:15 - 2017-07-03 12:16 - 04669440 _____ C:\Users\MoodyMiss\Downloads\SmartApp (1).msi
    2017-06-29 16:11 - 2017-06-29 16:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2017-06-29 16:11 - 2017-06-29 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2017-06-29 13:50 - 2017-06-29 13:50 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
    2017-06-29 13:50 - 2017-06-29 13:50 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
    2017-06-28 13:09 - 2017-06-28 13:09 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-06-28 10:51 - 2017-06-28 10:51 - 00001467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2017-06-28 10:50 - 2017-06-28 14:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-06-28 10:50 - 2017-06-28 13:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-06-28 10:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
    2017-06-27 17:03 - 2017-06-27 17:03 - 00000000 ____D C:\ProgramData\XDMessagingv4
    2017-06-24 21:14 - 2017-06-24 21:14 - 01450743 _____ C:\Users\MoodyMiss\Downloads\(3) Parts for trampolines - Home - 23-07-17.html
    2017-06-24 21:14 - 2017-06-24 21:14 - 00000000 ____D C:\Users\MoodyMiss\Downloads\(3) Parts for trampolines - Home - 23-07-17_files
    2017-06-24 00:10 - 2017-06-24 00:10 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\NetworkTiles
    2017-06-21 14:56 - 2017-06-21 14:56 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-06-21 14:56 - 2017-06-21 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-06-21 14:54 - 2017-06-21 14:56 - 00000000 ____D C:\Program Files\iTunes
    2017-06-21 14:54 - 2017-06-21 14:54 - 00000000 ____D C:\Program Files\iPod
    2017-06-21 14:41 - 2017-06-21 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2017-06-21 14:39 - 2017-06-21 14:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2017-06-21 14:39 - 2017-06-21 14:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2017-06-19 11:47 - 2017-06-19 11:47 - 00911360 _____ C:\Users\MoodyMiss\Downloads\2014-4_foi022214.xls
    2017-06-18 15:38 - 2017-06-23 09:17 - 00000540 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b286fd-36f1-4a80-9cc9-08c2ff95bd4e.job
    2017-06-18 15:38 - 2017-06-18 15:38 - 00003696 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d7b286fd-36f1-4a80-9cc9-08c2ff95bd4e
    2017-06-18 15:38 - 2017-06-18 15:38 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\SUPERAntiSpyware.com
    2017-06-18 15:37 - 2017-06-18 15:37 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2017-06-18 11:17 - 2017-06-18 11:17 - 00000000 ____D C:\ProgramData\Sophos
    2017-06-18 11:15 - 2017-06-18 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2017-06-18 11:13 - 2017-06-18 11:13 - 00000000 ____D C:\Program Files (x86)\Sophos
    2017-06-18 10:07 - 2017-06-18 10:27 - 00000000 ____D C:\ProgramData\HitmanPro
    2017-06-18 01:34 - 2017-07-09 15:19 - 00000000 ____D C:\AdwCleaner
    2017-06-18 01:19 - 2017-06-18 01:19 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
    2017-06-18 00:13 - 2017-06-27 19:28 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-06-18 00:13 - 2017-06-18 15:29 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-06-18 00:12 - 2017-06-18 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-06-18 00:12 - 2017-06-18 00:12 - 00000000 ____D C:\Program Files\RogueKiller
    2017-06-18 00:09 - 2017-06-18 00:12 - 00293058 _____ C:\TDSSKiller.3.1.0.15_18.06.2017_00.09.39_log.txt
    2017-06-18 00:05 - 2017-06-18 00:05 - 00000562 _____ C:\TDSSKiller.3.1.0.15_18.06.2017_00.05.30_log.txt
    2017-06-17 23:58 - 2017-07-09 16:08 - 00000000 ____D C:\Users\MoodyMiss\Desktop\Malware Tools
    2017-06-17 22:24 - 2017-07-08 11:41 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-06-17 22:23 - 2017-07-09 15:49 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-06-17 22:23 - 2017-07-09 09:30 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-06-17 22:23 - 2017-07-07 20:52 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-06-17 22:23 - 2017-07-07 20:43 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-06-17 22:23 - 2017-07-07 20:43 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-06-17 22:23 - 2017-06-17 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-06-17 22:22 - 2017-06-17 22:22 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-06-17 17:39 - 2017-06-19 16:30 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\NOW TV Player
    2017-06-17 11:23 - 2017-06-17 11:23 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Cisco
    2017-06-17 11:23 - 2017-06-17 11:23 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Cisco
    2017-06-17 11:21 - 2017-06-17 11:21 - 00001205 _____ C:\Users\MoodyMiss\Desktop\NOW TV Player.lnk
    2017-06-17 11:21 - 2017-06-17 11:21 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NOW TV
    2017-06-17 11:20 - 2017-06-17 11:20 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\NOW TV
    2017-06-17 11:15 - 2017-06-17 11:19 - 73149360 _____ (NOW TV ) C:\Users\MoodyMiss\Downloads\NOWTVPlayerInstaller-Full-Windows.exe
    2017-06-14 17:20 - 2017-06-03 10:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2017-06-14 17:20 - 2017-06-03 10:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-06-14 17:20 - 2017-06-03 10:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2017-06-14 17:20 - 2017-06-03 10:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-06-14 17:20 - 2017-06-03 10:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-06-14 17:20 - 2017-06-03 09:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2017-06-14 17:20 - 2017-06-03 09:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2017-06-14 17:20 - 2017-06-03 09:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2017-06-14 17:20 - 2017-06-03 09:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-06-14 17:20 - 2017-05-20 10:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2017-06-14 17:20 - 2017-05-20 09:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2017-06-14 17:20 - 2017-05-20 09:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2017-06-14 17:20 - 2017-05-20 09:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2017-06-14 17:20 - 2017-05-20 09:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2017-06-14 17:20 - 2017-05-20 09:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2017-06-14 17:20 - 2017-05-20 09:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-06-14 17:20 - 2017-05-20 09:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
    2017-06-14 17:20 - 2017-05-20 09:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
    2017-06-14 17:20 - 2017-05-20 09:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
    2017-06-14 17:20 - 2017-05-20 09:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-06-14 17:20 - 2017-05-20 09:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
    2017-06-14 17:20 - 2017-05-20 09:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2017-06-14 17:20 - 2017-05-20 09:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-06-14 17:20 - 2017-05-20 09:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 04544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
    2017-06-14 17:20 - 2017-05-20 09:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-06-14 17:20 - 2017-05-20 09:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2017-06-14 17:20 - 2017-05-20 09:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2017-06-14 17:20 - 2017-05-20 09:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2017-06-14 17:20 - 2017-05-20 09:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2017-06-14 17:20 - 2017-05-20 09:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2017-06-14 17:20 - 2017-05-20 09:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
    2017-06-14 17:19 - 2017-06-03 10:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-06-14 17:19 - 2017-06-03 10:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-06-14 17:19 - 2017-06-03 10:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2017-06-14 17:19 - 2017-06-03 10:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-06-14 17:19 - 2017-06-03 10:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
    2017-06-14 17:19 - 2017-06-03 10:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-06-14 17:19 - 2017-06-03 10:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2017-06-14 17:19 - 2017-06-03 10:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
    2017-06-14 17:19 - 2017-06-03 10:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-06-14 17:19 - 2017-06-03 09:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-06-14 17:19 - 2017-06-03 09:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-06-14 17:19 - 2017-06-03 09:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-06-14 17:19 - 2017-06-03 09:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2017-06-14 17:19 - 2017-06-03 09:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-06-14 17:19 - 2017-06-03 09:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-06-14 17:19 - 2017-06-03 09:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-06-14 17:19 - 2017-06-03 09:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-06-14 17:19 - 2017-06-03 09:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2017-06-14 17:19 - 2017-06-03 09:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-06-14 17:19 - 2017-05-20 09:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2017-06-14 17:19 - 2017-05-20 09:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2017-06-14 17:19 - 2017-05-20 09:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-06-14 17:19 - 2017-05-20 09:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-06-14 17:19 - 2017-05-20 09:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
    2017-06-14 17:19 - 2017-05-20 09:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-06-14 17:19 - 2017-05-20 09:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-06-14 17:19 - 2017-05-20 09:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
    2017-06-14 17:19 - 2017-05-20 09:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
    2017-06-14 17:19 - 2017-05-20 09:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
    2017-06-14 17:19 - 2017-05-20 09:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
    2017-06-14 17:19 - 2017-05-20 09:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2017-06-14 17:19 - 2017-05-20 09:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-06-14 17:19 - 2017-05-20 09:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2017-06-14 17:19 - 2017-05-20 09:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2017-06-14 17:19 - 2017-05-20 09:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2017-06-14 17:19 - 2017-05-20 09:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
    2017-06-14 17:19 - 2017-05-20 09:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
    2017-06-14 17:09 - 2017-06-03 10:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-06-14 17:09 - 2017-06-03 10:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-06-14 17:09 - 2017-06-03 10:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-06-14 17:09 - 2017-06-03 10:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-06-14 17:09 - 2017-06-03 10:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-06-14 17:09 - 2017-06-03 10:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2017-06-14 17:09 - 2017-06-03 10:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2017-06-14 17:09 - 2017-06-03 09:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2017-06-14 17:09 - 2017-06-03 09:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-06-14 17:09 - 2017-06-03 09:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2017-06-14 17:09 - 2017-05-20 07:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
    2017-06-14 17:09 - 2017-05-20 07:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2017-06-14 17:09 - 2017-05-20 07:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
    2017-06-14 17:09 - 2017-05-20 07:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
    2017-06-14 17:09 - 2017-05-20 07:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
    2017-06-14 17:09 - 2017-05-20 07:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
    2017-06-14 17:09 - 2017-05-20 07:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
    2017-06-14 17:09 - 2017-05-20 07:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-06-14 17:09 - 2017-05-20 06:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-06-14 17:09 - 2017-05-20 06:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2017-06-14 17:09 - 2017-05-20 06:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
    2017-06-14 17:09 - 2017-05-20 06:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
    2017-06-14 17:08 - 2017-06-03 11:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2017-06-14 17:08 - 2017-06-03 11:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-06-14 17:08 - 2017-06-03 11:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2017-06-14 17:08 - 2017-06-03 11:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2017-06-14 17:08 - 2017-06-03 11:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-06-14 17:08 - 2017-06-03 11:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2017-06-14 17:08 - 2017-06-03 10:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2017-06-14 17:08 - 2017-06-03 10:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-06-14 17:08 - 2017-06-03 10:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2017-06-14 17:08 - 2017-06-03 10:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2017-06-14 17:08 - 2017-06-03 10:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-06-14 17:08 - 2017-06-03 10:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-06-14 17:08 - 2017-06-03 10:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
    2017-06-14 17:08 - 2017-06-03 10:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
    2017-06-14 17:08 - 2017-06-03 10:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2017-06-14 17:08 - 2017-06-03 10:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2017-06-14 17:08 - 2017-06-03 10:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2017-06-14 17:08 - 2017-06-03 10:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2017-06-14 17:08 - 2017-06-03 10:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
    2017-06-14 17:08 - 2017-06-03 10:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-14 17:08 - 2017-06-03 10:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
    2017-06-14 17:08 - 2017-06-03 10:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2017-06-14 17:08 - 2017-06-03 10:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2017-06-14 17:08 - 2017-06-03 10:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-06-14 17:08 - 2017-06-03 10:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-06-14 17:08 - 2017-06-03 10:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-06-14 17:08 - 2017-06-03 10:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2017-06-14 17:08 - 2017-06-03 09:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-06-14 17:08 - 2017-06-03 09:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2017-06-14 17:08 - 2017-05-20 08:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2017-06-14 17:08 - 2017-05-20 08:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2017-06-14 17:08 - 2017-05-20 07:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2017-06-14 17:08 - 2017-05-20 07:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2017-06-14 17:08 - 2017-05-20 07:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2017-06-14 17:08 - 2017-05-20 07:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-06-14 17:08 - 2017-05-20 07:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-06-14 17:08 - 2017-05-20 07:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-06-14 17:08 - 2017-05-20 07:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
    2017-06-14 17:08 - 2017-05-20 07:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-06-14 17:08 - 2017-05-20 07:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
    2017-06-14 17:08 - 2017-05-20 07:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
    2017-06-14 17:08 - 2017-05-20 07:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
    2017-06-14 17:08 - 2017-05-20 07:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
    2017-06-14 17:08 - 2017-05-20 07:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
    2017-06-14 17:08 - 2017-05-20 07:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
    2017-06-14 17:08 - 2017-05-20 07:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2017-06-14 17:08 - 2017-05-20 06:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-06-14 17:08 - 2017-05-20 06:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
    2017-06-14 17:08 - 2017-05-20 06:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2017-06-14 17:08 - 2017-05-20 06:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2017-06-14 17:08 - 2017-05-20 06:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2017-06-14 17:08 - 2017-05-20 06:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
    2017-06-14 17:08 - 2017-05-20 06:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2017-06-14 17:08 - 2017-05-20 06:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
    2017-06-14 17:08 - 2017-05-20 06:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
    2017-06-14 17:06 - 2017-06-03 11:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-06-14 17:06 - 2017-06-03 11:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-06-14 17:06 - 2017-06-03 11:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2017-06-14 17:06 - 2017-06-03 10:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2017-06-14 17:06 - 2017-06-03 10:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2017-06-14 17:06 - 2017-06-03 10:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-06-14 17:06 - 2017-06-03 09:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2017-06-14 17:05 - 2017-05-20 07:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2017-06-14 17:04 - 2017-05-20 07:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2017-06-14 17:03 - 2017-06-03 11:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-06-14 17:03 - 2017-06-03 11:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-06-14 17:03 - 2017-06-03 11:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2017-06-14 17:03 - 2017-06-03 11:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-06-14 17:03 - 2017-06-03 11:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
    2017-06-14 17:03 - 2017-06-03 10:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-06-14 17:03 - 2017-06-03 10:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2017-06-14 17:03 - 2017-06-03 10:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
    2017-06-14 17:03 - 2017-06-03 10:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-06-14 17:03 - 2017-06-03 10:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-06-14 17:03 - 2017-06-03 09:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-06-14 17:03 - 2017-06-03 09:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2017-06-14 17:03 - 2017-06-03 09:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2017-06-14 17:03 - 2017-06-03 09:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
    2017-06-14 17:03 - 2017-05-20 08:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-06-14 17:03 - 2017-05-20 07:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
    2017-06-14 17:03 - 2017-05-20 07:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
    2017-06-14 17:03 - 2017-05-20 07:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-06-14 17:03 - 2017-05-20 07:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2017-06-14 17:03 - 2017-05-20 07:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2017-06-14 17:03 - 2017-05-20 07:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
    2017-06-14 17:03 - 2017-05-20 07:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-06-14 17:03 - 2017-05-20 07:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-06-14 17:03 - 2017-05-20 07:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2017-06-14 17:03 - 2017-05-20 07:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2017-06-14 17:03 - 2017-05-20 07:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
    2017-06-14 17:03 - 2017-05-20 07:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
    2017-06-14 17:03 - 2017-05-20 07:00 - 05776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
    2017-06-14 17:03 - 2017-05-20 07:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2017-06-14 17:03 - 2017-05-20 07:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2017-06-14 17:03 - 2017-05-20 06:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2017-06-14 17:03 - 2017-05-20 06:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2017-06-14 17:03 - 2017-05-20 06:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-06-14 17:03 - 2017-05-20 06:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2017-06-14 17:03 - 2017-05-20 06:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-06-14 17:03 - 2017-05-20 06:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2017-06-14 17:03 - 2017-05-20 06:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2017-06-14 17:03 - 2017-05-20 06:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-06-14 17:03 - 2017-05-20 06:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-06-14 17:03 - 2017-05-20 06:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
    2017-06-14 17:02 - 2017-06-03 11:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-06-14 16:58 - 2017-06-03 11:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2017-06-14 16:58 - 2017-05-20 08:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-06-14 16:58 - 2017-05-20 07:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-06-14 16:58 - 2017-05-20 07:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2017-06-14 16:58 - 2017-05-20 07:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2017-06-14 16:57 - 2017-06-03 10:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-06-13 12:33 - 2017-06-13 12:33 - 01156922 _____ C:\Users\MoodyMiss\Downloads\Epping Forest S13A 201718 v1.4.pdf
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-07-09 15:56 - 2016-11-25 07:09 - 00135819 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
    2017-07-09 15:50 - 2017-05-15 22:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-07-09 15:50 - 2016-11-20 12:24 - 00000000 __SHD C:\Users\MoodyMiss\IntelGraphicsProfiles
    2017-07-09 15:48 - 2017-05-15 23:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-07-09 15:48 - 2017-03-18 12:40 - 01835008 _____ C:\WINDOWS\system32\config\BBI
    2017-07-09 15:47 - 2017-05-15 22:39 - 00000000 ____D C:\Users\MoodyMiss
    2017-07-09 15:45 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-07-09 15:42 - 2016-08-30 20:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-07-09 15:31 - 2016-11-19 20:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-07-09 15:26 - 2016-11-19 21:57 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2017-07-09 14:57 - 2017-01-02 04:05 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Skype
    2017-07-09 06:40 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-07-09 04:34 - 2016-11-20 12:24 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Packages
    2017-07-09 04:31 - 2016-12-22 21:36 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\CrashDumps
    2017-07-09 02:47 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
    2017-07-09 01:09 - 2017-03-11 13:00 - 00000000 ____D C:\Program Files (x86)\Steam
    2017-07-09 00:54 - 2016-11-19 21:58 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\TeamViewer
    2017-07-08 21:37 - 2016-11-30 00:21 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\ElevatedDiagnostics
    2017-07-08 18:03 - 2017-05-15 22:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-07-08 11:54 - 2016-12-01 01:36 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-07-07 21:09 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-07-07 20:42 - 2016-11-19 20:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-07-07 20:33 - 2016-12-18 17:11 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Spotify
    2017-07-07 18:24 - 2016-12-18 17:08 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Spotify
    2017-07-06 17:11 - 2016-11-19 20:54 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Mozilla
    2017-07-04 20:51 - 2016-12-12 02:02 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\discord
    2017-07-04 16:33 - 2017-03-22 00:26 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\PokerStars.UK
    2017-07-03 17:13 - 2017-01-12 13:35 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Verto Analytics
    2017-07-03 15:24 - 2017-03-22 00:23 - 00000000 ____D C:\Program Files (x86)\PokerStars.UK
    2017-07-03 12:21 - 2016-11-26 13:18 - 00000000 ____D C:\Program Files (x86)\SmartApp
    2017-07-02 20:59 - 2016-12-22 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    2017-06-29 17:36 - 2016-12-05 23:19 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Apple Computer
    2017-06-27 19:34 - 2016-12-05 00:49 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-06-27 19:34 - 2016-12-05 00:49 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-06-23 20:02 - 2016-11-24 14:25 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\vlc
    2017-06-23 19:11 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-06-23 17:17 - 2017-05-14 22:18 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\dvdcss
    2017-06-23 12:42 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
    2017-06-23 09:28 - 2016-06-11 11:58 - 00010720 _____ C:\Users\MoodyMiss\Downloads\Food Diary.xlsx
    2017-06-23 09:23 - 2016-12-05 23:19 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Apple Computer
    2017-06-23 01:51 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-06-22 10:06 - 2017-05-15 23:14 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-06-22 10:06 - 2016-11-20 12:27 - 00002413 _____ C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-06-22 10:06 - 2016-11-20 12:27 - 00000000 ___RD C:\Users\MoodyMiss\OneDrive
    2017-06-21 14:53 - 2016-12-05 23:14 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-06-21 14:39 - 2016-12-05 23:16 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2017-06-18 15:15 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2017-06-18 09:57 - 2017-05-15 22:38 - 01119902 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-06-18 04:24 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
    2017-06-18 01:46 - 2017-03-04 01:01 - 00000000 ___RD C:\Program Files (x86)\Skype
    2017-06-18 01:46 - 2016-11-19 21:22 - 00000000 ____D C:\ProgramData\Skype
    2017-06-17 23:42 - 2015-11-03 20:24 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-06-17 23:38 - 2017-05-15 22:33 - 00381096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-06-17 23:37 - 2016-12-24 20:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-06-17 23:37 - 2016-12-24 20:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\system32\F12
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___RD C:\Program Files\Windows Defender
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-06-14 18:03 - 2016-11-19 21:24 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-06-14 17:42 - 2016-11-19 21:24 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-06-14 17:36 - 2016-12-24 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-06-10 00:23 - 2016-12-04 23:42 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Windows Live
    2017-06-09 23:28 - 2016-11-27 20:45 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\LastPass
     
    ==================== Files in the root of some directories =======
     
    2016-12-10 05:34 - 2016-12-10 05:34 - 0000017 _____ () C:\Users\MoodyMiss\AppData\Local\resmon.resmoncfg
    2017-05-15 22:36 - 2017-05-15 22:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
     
    Some files in TEMP:
    ====================
    2017-06-18 00:13 - 2017-03-18 21:57 - 1930320 _____ (Microsoft Corporation) C:\Users\MoodyMiss\AppData\Local\Temp\dllnt_dump.dll
    2017-05-15 23:40 - 2017-06-18 01:42 - 58684896 _____ (Skype Technologies S.A.) C:\Users\MoodyMiss\AppData\Local\Temp\SkypeSetup.exe
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-06-25 05:29
     
    ==================== End of FRST.txt ============================
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
    Ran by MoodyMiss (09-07-2017 16:11:21)
    Running from C:\Users\MoodyMiss\Desktop\Malware Tools
    Windows 10 Home Version 1703 (X64) (2017-05-15 22:25:08)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-3099505937-1185706521-667985844-500 - Administrator - Disabled)
    MoodyMiss (S-1-5-21-3099505937-1185706521-667985844-1001 - Administrator - Enabled) => C:\Users\MoodyMiss
    DefaultAccount (S-1-5-21-3099505937-1185706521-667985844-503 - Limited - Disabled)
    Guest (S-1-5-21-3099505937-1185706521-667985844-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3099505937-1185706521-667985844-1003 - Limited - Enabled)
    Visitor (S-1-5-21-3099505937-1185706521-667985844-1004 - Limited - Enabled) => C:\Users\Visitor
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
    Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
    Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
    Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
    Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
    AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
    Big Bang Empire (HKLM\...\Steam App 510660) (Version:  - Playata GmbH)
    Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    BookWorm Deluxe (HKLM\...\Steam App 3370) (Version:  - PopCap Games, Inc.)
    BT Locker (HKLM\...\{ABD07801-AB2B-4C40-A5B0-9D459A328092}_is1) (Version: 1.1.01.42 - Lenovo)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
    Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.01 - Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
    Cisco VideoGuard Player (HKLM-x32\...\{73d6b22b-650b-46d9-93ff-3045da5df3cd}) (Version: 7.3.0.62003 - Cisco Systems, Inc)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    Discord (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
    Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
    Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
    Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
    Everlasting Summer (HKLM\...\Steam App 331470) (Version:  - Soviet Games)
    Fallout Shelter (HKLM\...\Steam App 588430) (Version:  - Bethesda Game Studios)
    Family Tree Maker 2014 (HKLM\...\{6948B4FD-92E3-4069-B9E2-9216E1347DA3}) (Version: 22.0.1474 - Software MacKiev)
    Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version:  - Panoramik Inc)
    Frontpage Express version 2002 (HKLM-x32\...\{980FDD7A-F25D-4B22-BD85-195D411A4251}_is1) (Version: 2002 - Microsoft)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
    Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
    IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
    IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
    Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
    Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
    Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation)
    iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
    JackpotLiner (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\JackpotLiner) (Version:  - )
    Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
    K-Lite Codec Pack 12.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.7.5 - KLCP)
    Lenovo Business Vantage (HKLM-x32\...\{BAAE4B9C-8D26-44AF-BCE8-181C8F4A8D5B}_is1) (Version: 3.0.2.3 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
    Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
    Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.5.5720.01 - CyberLink Corp.)
    Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden
    Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
    Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
    Lenovo Service Bridge (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)
    Lenovo Solution Center (HKLM\...\{558E50EE-5E2D-479A-A455-8A826191583B}) (Version: 3.3.004.00 - Lenovo)
    Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
    LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
    LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
    Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
    Manager (HKLM-x32\...\{3802F563-BAD7-47F3-AF91-ED1C9467B224}) (Version: 3.0.7.25771 - ANDREA VACONDIO) Hidden
    Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
    Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
    Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
    Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
    Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 54.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-GB)) (Version: 54.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
    MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
    Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
    NOW TV Player 2.0.1.0 (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\com.bskyb.nowtvplayer_is1) (Version: 2.0.1.0 - NOW TV)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
    PDFsam Basic (HKLM-x32\...\{910EA44E-8446-405D-BFE1-82F562F847D0}) (Version: 3.30.0.0 - Andrea Vacondio)
    PDFsam Enhanced (HKLM-x32\...\PDFsam Enhanced) (Version: 3.0.31.29080 - Copyright 2016 Andrea Vacondio)
    PDFsam Enhanced 4 (HKLM-x32\...\PDFsam Enhanced 4) (Version: 4.0.3.32301 - Copyright 2017 Andrea Vacondio)
    PDFsam Enhanced 4 Asian Fonts Pack (HKLM\...\{B196CA8F-9E0B-4313-B869-D70ABBF39D65}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Convert Module (HKLM\...\{2703396F-9F8D-4B33-9505-EC9790843796}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Create Module (HKLM\...\{B1F90D78-911F-478A-807E-C11F549F54F0}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Edit Module (HKLM\...\{5738E844-1029-4CEF-A31C-E1825431EC5B}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Forms Module (HKLM\...\{C54F9BD4-9C60-4B72-A8D2-30B4D003F348}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Insert Module (HKLM\...\{EFE05902-4CD7-448E-9504-45FD34983C48}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 OCR Module (HKLM\...\{AE52B43E-540F-4144-895D-D84477ADBAD8}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Review Module (HKLM\...\{8CE14103-AA20-4F03-A119-5DA176ECFC1C}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Secure Module (HKLM\...\{F9B225E5-3A68-4DAB-95E0-13B32DE69277}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 View Module (HKLM\...\{DF4F9D60-BF67-4BA3-8847-899F6A3C157E}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced Asian Fonts Pack (HKLM\...\{817881FA-BD07-4A50-8F77-DA9AA6009093}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Convert Module (HKLM\...\{C3946663-4609-4158-A3AD-B9BFB16496F1}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Create Module (HKLM\...\{F790A93F-B881-4316-BDB4-D02783850695}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Edit Module (HKLM\...\{C584AD88-AFC9-4030-B391-49C0D04F6F1A}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Forms Module (HKLM\...\{3CAC256B-9C84-44F4-AC26-50B07FEA56B6}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Insert Module (HKLM\...\{A06D8CE0-76AA-4968-AC8B-221BE5128646}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced OCR Module (HKLM\...\{B83B283F-87BB-4C61-8F50-E45EDD0C7C8C}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Review Module (HKLM\...\{35AF9861-0E3C-4C81-AFCC-73461EBC00B7}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Secure Module (HKLM\...\{3B633A35-AE66-4AC3-B4A1-D2ED2594D368}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced View Module (HKLM\...\{972049F9-650B-4430-82ED-6080470D27BA}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
    PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
    Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
    RogueKiller version 12.11.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.1.0 - Adlice Software)
    Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
    Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    Secure [email protected] (HKLM-x32\...\{1F307FB4-E514-4695-8054-FFD32478302B}) (Version: 3.34.2839.0 - Valassis)
    SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.1 - Lenovo)
    Shopandscan (HKLM-x32\...\{0AE44DE7-5B32-4151-8272-0FA6DAF800E8}) (Version: 1.0.0 - Kantar WorldPanel)
    Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
    SmartApp (HKLM-x32\...\{74C732EB-DE42-4EAD-985F-5C45837D0951}) (Version: 3.7.0 - SmartApp)
    Snagit 13 (HKLM-x32\...\{2D2045B7-AF91-409C-87F6-99E263CDC13F}) (Version: 13.0.3 - TechSmith Corporation) Hidden
    Snagit 13 (HKLM-x32\...\{5acd453a-fa98-417a-b893-31468cbdd0e5}) (Version: 13.0.3.7115 - TechSmith Corporation)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
    Spotify (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
    Tap Adventure: Time Travel (HKLM\...\Steam App 596650) (Version:  - Avallon Alliance)
    Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
    Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    Tixati (HKLM-x32\...\tixati) (Version:  - )
    Transformice (HKLM\...\Steam App 335240) (Version:  - Atelier 801)
    Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
    TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
    Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
    User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
    Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
    vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
    WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
    Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
    Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports  (06/02/2008 2.0.5.5) (HKLM\...\245A139F08D3D69654D8822673D0B5EBFB63EF38) (Version: 06/02/2008 2.0.5.5 - OPTO ELECTRONICS CO.,LTD)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
    xplorer² lite 32 bit (HKLM-x32\...\xplorer2l) (Version: 3.2.0.2 - Zabkat)
    Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-3099505937-1185706521-667985844-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()
    ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers01: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll -> No File
    ContextMenuHandlers01: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (Cyberlink)
    ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
    ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2014-05-19] (Nitro PDF)
    ContextMenuHandlers01: [PDFsamEnhanced4_ManagerExt] -> {6641FF9D-C10F-4B6A-B25E-9978121F33FF} => C:\Program Files\PDFsam Enhanced 4\creator-context-menu.dll [2017-02-22] (Andrea Vacondio)
    ContextMenuHandlers01: [PDFsamEnhanced_ManagerExt] -> {9ADBE344-48D8-4317-8CD7-13DA9095B33B} => C:\Program Files\PDFsam Enhanced\creator-context-menu.dll [2016-07-06] (Andrea Vacondio)
    ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
    ContextMenuHandlers01: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers01: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers01: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)
    ContextMenuHandlers01: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation)
    ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
    ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
    ContextMenuHandlers02: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (Cyberlink)
    ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
    ContextMenuHandlers04: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)
    ContextMenuHandlers04: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation)
    ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Intel Corporation)
    ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()
    ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers06: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll -> No File
    ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers06: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers06: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
    ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {15653CA7-22F1-486E-B19D-2429F8D425E6} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-09-11] (CyberLink Corp.)
    Task: {1C89891E-6EB0-4D59-826D-2BCFA4CED2DF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
    Task: {1E93F5D1-514B-417B-A64E-C50059B40681} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo)
    Task: {1F9E9E02-1E7A-4AB8-839B-3F51CECC758F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-07] (Microsoft Corporation)
    Task: {2D11EAEE-AAC8-4E81-8C65-EBE89E7B1F9C} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-08-24] (Lenovo)
    Task: {2E9F9B7F-B88F-43B5-A244-B87FB358A78B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
    Task: {37BFBFFD-3764-4710-A959-86DB6A7C95CF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3593faad-79e1-431b-8365-4e72ef92b484 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
    Task: {38A561DA-58C0-4752-BEA4-0EE9A6CE04E0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6040606f-1845-467a-a2a3-3d6bdf8fe93e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
    Task: {3E563827-996E-41FC-B2CE-6F6C0D5C919C} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
    Task: {424AF48A-9555-40F6-ADD4-2012D6025198} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
    Task: {485EA9F5-9BAD-4849-81B1-B7DAB7A6B8CA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3099505937-1185706521-667985844-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
    Task: {4A502CD5-5C96-47E9-991E-DA348B1536DD} - System32\Tasks\Restart Snagit => C:\Program Files (x86)\TechSmith\Snagit 13\snagit32.exe [2016-11-03] (TechSmith Corporation)
    Task: {50BE0FB9-2FD1-4189-8930-88900DE49AA8} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-09-06] (TechSmith Corporation)
    Task: {54C3B6C7-845F-4C58-8927-B5835F416159} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {5617B5C1-B149-4DEC-B0BA-8F24949C15B4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {586EC27B-7F39-4980-A250-BA1E6C62E9E5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-07] (Lenovo)
    Task: {609C19DD-4239-4D4A-A5B3-3644B8ABB1B9} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
    Task: {651B6C4A-111C-43F8-862C-EFA22A6FC080} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f8de029d-c6f0-40cb-ad1b-615dcbf1af44 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
    Task: {71632588-B665-48CE-8B30-6A35FABC73AC} - System32\Tasks\SUPERAntiSpyware Scheduled Task d7b286fd-36f1-4a80-9cc9-08c2ff95bd4e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {75B63EB5-E544-4DD2-A1AD-CAE4B83EA5CD} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-08-24] ()
    Task: {7779FF88-471B-4D54-9CAC-884C85338789} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2017-07-03] (Verto Analytics Inc.)
    Task: {857C58BB-48E8-4F94-893E-F0E67D61F4FF} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-12-20] ()
    Task: {9B2BBBE0-7848-4C2F-89AB-97E22D0C73D0} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-09-22] (CyberLink Corp.)
    Task: {A691F463-19C6-4652-AACC-3B1F3A332B06} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {B19C3485-BE5C-4A18-A709-759CE120168D} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
    Task: {B246D950-89B5-46EB-B2A8-1B0F2CD07CA7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
    Task: {B5054CC3-8B33-4146-89F3-BB1B56CD3FB9} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2017-07-03] (Verto Analytics Inc.)
    Task: {B5B8C3F4-3A61-4B2B-A3BE-1B3C44091BD8} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-09-25] ()
    Task: {CAFCE55B-DD8B-4A3F-B63A-CAC356AEEDB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-19] (Google Inc.)
    Task: {CBAB3062-C700-45D9-84FE-9ED60BB5A2F0} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-09-25] ()
    Task: {D2061CB0-93A8-41A3-B44B-A8C0B724B395} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-19] (Google Inc.)
    Task: {DB837A80-6619-4B6C-AD4A-ED9C7E9E248C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
    Task: {E3B8A737-253C-4AE4-8F08-8C402503E6C4} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
    Task: {F9816FAD-B6E2-4F46-A0E0-FCA7D480DE65} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b286fd-36f1-4a80-9cc9-08c2ff95bd4e.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
     
    ==================== Shortcuts & WMI ========================
     
    (The entries could be listed to be restored or removed.)
     
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2014-05-19 13:27 - 2014-05-19 13:27 - 00417800 _____ () c:\program files\nitro\pro 9\nitro_updateservice.exe
    2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-03-18 21:58 - 2017-03-18 21:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2016-08-30 20:23 - 2017-07-07 07:08 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2017-07-08 17:39 - 2017-07-08 17:39 - 00155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
    2017-03-18 21:59 - 2017-03-19 03:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-05-03 04:39 - 2017-04-23 22:28 - 00401912 _____ () C:\WINDOWS\system32\igfxTray.exe
    2016-08-30 21:56 - 2015-02-09 04:18 - 00124440 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    2016-08-30 20:31 - 2016-08-30 20:31 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    2016-08-30 20:31 - 2016-08-30 20:31 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
    2017-06-27 19:34 - 2017-06-23 04:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
    2017-06-27 19:34 - 2017-06-23 04:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
    2017-06-28 10:50 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2017-06-28 10:50 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-06-28 10:50 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2017-06-28 10:50 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2017-06-28 10:50 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2016-08-30 20:36 - 2014-07-04 05:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
    2014-07-04 20:35 - 2014-07-04 20:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
    2016-08-30 20:21 - 2017-06-20 04:08 - 00272072 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\IEAWSDC.DLL
    2017-01-27 10:30 - 2016-09-22 07:24 - 00884504 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\Kernel\Boomerang\UNO.dll
    2017-01-27 10:27 - 2016-09-22 07:11 - 00081920 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ctypes.pyd
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
    AlternateDataStreams: C:\Windows:nlsPreferences [386]
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Control Panel\Desktop\\Wallpaper -> 
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    HKLM\...\StartupApproved\Run: => "BTLocker"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKLM\...\StartupApproved\Run32: => "SDTray"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Discord"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "PhotoMasterImportAgent"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [UDP Query User{C523F6ED-096B-475A-A96F-4A6569C7524B}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{18B79870-47AA-448F-B1EA-A53DD52769D5}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{FC378638-F3F2-43A5-8619-7A4CBF9CF7E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
    FirewallRules: [{157B1891-94BE-4233-932D-D6919EE3FC0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
    FirewallRules: [{9BD41384-7161-4D4D-A9A4-7F105B444AD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Bang Empire\Big Bang Empire.exe
    FirewallRules: [{BD93136A-6C6E-46DA-B270-B41570402D69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Bang Empire\Big Bang Empire.exe
    FirewallRules: [{4637A8C0-7CB4-4CB9-AA44-6818AE8B5830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
    FirewallRules: [{39798A39-477F-4A46-A493-6A155FCC477B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
    FirewallRules: [{93327FEA-B932-4A83-AA43-2037599271A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
    FirewallRules: [{7ABDC41F-4CDF-4DDB-A5A8-4A64D5ECC6E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
    FirewallRules: [{DF9CFA7F-3B32-43DD-BBC6-AC8DDE269D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
    FirewallRules: [{24E2C04F-BCC5-4947-A61A-7E6263DB1DD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
    FirewallRules: [{809DD42A-E467-48C9-87F0-E88A1AA2DE8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tap Adventure Time Travel\TapAdventure.exe
    FirewallRules: [{AB35B7B2-8856-4B5F-81FE-268712E2AA6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tap Adventure Time Travel\TapAdventure.exe
    FirewallRules: [{5489D42D-701C-410C-9C47-21AF7D2D99D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe
    FirewallRules: [{FD3AD805-A2A8-43CE-97BD-A173DB02C544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe
    FirewallRules: [{D00CBAC4-3B2E-443C-91BC-F9448F95811C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
    FirewallRules: [UDP Query User{9BA926EC-A108-40BA-908D-D82BB6832067}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe
    FirewallRules: [TCP Query User{595ECB4D-B6F6-465D-8F25-079F1CC599E2}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe
    FirewallRules: [{35EA6F1C-1C9D-4602-8354-CAE09FA18F90}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{4E8898FA-7FA8-4EB9-AD58-217B2C1090FE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{2FEE6E92-F25D-4EBB-9C95-54986E24590B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1CA6CACC-B1BA-4DA2-9E95-B0FA8DEDD685}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{079EF1EA-3010-4338-A8BC-346B233416EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{911BB808-3C04-430F-9E53-0FB190B3DF41}] => (Allow) LPort=8298
    FirewallRules: [UDP Query User{ED823690-8181-4DE3-A826-69C7863688EA}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
    FirewallRules: [TCP Query User{887F5358-031F-4F72-A876-924F1E5C0A1F}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
    FirewallRules: [UDP Query User{859291AC-BF16-4402-A40A-AA75E1A5B481}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{8188D74C-6D7E-4F0C-B9B5-451C96BE3DD6}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{FFBB136A-7864-401E-975A-548E78B415D7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{B4ED3D1E-BFDE-49AE-91B0-E7492D34669A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{118FCFBD-BEE4-4087-AEF4-A1C4F82A15E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4325B474-A0A7-4467-B673-4DF39051D83B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{37F2BD7C-5A26-42C2-81F2-151F6ED6D634}] => (Allow) LPort=1900
    FirewallRules: [{2D94A0B4-9DC1-4432-A9AC-D5723C8C8B34}] => (Allow) LPort=2869
    FirewallRules: [{7EEBBDEA-6D28-4816-8180-0A1034F7D806}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{6BE5269A-B295-480C-8C99-833F3ED25F5D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
    FirewallRules: [{B8554D56-1362-4103-BAF5-31CB177927C9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
    FirewallRules: [{92A6AD71-E00B-4B62-97EF-5C0CCB20DB35}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{19563F32-4408-46C2-BE41-C0DFC825B698}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C6A45646-BB54-40BA-85D4-899CDAC6EE62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{722DB0CF-9497-4EA6-AE11-8FFD73EFEB2C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{D5DB6196-28BE-4F62-846A-9D36A0000305}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{7F0B7BA5-7512-41CC-A5F8-D81CBC40D74A}] => (Allow) %systemroot%\system32\alg.exe
    FirewallRules: [{6320F4AD-D49D-432D-8F1C-18E1F58A8B54}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{4FC8B6CF-EFFA-4E05-B237-EF8EA2F18D17}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{60A3AA8F-398E-4F33-A426-CBA3CB32C8CB}C:\program files (x86)\smartapp\smartapp.exe] => (Allow) C:\program files (x86)\smartapp\smartapp.exe
    FirewallRules: [UDP Query User{14EF0710-5155-430E-B769-A75152E8F4CA}C:\program files (x86)\smartapp\smartapp.exe] => (Allow) C:\program files (x86)\smartapp\smartapp.exe
    FirewallRules: [{1667C0E4-AACE-4C86-AFE4-6115075B999A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{513C7487-8756-4F9C-AD66-E195AD25FB39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{6FD41AD0-7D02-4BDC-AAA4-74999B5171A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{E0944258-B37B-4D3D-B685-8DF7877A59AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C581090D-D655-4A61-8FC3-7E2951461E08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [TCP Query User{FA3BBC96-D05A-4B22-B670-7DD39CA3C039}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
    FirewallRules: [UDP Query User{41C54473-73A3-4EE3-91E8-A24A8EC56638}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
     
    ==================== Restore Points =========================
     
    27-06-2017 03:27:17 Scheduled Checkpoint
    27-06-2017 19:29:05 JRT Pre-Junkware Removal
    03-07-2017 12:18:34 Installed SmartApp
    09-07-2017 15:36:35 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (07/09/2017 01:23:28 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 12:19:28 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 11:47:28 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 11:31:28 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 11:23:28 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 11:19:28 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 11:16:18 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 10:04:21 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 05:48:21 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 04:30:55 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.15063.0, time stamp: 0x9ce1da64
    Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb
    Exception code: 0xc0000005
    Fault offset: 0x000000000003bbef
    Faulting process id: 0x2464
    Faulting application start time: 0x01d2f84fdf970b51
    Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: dd474ead-4af6-4d49-966a-7b2705ce67c6
    Faulting package full name: 
    Faulting package-relative application ID:
     
     
    System errors:
    =============
    Error: (07/09/2017 03:50:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
    The service did not respond to the start or control request in a timely fashion.
     
    Error: (07/09/2017 03:50:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
     
    Error: (07/09/2017 03:50:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 03:50:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 03:49:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ClickToRunSvc service failed to start due to the following error: 
    The service did not respond to the start or control request in a timely fashion.
     
    Error: (07/09/2017 03:49:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the ClickToRunSvc service to connect.
     
    Error: (07/09/2017 03:48:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SDWSCService service failed to start due to the following error: 
    A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
     
    Error: (07/09/2017 03:48:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The CldFlt service failed to start due to the following error: 
    The request is not supported.
     
    Error: (07/09/2017 03:26:36 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-PD9G7JHJ)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
     and APPID 
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
     to the user LAPTOP-PD9G7JHJ\MoodyMiss SID (S-1-5-21-3099505937-1185706521-667985844-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 03:22:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
    The service did not respond to the start or control request in a timely fashion.
     
     
    CodeIntegrity:
    ===================================
      Date: 2017-07-09 16:09:58.782
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-07-09 16:09:58.779
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-07-09 16:09:58.742
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-07-09 16:09:58.738
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-07-09 16:08:13.893
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-07-09 16:08:13.889
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-07-09 16:06:21.216
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-07-09 16:06:21.213
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-07-09 15:55:25.291
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-07-09 15:55:25.288
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
    Percentage of memory in use: 45%
    Total physical RAM: 8105.84 MB
    Available physical RAM: 4389.21 MB
    Total Virtual: 17321.84 MB
    Available Virtual: 13103.61 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows) (Fixed) (Total:689.64 GB) (Free:573.08 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.34 GB) NTFS
    Drive e: (UPD1_607677) (CDROM) (Total:7.12 GB) (Free:0 GB) UDF
    Drive f: (Data) (Fixed) (Total:195.31 GB) (Free:80.59 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 037C6746)
     
    Partition: GPT.
     
    ==================== End of Addition.txt ============================

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,799 posts
    • MVP

    Uninstall:

     

    Bonjour (Your version is not for win 10.  You will get a new one if you reinstall  iTunes or other Apple software)

     

    SmartApp

     

    Spybot S & D.  Remove any immunizations before uninstalling.

     

    SuperAntiSpyware

     

    Reboot.

     

    Do a new FRST scan with Addition.txt checked and post both logs.

     

     


    • 0

    #7
    missmoody

    missmoody

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    Here are the FRST Logs

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
    Ran by MoodyMiss (administrator) on LAPTOP-PD9G7JHJ (09-07-2017 19:46:56)
    Running from C:\Users\MoodyMiss\Desktop\Malware Tools
    Loaded Profiles: MoodyMiss (Available Profiles: MoodyMiss & Visitor)
    Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
    () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Andrea Vacondio) C:\Program Files\PDFsam Enhanced 4\creator-ws.exe
    (Andrea Vacondio) C:\Program Files\PDFsam Enhanced\creator-ws.exe
    (ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Lenovo) C:\Program Files\Lenovo\BTlocker\RestartThread.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    (Lenovo) C:\Program Files\Lenovo\BTlocker\BTDemoService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Cisco) C:\Users\MoodyMiss\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
    (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\System32\Locator.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
    (Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Lenovo) C:\Users\MoodyMiss\AppData\Local\Apps\2.0\BRYE9YZO.XP7\G2T636RX.C6P\lsb...tion_2d7b41b05b24775e_0001.0006_589ac911618caaca\LSB.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek semiconductor)
    HKLM\...\Run: [BTLocker] => C:\Program Files\Lenovo\BtLocker\BTLocker.exe [677304 2015-07-15] (Lenovo)
    HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-08-30] ()
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
    HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp.)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [PhotoMasterImportAgent] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe [675608 2016-09-22] (CyberLink Corp.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Discord] => C:\Users\MoodyMiss\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Spotify Web Helper] => C:\Users\MoodyMiss\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-24] (Spotify Ltd)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Spotify] => C:\Users\MoodyMiss\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-24] (Spotify Ltd)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [VideoGuardMonitor] => C:\Users\MoodyMiss\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2449160 2017-02-09] (Cisco)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [GoogleChromeAutoLaunch_58B6F8ECAF76F56F8565A106D625FE62] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)
    Startup: C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-07-09]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2015-08-11] ()
    BootExecute: autocheck autochk * sdnclean64.exe
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{5611333e-72eb-4eba-8a0b-06ccc90c0d2f}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{c2ee8550-2bc8-4c46-b26a-180a3681a1c8}: [DhcpNameServer] 172.20.10.1
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    SearchScopes: HKU\S-1-5-21-3099505937-1185706521-667985844-1001 -> DefaultScope {F7C2DF14-BBE7-41FA-8823-81F664D37420} URL = 
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-07] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-21] (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-21] (Oracle Corporation)
    DPF: HKLM-x32 {EBB176D2-AF75-4706-832F-4C8448F72757} hxxps://www.shopandscan.com/TNSClickrc.CAB
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
     
    FireFox:
    ========
    FF DefaultProfile: ui4axywz.default
    FF DefaultProfile: okk8xxud.default
    FF ProfilePath: C:\Users\MoodyMiss\AppData\Roaming\Mozilla\Firefox\Profiles\ui4axywz.default [2017-07-09]
    FF Homepage: Mozilla\Firefox\Profiles\ui4axywz.default -> www.google.com
    FF NetworkProxy: Mozilla\Firefox\Profiles\ui4axywz.default -> type", 0
    FF Extension: (LastPass: Free Password Manager) - C:\Users\MoodyMiss\AppData\Roaming\Mozilla\Firefox\Profiles\ui4axywz.default\Extensions\[email protected] [2017-06-09]
    FF ProfilePath: C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default [2017-04-19]
    FF Extension: (Czech (CZ) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Deutsch (DE) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (English (US) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Español (España) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Finnish Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Français Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Galego (España) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Hebrew (IL) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Magyar (HU) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Italiano (IT) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Japanese Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Korean (KR) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Nederlands (NL) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Polski Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Russian (RU) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Slovenski jezik Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (српски (sr) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Svenska (SE) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension
    FF Extension: (PDFsam Enhanced Creator) - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension [2016-12-11] [not signed]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-21] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: PDFsam Enhanced -> C:\Program Files (x86)\PDFsam Enhanced\np-previewer.dll [2016-07-06] (Andrea Vacondio)
    FF Plugin-x32: PDFsam Enhanced 4 -> C:\Program Files (x86)\PDFsam Enhanced 4\np-previewer.dll [2017-02-22] (Andrea Vacondio)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2017-07-09] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2017-07-09] <==== ATTENTION
     
    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR DefaultSearchKeyword: Default -> lp
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default [2017-07-09]
    CHR Extension: (Google Slides) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-19]
    CHR Extension: (Google Docs) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-19]
    CHR Extension: (Google Drive) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-20]
    CHR Extension: (YouTube) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-19]
    CHR Extension: (Adblock Plus) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
    CHR Extension: (OneTab) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20]
    CHR Extension: (Tidy Sidebar) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2017-02-16]
    CHR Extension: (Flix Plus by Lifehacker) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2017-05-23]
    CHR Extension: (Radioplayer) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2017-05-25]
    CHR Extension: (Google Sheets) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-19]
    CHR Extension: (Facebook™ Chat Privacy) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2016-11-19]
    CHR Extension: (Google Docs Offline) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]
    CHR Extension: (Pinterest Save Button) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-26]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-07-07]
    CHR Extension: (Social Fixer for Facebook) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-07-07]
    CHR Extension: (Cookies) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2017-07-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
    CHR Extension: (Gmail) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-19]
    CHR Extension: (Chrome Media Router) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-03]
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-05]
    CHR HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
    R2 BTDemoService; C:\Program Files\Lenovo\BtLocker\BTDemoService.exe [145336 2015-07-15] (Lenovo)
    S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-06] (Lenovo)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
    R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (Lenovo)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel Corporation)
    R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
    S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-08-24] (Lenovo)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
    R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
    R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
    S3 PDFsam Enhanced; C:\Program Files\PDFsam Enhanced\ws.exe [2322496 2016-07-06] (Andrea Vacondio)
    S3 PDFsam Enhanced 4; C:\Program Files\PDFsam Enhanced 4\ws.exe [1880416 2017-02-22] (Andrea Vacondio)
    S3 PDFsam Enhanced 4 CrashHandler; C:\Program Files\PDFsam Enhanced 4\crash-handler-ws.exe [931680 2017-02-22] (Andrea Vacondio)
    R2 PDFsam Enhanced 4 Creator; C:\Program Files\PDFsam Enhanced 4\creator-ws.exe [739168 2017-02-22] (Andrea Vacondio)
    S3 PDFsam Enhanced CrashHandler; C:\Program Files\PDFsam Enhanced\crash-handler-ws.exe [921664 2016-07-06] (Andrea Vacondio)
    R2 PDFsam Enhanced Creator; C:\Program Files\PDFsam Enhanced\creator-ws.exe [734272 2016-07-06] (Andrea Vacondio)
    R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
    R2 RestartThread; C:\Program Files\Lenovo\BtLocker\RestartThread.exe [35768 2015-07-15] (Lenovo)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
    R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
    S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
    R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-09] (Malwarebytes)
    R1 MpKsl1407e941; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0523598D-70A3-4A12-9CF6-286C8D35E7CB}\MpKsl1407e941.sys [44928 2017-07-09] (Microsoft Corporation)
    R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek                                            )
    R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
    R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-11] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-06-27] ()
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
    S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-08] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-08] (Zemana Ltd.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-07-09 19:37 - 2017-07-09 19:37 - 00000085 _____ C:\WINDOWS\wininit.ini
    2017-07-09 16:08 - 2017-07-09 19:46 - 00000000 ____D C:\FRST
    2017-07-09 15:40 - 2017-07-09 16:00 - 00000754 _____ C:\Users\MoodyMiss\Desktop\JRT.txt
    2017-07-09 15:19 - 2017-07-09 15:19 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\252C3DF2.sys
    2017-07-08 21:53 - 2017-07-08 21:52 - 01474450 _____ C:\Users\MoodyMiss\Desktop\Steps Recorder.zip
    2017-07-08 21:27 - 2017-07-09 01:13 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2017-07-08 17:39 - 2017-07-09 19:47 - 00077268 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-07-08 17:39 - 2017-07-09 19:47 - 00039945 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-07-08 17:39 - 2017-07-08 17:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2017-07-08 17:39 - 2017-07-08 17:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
    2017-07-08 17:39 - 2017-07-08 17:39 - 00001224 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Zemana
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2017-07-08 11:54 - 2017-07-08 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-07-07 02:21 - 2017-07-07 02:21 - 00022526 _____ C:\Users\MoodyMiss\Downloads\Epping Forest District Council - 07-07-17.html
    2017-07-07 02:21 - 2017-07-07 02:21 - 00000000 ____D C:\Users\MoodyMiss\Downloads\Epping Forest District Council - 07-07-17_files
    2017-07-06 22:33 - 2017-07-06 22:33 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Unity
    2017-07-06 22:31 - 2017-07-06 22:31 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Panoramik
    2017-07-06 18:38 - 2017-07-06 18:38 - 00000000 ____D C:\Users\MoodyMiss\Downloads\Steam - Bookworm
    2017-07-06 17:43 - 2017-07-06 17:43 - 00000000 ___DL C:\Users\MoodyMiss\AppData\LocalLow\PlayReady
    2017-07-06 15:31 - 2017-07-06 15:32 - 19578880 _____ C:\Users\MoodyMiss\Downloads\Turbo Lister - Import to funny-peculiar.tdb
    2017-07-04 21:18 - 2017-07-04 21:18 - 00003352 _____ C:\WINDOWS\System32\Tasks\Restart Snagit
    2017-07-03 12:15 - 2017-07-03 12:16 - 04669440 _____ C:\Users\MoodyMiss\Downloads\SmartApp (1).msi
    2017-06-29 13:50 - 2017-06-29 13:50 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
    2017-06-29 13:50 - 2017-06-29 13:50 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
    2017-06-28 13:09 - 2017-06-28 13:09 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2017-06-28 10:50 - 2017-07-09 19:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-06-28 10:50 - 2017-07-09 19:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-06-27 17:03 - 2017-06-27 17:03 - 00000000 ____D C:\ProgramData\XDMessagingv4
    2017-06-24 21:14 - 2017-06-24 21:14 - 01450743 _____ C:\Users\MoodyMiss\Downloads\(3) Parts for trampolines - Home - 23-07-17.html
    2017-06-24 21:14 - 2017-06-24 21:14 - 00000000 ____D C:\Users\MoodyMiss\Downloads\(3) Parts for trampolines - Home - 23-07-17_files
    2017-06-24 00:10 - 2017-06-24 00:10 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\NetworkTiles
    2017-06-21 14:56 - 2017-06-21 14:56 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-06-21 14:56 - 2017-06-21 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-06-21 14:54 - 2017-06-21 14:56 - 00000000 ____D C:\Program Files\iTunes
    2017-06-21 14:54 - 2017-06-21 14:54 - 00000000 ____D C:\Program Files\iPod
    2017-06-21 14:41 - 2017-06-21 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2017-06-21 14:39 - 2017-06-21 14:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2017-06-21 14:39 - 2017-06-21 14:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2017-06-19 11:47 - 2017-06-19 11:47 - 00911360 _____ C:\Users\MoodyMiss\Downloads\2014-4_foi022214.xls
    2017-06-18 11:17 - 2017-06-18 11:17 - 00000000 ____D C:\ProgramData\Sophos
    2017-06-18 11:15 - 2017-06-18 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2017-06-18 11:13 - 2017-06-18 11:13 - 00000000 ____D C:\Program Files (x86)\Sophos
    2017-06-18 10:07 - 2017-06-18 10:27 - 00000000 ____D C:\ProgramData\HitmanPro
    2017-06-18 01:34 - 2017-07-09 15:19 - 00000000 ____D C:\AdwCleaner
    2017-06-18 01:19 - 2017-06-18 01:19 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
    2017-06-18 00:13 - 2017-06-27 19:28 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-06-18 00:13 - 2017-06-18 15:29 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-06-18 00:12 - 2017-06-18 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-06-18 00:12 - 2017-06-18 00:12 - 00000000 ____D C:\Program Files\RogueKiller
    2017-06-18 00:09 - 2017-06-18 00:12 - 00293058 _____ C:\TDSSKiller.3.1.0.15_18.06.2017_00.09.39_log.txt
    2017-06-18 00:05 - 2017-06-18 00:05 - 00000562 _____ C:\TDSSKiller.3.1.0.15_18.06.2017_00.05.30_log.txt
    2017-06-17 23:58 - 2017-07-09 16:16 - 00000000 ____D C:\Users\MoodyMiss\Desktop\Malware Tools
    2017-06-17 22:24 - 2017-07-08 11:41 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-06-17 22:23 - 2017-07-09 19:40 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-06-17 22:23 - 2017-07-09 09:30 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-06-17 22:23 - 2017-07-07 20:52 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-06-17 22:23 - 2017-07-07 20:43 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-06-17 22:23 - 2017-07-07 20:43 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-06-17 22:23 - 2017-06-17 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-06-17 22:22 - 2017-06-17 22:22 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-06-17 17:39 - 2017-06-19 16:30 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\NOW TV Player
    2017-06-17 11:23 - 2017-06-17 11:23 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Cisco
    2017-06-17 11:23 - 2017-06-17 11:23 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Cisco
    2017-06-17 11:21 - 2017-06-17 11:21 - 00001205 _____ C:\Users\MoodyMiss\Desktop\NOW TV Player.lnk
    2017-06-17 11:21 - 2017-06-17 11:21 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NOW TV
    2017-06-17 11:20 - 2017-06-17 11:20 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\NOW TV
    2017-06-17 11:15 - 2017-06-17 11:19 - 73149360 _____ (NOW TV ) C:\Users\MoodyMiss\Downloads\NOWTVPlayerInstaller-Full-Windows.exe
    2017-06-14 17:20 - 2017-06-03 10:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2017-06-14 17:20 - 2017-06-03 10:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-06-14 17:20 - 2017-06-03 10:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2017-06-14 17:20 - 2017-06-03 10:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-06-14 17:20 - 2017-06-03 10:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-06-14 17:20 - 2017-06-03 09:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2017-06-14 17:20 - 2017-06-03 09:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2017-06-14 17:20 - 2017-06-03 09:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2017-06-14 17:20 - 2017-06-03 09:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-06-14 17:20 - 2017-05-20 10:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2017-06-14 17:20 - 2017-05-20 09:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2017-06-14 17:20 - 2017-05-20 09:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2017-06-14 17:20 - 2017-05-20 09:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2017-06-14 17:20 - 2017-05-20 09:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2017-06-14 17:20 - 2017-05-20 09:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2017-06-14 17:20 - 2017-05-20 09:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-06-14 17:20 - 2017-05-20 09:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
    2017-06-14 17:20 - 2017-05-20 09:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
    2017-06-14 17:20 - 2017-05-20 09:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
    2017-06-14 17:20 - 2017-05-20 09:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-06-14 17:20 - 2017-05-20 09:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
    2017-06-14 17:20 - 2017-05-20 09:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2017-06-14 17:20 - 2017-05-20 09:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-06-14 17:20 - 2017-05-20 09:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 04544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
    2017-06-14 17:20 - 2017-05-20 09:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-06-14 17:20 - 2017-05-20 09:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2017-06-14 17:20 - 2017-05-20 09:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2017-06-14 17:20 - 2017-05-20 09:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2017-06-14 17:20 - 2017-05-20 09:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2017-06-14 17:20 - 2017-05-20 09:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2017-06-14 17:20 - 2017-05-20 09:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
    2017-06-14 17:19 - 2017-06-03 10:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-06-14 17:19 - 2017-06-03 10:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-06-14 17:19 - 2017-06-03 10:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2017-06-14 17:19 - 2017-06-03 10:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-06-14 17:19 - 2017-06-03 10:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
    2017-06-14 17:19 - 2017-06-03 10:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-06-14 17:19 - 2017-06-03 10:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2017-06-14 17:19 - 2017-06-03 10:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
    2017-06-14 17:19 - 2017-06-03 10:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-06-14 17:19 - 2017-06-03 09:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-06-14 17:19 - 2017-06-03 09:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-06-14 17:19 - 2017-06-03 09:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-06-14 17:19 - 2017-06-03 09:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2017-06-14 17:19 - 2017-06-03 09:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-06-14 17:19 - 2017-06-03 09:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-06-14 17:19 - 2017-06-03 09:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-06-14 17:19 - 2017-06-03 09:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-06-14 17:19 - 2017-06-03 09:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2017-06-14 17:19 - 2017-06-03 09:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-06-14 17:19 - 2017-05-20 09:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2017-06-14 17:19 - 2017-05-20 09:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2017-06-14 17:19 - 2017-05-20 09:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-06-14 17:19 - 2017-05-20 09:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-06-14 17:19 - 2017-05-20 09:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
    2017-06-14 17:19 - 2017-05-20 09:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-06-14 17:19 - 2017-05-20 09:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-06-14 17:19 - 2017-05-20 09:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
    2017-06-14 17:19 - 2017-05-20 09:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
    2017-06-14 17:19 - 2017-05-20 09:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
    2017-06-14 17:19 - 2017-05-20 09:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
    2017-06-14 17:19 - 2017-05-20 09:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2017-06-14 17:19 - 2017-05-20 09:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-06-14 17:19 - 2017-05-20 09:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2017-06-14 17:19 - 2017-05-20 09:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2017-06-14 17:19 - 2017-05-20 09:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2017-06-14 17:19 - 2017-05-20 09:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
    2017-06-14 17:19 - 2017-05-20 09:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
    2017-06-14 17:09 - 2017-06-03 10:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-06-14 17:09 - 2017-06-03 10:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-06-14 17:09 - 2017-06-03 10:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-06-14 17:09 - 2017-06-03 10:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-06-14 17:09 - 2017-06-03 10:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-06-14 17:09 - 2017-06-03 10:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2017-06-14 17:09 - 2017-06-03 10:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2017-06-14 17:09 - 2017-06-03 09:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2017-06-14 17:09 - 2017-06-03 09:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-06-14 17:09 - 2017-06-03 09:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2017-06-14 17:09 - 2017-05-20 07:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
    2017-06-14 17:09 - 2017-05-20 07:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2017-06-14 17:09 - 2017-05-20 07:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
    2017-06-14 17:09 - 2017-05-20 07:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
    2017-06-14 17:09 - 2017-05-20 07:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
    2017-06-14 17:09 - 2017-05-20 07:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
    2017-06-14 17:09 - 2017-05-20 07:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
    2017-06-14 17:09 - 2017-05-20 07:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-06-14 17:09 - 2017-05-20 06:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-06-14 17:09 - 2017-05-20 06:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2017-06-14 17:09 - 2017-05-20 06:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
    2017-06-14 17:09 - 2017-05-20 06:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
    2017-06-14 17:08 - 2017-06-03 11:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2017-06-14 17:08 - 2017-06-03 11:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-06-14 17:08 - 2017-06-03 11:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2017-06-14 17:08 - 2017-06-03 11:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2017-06-14 17:08 - 2017-06-03 11:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-06-14 17:08 - 2017-06-03 11:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2017-06-14 17:08 - 2017-06-03 10:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2017-06-14 17:08 - 2017-06-03 10:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-06-14 17:08 - 2017-06-03 10:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2017-06-14 17:08 - 2017-06-03 10:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2017-06-14 17:08 - 2017-06-03 10:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-06-14 17:08 - 2017-06-03 10:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-06-14 17:08 - 2017-06-03 10:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
    2017-06-14 17:08 - 2017-06-03 10:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
    2017-06-14 17:08 - 2017-06-03 10:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2017-06-14 17:08 - 2017-06-03 10:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2017-06-14 17:08 - 2017-06-03 10:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2017-06-14 17:08 - 2017-06-03 10:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2017-06-14 17:08 - 2017-06-03 10:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
    2017-06-14 17:08 - 2017-06-03 10:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-14 17:08 - 2017-06-03 10:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
    2017-06-14 17:08 - 2017-06-03 10:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2017-06-14 17:08 - 2017-06-03 10:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2017-06-14 17:08 - 2017-06-03 10:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-06-14 17:08 - 2017-06-03 10:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-06-14 17:08 - 2017-06-03 10:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-06-14 17:08 - 2017-06-03 10:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2017-06-14 17:08 - 2017-06-03 09:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-06-14 17:08 - 2017-06-03 09:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2017-06-14 17:08 - 2017-05-20 08:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2017-06-14 17:08 - 2017-05-20 08:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2017-06-14 17:08 - 2017-05-20 07:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2017-06-14 17:08 - 2017-05-20 07:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2017-06-14 17:08 - 2017-05-20 07:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2017-06-14 17:08 - 2017-05-20 07:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-06-14 17:08 - 2017-05-20 07:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-06-14 17:08 - 2017-05-20 07:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-06-14 17:08 - 2017-05-20 07:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
    2017-06-14 17:08 - 2017-05-20 07:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-06-14 17:08 - 2017-05-20 07:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
    2017-06-14 17:08 - 2017-05-20 07:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
    2017-06-14 17:08 - 2017-05-20 07:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
    2017-06-14 17:08 - 2017-05-20 07:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
    2017-06-14 17:08 - 2017-05-20 07:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
    2017-06-14 17:08 - 2017-05-20 07:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
    2017-06-14 17:08 - 2017-05-20 07:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2017-06-14 17:08 - 2017-05-20 06:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-06-14 17:08 - 2017-05-20 06:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
    2017-06-14 17:08 - 2017-05-20 06:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2017-06-14 17:08 - 2017-05-20 06:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2017-06-14 17:08 - 2017-05-20 06:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2017-06-14 17:08 - 2017-05-20 06:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
    2017-06-14 17:08 - 2017-05-20 06:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2017-06-14 17:08 - 2017-05-20 06:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
    2017-06-14 17:08 - 2017-05-20 06:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
    2017-06-14 17:06 - 2017-06-03 11:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-06-14 17:06 - 2017-06-03 11:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-06-14 17:06 - 2017-06-03 11:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2017-06-14 17:06 - 2017-06-03 10:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2017-06-14 17:06 - 2017-06-03 10:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2017-06-14 17:06 - 2017-06-03 10:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-06-14 17:06 - 2017-06-03 09:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2017-06-14 17:05 - 2017-05-20 07:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2017-06-14 17:04 - 2017-05-20 07:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2017-06-14 17:03 - 2017-06-03 11:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-06-14 17:03 - 2017-06-03 11:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-06-14 17:03 - 2017-06-03 11:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2017-06-14 17:03 - 2017-06-03 11:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-06-14 17:03 - 2017-06-03 11:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
    2017-06-14 17:03 - 2017-06-03 10:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-06-14 17:03 - 2017-06-03 10:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2017-06-14 17:03 - 2017-06-03 10:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
    2017-06-14 17:03 - 2017-06-03 10:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-06-14 17:03 - 2017-06-03 10:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-06-14 17:03 - 2017-06-03 09:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-06-14 17:03 - 2017-06-03 09:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2017-06-14 17:03 - 2017-06-03 09:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2017-06-14 17:03 - 2017-06-03 09:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
    2017-06-14 17:03 - 2017-05-20 08:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-06-14 17:03 - 2017-05-20 07:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
    2017-06-14 17:03 - 2017-05-20 07:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
    2017-06-14 17:03 - 2017-05-20 07:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-06-14 17:03 - 2017-05-20 07:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2017-06-14 17:03 - 2017-05-20 07:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2017-06-14 17:03 - 2017-05-20 07:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
    2017-06-14 17:03 - 2017-05-20 07:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-06-14 17:03 - 2017-05-20 07:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-06-14 17:03 - 2017-05-20 07:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2017-06-14 17:03 - 2017-05-20 07:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2017-06-14 17:03 - 2017-05-20 07:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
    2017-06-14 17:03 - 2017-05-20 07:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
    2017-06-14 17:03 - 2017-05-20 07:00 - 05776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
    2017-06-14 17:03 - 2017-05-20 07:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2017-06-14 17:03 - 2017-05-20 07:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2017-06-14 17:03 - 2017-05-20 06:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2017-06-14 17:03 - 2017-05-20 06:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2017-06-14 17:03 - 2017-05-20 06:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-06-14 17:03 - 2017-05-20 06:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2017-06-14 17:03 - 2017-05-20 06:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-06-14 17:03 - 2017-05-20 06:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2017-06-14 17:03 - 2017-05-20 06:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2017-06-14 17:03 - 2017-05-20 06:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-06-14 17:03 - 2017-05-20 06:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-06-14 17:03 - 2017-05-20 06:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
    2017-06-14 17:02 - 2017-06-03 11:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-06-14 16:58 - 2017-06-03 11:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2017-06-14 16:58 - 2017-05-20 08:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-06-14 16:58 - 2017-05-20 07:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-06-14 16:58 - 2017-05-20 07:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2017-06-14 16:58 - 2017-05-20 07:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2017-06-14 16:57 - 2017-06-03 10:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-06-13 12:33 - 2017-06-13 12:33 - 01156922 _____ C:\Users\MoodyMiss\Downloads\Epping Forest S13A 201718 v1.4.pdf
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-07-09 19:46 - 2016-11-25 07:09 - 00137581 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
    2017-07-09 19:41 - 2017-05-15 22:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-07-09 19:41 - 2016-11-20 12:24 - 00000000 __SHD C:\Users\MoodyMiss\IntelGraphicsProfiles
    2017-07-09 19:39 - 2017-05-15 23:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-07-09 19:39 - 2017-03-18 12:40 - 01835008 _____ C:\WINDOWS\system32\config\BBI
    2017-07-09 19:34 - 2016-11-26 13:18 - 00000000 ____D C:\Program Files (x86)\SmartApp
    2017-07-09 19:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
    2017-07-09 18:17 - 2016-11-19 21:57 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2017-07-09 18:08 - 2017-05-15 22:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-07-09 16:11 - 2016-08-30 20:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-07-09 15:47 - 2017-05-15 22:39 - 00000000 ____D C:\Users\MoodyMiss
    2017-07-09 15:45 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-07-09 15:31 - 2016-11-19 20:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-07-09 14:57 - 2017-01-02 04:05 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Skype
    2017-07-09 06:40 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-07-09 04:34 - 2016-11-20 12:24 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Packages
    2017-07-09 04:31 - 2016-12-22 21:36 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\CrashDumps
    2017-07-09 01:09 - 2017-03-11 13:00 - 00000000 ____D C:\Program Files (x86)\Steam
    2017-07-09 00:54 - 2016-11-19 21:58 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\TeamViewer
    2017-07-08 21:37 - 2016-11-30 00:21 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\ElevatedDiagnostics
    2017-07-08 11:54 - 2016-12-01 01:36 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-07-07 21:09 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-07-07 20:42 - 2016-11-19 20:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-07-07 20:33 - 2016-12-18 17:11 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Spotify
    2017-07-07 18:24 - 2016-12-18 17:08 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Spotify
    2017-07-06 17:11 - 2016-11-19 20:54 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Mozilla
    2017-07-04 20:51 - 2016-12-12 02:02 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\discord
    2017-07-04 16:33 - 2017-03-22 00:26 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\PokerStars.UK
    2017-07-03 15:24 - 2017-03-22 00:23 - 00000000 ____D C:\Program Files (x86)\PokerStars.UK
    2017-07-02 20:59 - 2016-12-22 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    2017-06-29 17:36 - 2016-12-05 23:19 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Apple Computer
    2017-06-27 19:34 - 2016-12-05 00:49 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-06-27 19:34 - 2016-12-05 00:49 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-06-23 20:02 - 2016-11-24 14:25 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\vlc
    2017-06-23 19:11 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-06-23 17:17 - 2017-05-14 22:18 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\dvdcss
    2017-06-23 12:42 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
    2017-06-23 09:28 - 2016-06-11 11:58 - 00010720 _____ C:\Users\MoodyMiss\Downloads\Food Diary.xlsx
    2017-06-23 09:23 - 2016-12-05 23:19 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Apple Computer
    2017-06-23 01:51 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-06-22 10:06 - 2017-05-15 23:14 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-06-22 10:06 - 2016-11-20 12:27 - 00002413 _____ C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-06-22 10:06 - 2016-11-20 12:27 - 00000000 ___RD C:\Users\MoodyMiss\OneDrive
    2017-06-21 14:53 - 2016-12-05 23:14 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-06-21 14:39 - 2016-12-05 23:16 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2017-06-18 15:15 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2017-06-18 09:57 - 2017-05-15 22:38 - 01119902 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-06-18 04:24 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
    2017-06-18 01:46 - 2017-03-04 01:01 - 00000000 ___RD C:\Program Files (x86)\Skype
    2017-06-18 01:46 - 2016-11-19 21:22 - 00000000 ____D C:\ProgramData\Skype
    2017-06-17 23:42 - 2015-11-03 20:24 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-06-17 23:38 - 2017-05-15 22:33 - 00381096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-06-17 23:37 - 2016-12-24 20:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-06-17 23:37 - 2016-12-24 20:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\system32\F12
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___RD C:\Program Files\Windows Defender
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-06-14 18:03 - 2016-11-19 21:24 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-06-14 17:42 - 2016-11-19 21:24 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-06-14 17:36 - 2016-12-24 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-06-10 00:23 - 2016-12-04 23:42 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Windows Live
    2017-06-09 23:28 - 2016-11-27 20:45 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\LastPass
     
    ==================== Files in the root of some directories =======
     
    2016-12-10 05:34 - 2016-12-10 05:34 - 0000017 _____ () C:\Users\MoodyMiss\AppData\Local\resmon.resmoncfg
    2017-05-15 22:36 - 2017-05-15 22:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
     
    Some files in TEMP:
    ====================
    2017-06-18 00:13 - 2017-03-18 21:57 - 1930320 _____ (Microsoft Corporation) C:\Users\MoodyMiss\AppData\Local\Temp\dllnt_dump.dll
    2017-05-15 23:40 - 2017-06-18 01:42 - 58684896 _____ (Skype Technologies S.A.) C:\Users\MoodyMiss\AppData\Local\Temp\SkypeSetup.exe
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-06-25 05:29
     
    ==================== End of FRST.txt ============================
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
    Ran by MoodyMiss (09-07-2017 19:49:30)
    Running from C:\Users\MoodyMiss\Desktop\Malware Tools
    Windows 10 Home Version 1703 (X64) (2017-05-15 22:25:08)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-3099505937-1185706521-667985844-500 - Administrator - Disabled)
    MoodyMiss (S-1-5-21-3099505937-1185706521-667985844-1001 - Administrator - Enabled) => C:\Users\MoodyMiss
    DefaultAccount (S-1-5-21-3099505937-1185706521-667985844-503 - Limited - Disabled)
    Guest (S-1-5-21-3099505937-1185706521-667985844-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3099505937-1185706521-667985844-1003 - Limited - Enabled)
    Visitor (S-1-5-21-3099505937-1185706521-667985844-1004 - Limited - Enabled) => C:\Users\Visitor
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
    Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
    Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
    Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
    Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
    AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
    Big Bang Empire (HKLM\...\Steam App 510660) (Version:  - Playata GmbH)
    Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    BookWorm Deluxe (HKLM\...\Steam App 3370) (Version:  - PopCap Games, Inc.)
    BT Locker (HKLM\...\{ABD07801-AB2B-4C40-A5B0-9D459A328092}_is1) (Version: 1.1.01.42 - Lenovo)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
    Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.01 - Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
    Cisco VideoGuard Player (HKLM-x32\...\{73d6b22b-650b-46d9-93ff-3045da5df3cd}) (Version: 7.3.0.62003 - Cisco Systems, Inc)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    Discord (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
    Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
    Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
    Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
    Everlasting Summer (HKLM\...\Steam App 331470) (Version:  - Soviet Games)
    Fallout Shelter (HKLM\...\Steam App 588430) (Version:  - Bethesda Game Studios)
    Family Tree Maker 2014 (HKLM\...\{6948B4FD-92E3-4069-B9E2-9216E1347DA3}) (Version: 22.0.1474 - Software MacKiev)
    Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version:  - Panoramik Inc)
    Frontpage Express version 2002 (HKLM-x32\...\{980FDD7A-F25D-4B22-BD85-195D411A4251}_is1) (Version: 2002 - Microsoft)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
    Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
    IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
    IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
    Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
    Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
    Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation)
    iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
    JackpotLiner (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\JackpotLiner) (Version:  - )
    Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
    K-Lite Codec Pack 12.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.7.5 - KLCP)
    Lenovo Business Vantage (HKLM-x32\...\{BAAE4B9C-8D26-44AF-BCE8-181C8F4A8D5B}_is1) (Version: 3.0.2.3 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
    Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
    Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.5.5720.01 - CyberLink Corp.)
    Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden
    Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
    Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
    Lenovo Service Bridge (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)
    Lenovo Solution Center (HKLM\...\{558E50EE-5E2D-479A-A455-8A826191583B}) (Version: 3.3.004.00 - Lenovo)
    Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
    LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
    LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
    Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
    Manager (HKLM-x32\...\{3802F563-BAD7-47F3-AF91-ED1C9467B224}) (Version: 3.0.7.25771 - ANDREA VACONDIO) Hidden
    Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
    Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
    Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
    Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
    Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 54.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-GB)) (Version: 54.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
    MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
    Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
    NOW TV Player 2.0.1.0 (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\com.bskyb.nowtvplayer_is1) (Version: 2.0.1.0 - NOW TV)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
    PDFsam Basic (HKLM-x32\...\{910EA44E-8446-405D-BFE1-82F562F847D0}) (Version: 3.30.0.0 - Andrea Vacondio)
    PDFsam Enhanced (HKLM-x32\...\PDFsam Enhanced) (Version: 3.0.31.29080 - Copyright 2016 Andrea Vacondio)
    PDFsam Enhanced 4 (HKLM-x32\...\PDFsam Enhanced 4) (Version: 4.0.3.32301 - Copyright 2017 Andrea Vacondio)
    PDFsam Enhanced 4 Asian Fonts Pack (HKLM\...\{B196CA8F-9E0B-4313-B869-D70ABBF39D65}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Convert Module (HKLM\...\{2703396F-9F8D-4B33-9505-EC9790843796}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Create Module (HKLM\...\{B1F90D78-911F-478A-807E-C11F549F54F0}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Edit Module (HKLM\...\{5738E844-1029-4CEF-A31C-E1825431EC5B}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Forms Module (HKLM\...\{C54F9BD4-9C60-4B72-A8D2-30B4D003F348}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Insert Module (HKLM\...\{EFE05902-4CD7-448E-9504-45FD34983C48}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 OCR Module (HKLM\...\{AE52B43E-540F-4144-895D-D84477ADBAD8}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Review Module (HKLM\...\{8CE14103-AA20-4F03-A119-5DA176ECFC1C}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Secure Module (HKLM\...\{F9B225E5-3A68-4DAB-95E0-13B32DE69277}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 View Module (HKLM\...\{DF4F9D60-BF67-4BA3-8847-899F6A3C157E}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced Asian Fonts Pack (HKLM\...\{817881FA-BD07-4A50-8F77-DA9AA6009093}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Convert Module (HKLM\...\{C3946663-4609-4158-A3AD-B9BFB16496F1}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Create Module (HKLM\...\{F790A93F-B881-4316-BDB4-D02783850695}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Edit Module (HKLM\...\{C584AD88-AFC9-4030-B391-49C0D04F6F1A}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Forms Module (HKLM\...\{3CAC256B-9C84-44F4-AC26-50B07FEA56B6}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Insert Module (HKLM\...\{A06D8CE0-76AA-4968-AC8B-221BE5128646}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced OCR Module (HKLM\...\{B83B283F-87BB-4C61-8F50-E45EDD0C7C8C}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Review Module (HKLM\...\{35AF9861-0E3C-4C81-AFCC-73461EBC00B7}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Secure Module (HKLM\...\{3B633A35-AE66-4AC3-B4A1-D2ED2594D368}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced View Module (HKLM\...\{972049F9-650B-4430-82ED-6080470D27BA}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
    PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
    Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
    RogueKiller version 12.11.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.1.0 - Adlice Software)
    Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
    Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    Secure [email protected] (HKLM-x32\...\{1F307FB4-E514-4695-8054-FFD32478302B}) (Version: 3.34.2839.0 - Valassis)
    SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.1 - Lenovo)
    Shopandscan (HKLM-x32\...\{0AE44DE7-5B32-4151-8272-0FA6DAF800E8}) (Version: 1.0.0 - Kantar WorldPanel)
    Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
    Snagit 13 (HKLM-x32\...\{2D2045B7-AF91-409C-87F6-99E263CDC13F}) (Version: 13.0.3 - TechSmith Corporation) Hidden
    Snagit 13 (HKLM-x32\...\{5acd453a-fa98-417a-b893-31468cbdd0e5}) (Version: 13.0.3.7115 - TechSmith Corporation)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
    Spotify (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
    Tap Adventure: Time Travel (HKLM\...\Steam App 596650) (Version:  - Avallon Alliance)
    Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
    Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    Tixati (HKLM-x32\...\tixati) (Version:  - )
    Transformice (HKLM\...\Steam App 335240) (Version:  - Atelier 801)
    Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
    TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
    Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
    User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
    Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
    vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
    WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
    Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
    Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports  (06/02/2008 2.0.5.5) (HKLM\...\245A139F08D3D69654D8822673D0B5EBFB63EF38) (Version: 06/02/2008 2.0.5.5 - OPTO ELECTRONICS CO.,LTD)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
    xplorer² lite 32 bit (HKLM-x32\...\xplorer2l) (Version: 3.2.0.2 - Zabkat)
    Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-3099505937-1185706521-667985844-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()
    ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers01: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll -> No File
    ContextMenuHandlers01: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (Cyberlink)
    ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
    ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2014-05-19] (Nitro PDF)
    ContextMenuHandlers01: [PDFsamEnhanced4_ManagerExt] -> {6641FF9D-C10F-4B6A-B25E-9978121F33FF} => C:\Program Files\PDFsam Enhanced 4\creator-context-menu.dll [2017-02-22] (Andrea Vacondio)
    ContextMenuHandlers01: [PDFsamEnhanced_ManagerExt] -> {9ADBE344-48D8-4317-8CD7-13DA9095B33B} => C:\Program Files\PDFsam Enhanced\creator-context-menu.dll [2016-07-06] (Andrea Vacondio)
    ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
    ContextMenuHandlers01: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)
    ContextMenuHandlers01: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation)
    ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
    ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
    ContextMenuHandlers02: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (Cyberlink)
    ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
    ContextMenuHandlers04: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)
    ContextMenuHandlers04: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation)
    ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Intel Corporation)
    ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()
    ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers06: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll -> No File
    ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
    ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {15653CA7-22F1-486E-B19D-2429F8D425E6} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-09-11] (CyberLink Corp.)
    Task: {1880A59D-AC0D-4A22-8C23-2BE29805C180} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
    Task: {1E93F5D1-514B-417B-A64E-C50059B40681} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo)
    Task: {1F9E9E02-1E7A-4AB8-839B-3F51CECC758F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-07] (Microsoft Corporation)
    Task: {2D11EAEE-AAC8-4E81-8C65-EBE89E7B1F9C} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-08-24] (Lenovo)
    Task: {2E9F9B7F-B88F-43B5-A244-B87FB358A78B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
    Task: {37BFBFFD-3764-4710-A959-86DB6A7C95CF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3593faad-79e1-431b-8365-4e72ef92b484 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
    Task: {38A561DA-58C0-4752-BEA4-0EE9A6CE04E0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6040606f-1845-467a-a2a3-3d6bdf8fe93e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
    Task: {3E563827-996E-41FC-B2CE-6F6C0D5C919C} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
    Task: {424AF48A-9555-40F6-ADD4-2012D6025198} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
    Task: {485EA9F5-9BAD-4849-81B1-B7DAB7A6B8CA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3099505937-1185706521-667985844-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
    Task: {4A502CD5-5C96-47E9-991E-DA348B1536DD} - System32\Tasks\Restart Snagit => C:\Program Files (x86)\TechSmith\Snagit 13\snagit32.exe [2016-11-03] (TechSmith Corporation)
    Task: {50BE0FB9-2FD1-4189-8930-88900DE49AA8} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-09-06] (TechSmith Corporation)
    Task: {586EC27B-7F39-4980-A250-BA1E6C62E9E5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-07] (Lenovo)
    Task: {59554F6C-0943-4DAB-9F41-1D93AF75B008} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
    Task: {609C19DD-4239-4D4A-A5B3-3644B8ABB1B9} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
    Task: {651B6C4A-111C-43F8-862C-EFA22A6FC080} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f8de029d-c6f0-40cb-ad1b-615dcbf1af44 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
    Task: {75B63EB5-E544-4DD2-A1AD-CAE4B83EA5CD} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-08-24] ()
    Task: {857C58BB-48E8-4F94-893E-F0E67D61F4FF} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-12-20] ()
    Task: {9B2BBBE0-7848-4C2F-89AB-97E22D0C73D0} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-09-22] (CyberLink Corp.)
    Task: {9D094F3A-31DC-44AB-940E-FC3C830F8976} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
    Task: {B19C3485-BE5C-4A18-A709-759CE120168D} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
    Task: {B5B8C3F4-3A61-4B2B-A3BE-1B3C44091BD8} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-09-25] ()
    Task: {CAFCE55B-DD8B-4A3F-B63A-CAC356AEEDB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-19] (Google Inc.)
    Task: {CBAB3062-C700-45D9-84FE-9ED60BB5A2F0} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-09-25] ()
    Task: {D2061CB0-93A8-41A3-B44B-A8C0B724B395} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-19] (Google Inc.)
    Task: {E3B8A737-253C-4AE4-8F08-8C402503E6C4} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
    Task: {EE5E9AF1-F9E7-42C2-A78F-68A3F99BC4C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
     
    ==================== Shortcuts & WMI ========================
     
    (The entries could be listed to be restored or removed.)
     
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-05-19 13:27 - 2014-05-19 13:27 - 00417800 _____ () c:\program files\nitro\pro 9\nitro_updateservice.exe
    2017-03-18 21:58 - 2017-03-18 21:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2016-08-30 20:23 - 2017-07-07 07:08 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2017-03-18 21:59 - 2017-03-19 03:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-05-03 04:39 - 2017-04-23 22:28 - 00401912 _____ () C:\WINDOWS\system32\igfxTray.exe
    2016-08-30 21:56 - 2015-02-09 04:18 - 00124440 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    2016-08-30 20:31 - 2016-08-30 20:31 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    2016-08-30 20:31 - 2016-08-30 20:31 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
    2017-06-27 19:34 - 2017-06-23 04:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
    2017-06-27 19:34 - 2017-06-23 04:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
    2016-08-30 20:36 - 2014-07-04 05:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
    2014-07-04 20:35 - 2014-07-04 20:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
    2017-07-09 19:42 - 2017-07-09 19:42 - 00098816 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32api.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00110080 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\pywintypes27.dll
    2017-07-09 19:42 - 2017-07-09 19:42 - 00364544 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\pythoncom27.dll
    2017-07-09 19:42 - 2017-07-09 19:42 - 00320512 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32com.shell.shell.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00914432 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\_hashlib.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 01176576 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\wx._core_.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00806400 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\wx._gdi_.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00816128 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\wx._windows_.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 01067008 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\wx._controls_.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00733184 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\wx._misc_.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00682496 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\pysqlite2._sqlite.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00088064 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\_ctypes.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00686080 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\unicodedata.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00119808 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32file.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00108544 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32security.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00007168 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\hashobjs_ext.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00017920 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\thumbnails_ext.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00088064 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\usb_ext.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00012800 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\common.time34.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00018432 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32event.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00167936 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32gui.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00046080 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\_socket.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 01303552 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\_ssl.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00128512 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\_elementtree.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00127488 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\pyexpat.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00038912 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32inet.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00036864 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\_psutil_windows.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00524248 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\windows._lib_cacheinvalidation.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00011264 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32crypt.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00123392 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\wx._wizard.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00077312 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\wx._html2.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00027648 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\_multiprocessing.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00020480 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\_yappi.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00035840 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32process.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00078848 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\wx._animate.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00024064 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32pipe.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00010240 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\select.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00025600 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32pdh.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00017408 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32profile.pyd
    2017-07-09 19:42 - 2017-07-09 19:42 - 00022528 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI98122\win32ts.pyd
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
    AlternateDataStreams: C:\Windows:nlsPreferences [386]
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Control Panel\Desktop\\Wallpaper -> 
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    HKLM\...\StartupApproved\Run: => "BTLocker"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKLM\...\StartupApproved\Run32: => "SDTray"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Discord"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "PhotoMasterImportAgent"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [UDP Query User{C523F6ED-096B-475A-A96F-4A6569C7524B}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{18B79870-47AA-448F-B1EA-A53DD52769D5}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{FC378638-F3F2-43A5-8619-7A4CBF9CF7E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
    FirewallRules: [{157B1891-94BE-4233-932D-D6919EE3FC0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
    FirewallRules: [{9BD41384-7161-4D4D-A9A4-7F105B444AD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Bang Empire\Big Bang Empire.exe
    FirewallRules: [{BD93136A-6C6E-46DA-B270-B41570402D69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Bang Empire\Big Bang Empire.exe
    FirewallRules: [{4637A8C0-7CB4-4CB9-AA44-6818AE8B5830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
    FirewallRules: [{39798A39-477F-4A46-A493-6A155FCC477B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
    FirewallRules: [{93327FEA-B932-4A83-AA43-2037599271A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
    FirewallRules: [{7ABDC41F-4CDF-4DDB-A5A8-4A64D5ECC6E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
    FirewallRules: [{DF9CFA7F-3B32-43DD-BBC6-AC8DDE269D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
    FirewallRules: [{24E2C04F-BCC5-4947-A61A-7E6263DB1DD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
    FirewallRules: [{809DD42A-E467-48C9-87F0-E88A1AA2DE8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tap Adventure Time Travel\TapAdventure.exe
    FirewallRules: [{AB35B7B2-8856-4B5F-81FE-268712E2AA6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tap Adventure Time Travel\TapAdventure.exe
    FirewallRules: [{5489D42D-701C-410C-9C47-21AF7D2D99D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe
    FirewallRules: [{FD3AD805-A2A8-43CE-97BD-A173DB02C544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe
    FirewallRules: [{D00CBAC4-3B2E-443C-91BC-F9448F95811C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
    FirewallRules: [UDP Query User{9BA926EC-A108-40BA-908D-D82BB6832067}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe
    FirewallRules: [TCP Query User{595ECB4D-B6F6-465D-8F25-079F1CC599E2}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe
    FirewallRules: [{35EA6F1C-1C9D-4602-8354-CAE09FA18F90}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{4E8898FA-7FA8-4EB9-AD58-217B2C1090FE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{2FEE6E92-F25D-4EBB-9C95-54986E24590B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1CA6CACC-B1BA-4DA2-9E95-B0FA8DEDD685}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{079EF1EA-3010-4338-A8BC-346B233416EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{911BB808-3C04-430F-9E53-0FB190B3DF41}] => (Allow) LPort=8298
    FirewallRules: [UDP Query User{ED823690-8181-4DE3-A826-69C7863688EA}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
    FirewallRules: [TCP Query User{887F5358-031F-4F72-A876-924F1E5C0A1F}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
    FirewallRules: [UDP Query User{859291AC-BF16-4402-A40A-AA75E1A5B481}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{8188D74C-6D7E-4F0C-B9B5-451C96BE3DD6}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{37F2BD7C-5A26-42C2-81F2-151F6ED6D634}] => (Allow) LPort=1900
    FirewallRules: [{2D94A0B4-9DC1-4432-A9AC-D5723C8C8B34}] => (Allow) LPort=2869
    FirewallRules: [{7EEBBDEA-6D28-4816-8180-0A1034F7D806}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{6BE5269A-B295-480C-8C99-833F3ED25F5D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
    FirewallRules: [{B8554D56-1362-4103-BAF5-31CB177927C9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
    FirewallRules: [{92A6AD71-E00B-4B62-97EF-5C0CCB20DB35}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{19563F32-4408-46C2-BE41-C0DFC825B698}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C6A45646-BB54-40BA-85D4-899CDAC6EE62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{722DB0CF-9497-4EA6-AE11-8FFD73EFEB2C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{D5DB6196-28BE-4F62-846A-9D36A0000305}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{7F0B7BA5-7512-41CC-A5F8-D81CBC40D74A}] => (Allow) %systemroot%\system32\alg.exe
    FirewallRules: [{6320F4AD-D49D-432D-8F1C-18E1F58A8B54}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{4FC8B6CF-EFFA-4E05-B237-EF8EA2F18D17}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{60A3AA8F-398E-4F33-A426-CBA3CB32C8CB}C:\program files (x86)\smartapp\smartapp.exe] => (Allow) C:\program files (x86)\smartapp\smartapp.exe
    FirewallRules: [UDP Query User{14EF0710-5155-430E-B769-A75152E8F4CA}C:\program files (x86)\smartapp\smartapp.exe] => (Allow) C:\program files (x86)\smartapp\smartapp.exe
    FirewallRules: [{1667C0E4-AACE-4C86-AFE4-6115075B999A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{513C7487-8756-4F9C-AD66-E195AD25FB39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{6FD41AD0-7D02-4BDC-AAA4-74999B5171A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{E0944258-B37B-4D3D-B685-8DF7877A59AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C581090D-D655-4A61-8FC3-7E2951461E08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [TCP Query User{FA3BBC96-D05A-4B22-B670-7DD39CA3C039}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
    FirewallRules: [UDP Query User{41C54473-73A3-4EE3-91E8-A24A8EC56638}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
     
    ==================== Restore Points =========================
     
    27-06-2017 03:27:17 Scheduled Checkpoint
    27-06-2017 19:29:05 JRT Pre-Junkware Removal
    03-07-2017 12:18:34 Installed SmartApp
    09-07-2017 15:36:35 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (07/09/2017 07:06:07 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 06:50:06 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 06:42:06 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 06:38:07 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 06:35:01 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 01:23:28 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 12:19:28 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 11:47:28 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 11:31:28 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
    Error: (07/09/2017 11:23:28 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
     
    System errors:
    =============
    Error: (07/09/2017 07:44:47 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-PD9G7JHJ)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
     and APPID 
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
     to the user LAPTOP-PD9G7JHJ\MoodyMiss SID (S-1-5-21-3099505937-1185706521-667985844-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 07:44:45 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-PD9G7JHJ)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
     and APPID 
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
     to the user LAPTOP-PD9G7JHJ\MoodyMiss SID (S-1-5-21-3099505937-1185706521-667985844-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 07:41:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
    The service did not respond to the start or control request in a timely fashion.
     
    Error: (07/09/2017 07:41:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
     
    Error: (07/09/2017 07:40:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 07:40:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 07:39:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The CldFlt service failed to start due to the following error: 
    The request is not supported.
     
    Error: (07/09/2017 04:26:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 04:26:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 04:19:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SDScannerService service failed to start due to the following error: 
    The service did not respond to the start or control request in a timely fashion.
     
     
    CodeIntegrity:
    ===================================
      Date: 2017-07-09 16:29:21.499
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-07-09 16:29:21.492
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-07-09 16:18:51.640
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-07-09 16:09:58.782
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-07-09 16:09:58.779
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-07-09 16:09:58.742
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-07-09 16:09:58.738
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-07-09 16:08:13.893
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-07-09 16:08:13.889
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-07-09 16:06:21.216
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
    Percentage of memory in use: 42%
    Total physical RAM: 8105.84 MB
    Available physical RAM: 4627.07 MB
    Total Virtual: 17321.84 MB
    Available Virtual: 13548.26 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows) (Fixed) (Total:689.64 GB) (Free:572.82 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.34 GB) NTFS
    Drive e: (UPD1_607677) (CDROM) (Total:7.12 GB) (Free:0 GB) UDF
    Drive f: (Data) (Fixed) (Total:195.31 GB) (Free:80.59 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 037C6746)
     
    Partition: GPT.
     
    ==================== End of Addition.txt ============================

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,799 posts
    • MVP
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   16.62KB   15 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
     
    Download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox Close Chrome/Firefox/Skpe. Hit Optimize.   If it tells you that Chrome is still running then open Chrome, click on the 3 horizonal line icon in the upper right and then Settings, Advanced Settings, scroll to the bottom and look for the section on System.  The first option is Continue running background apps when Google Chrome is closed.  Turn it off (switch is gray).  Then close Chrome and try again.
     
    How many seconds does it take for Chrome to come up and display your home page?
     
     
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
     
     
     

     


    • 0

    #9
    missmoody

    missmoody

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    Here's the fixlog. 

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
    Ran by MoodyMiss (09-07-2017 21:45:46) Run:1
    Running from C:\Users\MoodyMiss\Desktop\Malware Tools
    Loaded Profiles: MoodyMiss (Available Profiles: MoodyMiss & Visitor)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    CloseProcesses:
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    BootExecute: autocheck autochk * sdnclean64.exe
    CMD: Type C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat
    SearchScopes: HKU\S-1-5-21-3099505937-1185706521-667985844-1001 -> DefaultScope {F7C2DF14-BBE7-41FA-8823-81F664D37420} URL = 
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-21] (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-21] (Oracle Corporation)
    FF ProfilePath: C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default [2017-04-19]
    FF Extension: (Czech (CZ) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Deutsch (DE) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (English (US) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Español (España) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Finnish Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Français Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Galego (España) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Hebrew (IL) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Magyar (HU) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Italiano (IT) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Japanese Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Korean (KR) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Nederlands (NL) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Polski Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Russian (RU) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Slovenski jezik Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (српски (sr) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Svenska (SE) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\la[email protected] [2017-04-07] [not signed]
    FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2017-07-09] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2017-07-09] <==== ATTENTION
    CHR Extension: (Tidy Sidebar) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2017-02-16]
    CHR Extension: (Social Fixer for Facebook) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-07-07]
    CHR Extension: (Cookies) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2017-07-09]
    CHR HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CMD: type C:\WINDOWS\wininit.ini
    2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2017-06-28 10:50 - 2017-07-09 19:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-06-28 10:50 - 2017-07-09 19:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-06-18 00:13 - 2017-03-18 21:57 - 1930320 _____ (Microsoft Corporation) C:\Users\MoodyMiss\AppData\Local\Temp\dllnt_dump.dll
    CustomCLSID: HKU\S-1-5-21-3099505937-1185706521-667985844-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
    ContextMenuHandlers01: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll -> No File
    ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
    ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    HKLM\...\StartupApproved\Run32: => "SDTray"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
    FirewallRules: [TCP Query User{60A3AA8F-398E-4F33-A426-CBA3CB32C8CB}C:\program files (x86)\smartapp\smartapp.exe] => (Allow) C:\program files (x86)\smartapp\smartapp.exe
    FirewallRules: [UDP Query User{14EF0710-5155-430E-B769-A75152E8F4CA}C:\program files (x86)\smartapp\smartapp.exe] => (Allow) C:\program files (x86)\smartapp\smartapp.exe
    C:\Windows\System32\GroupPolicy
    C:\Windows\System32\GroupPolicyUsers
    C:\Windows\SysWOW64\GroupPolicy
    C:\Windows\SysWOW64\GroupPolicyUsers
    CMD: gpupdate /force
    EmptyTemp:
    CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
     
     
     
     
    *****************
     
    Processes closed successfully.
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
    HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
     
    ========= Type C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat =========
     
    The system cannot find the file specified.
    Error occurred while processing: C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start.
    The system cannot find the path specified.
     
    ========= End of CMD: =========
     
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default => not found
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default => path removed successfully
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] => not found.
    HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
    C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js => moved successfully
    C:\Program Files (x86)\mozilla firefox\mozilla.cfg => moved successfully
    CHR Extension: (Tidy Sidebar) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2017-02-16] => Error: No automatic fix found for this entry.
    CHR Extension: (Social Fixer for Facebook) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-07-07] => Error: No automatic fix found for this entry.
    CHR Extension: (Cookies) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2017-07-09] => Error: No automatic fix found for this entry.
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key removed successfully
     
    ========= type C:\WINDOWS\wininit.ini =========
     
    [rename]
    NUL=C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db
     
    ========= End of CMD: =========
     
    C:\WINDOWS\System32\Tasks\Safer-Networking => moved successfully
    C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
    C:\ProgramData\Spybot - Search & Destroy => moved successfully
    "C:\Users\MoodyMiss\AppData\Local\Temp\dllnt_dump.dll" => not found.
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed} => key removed successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Adobe.Acrobat.ContextMenu => key removed successfully
    HKLM\Software\Classes\CLSID\{A6595CD1-BF77-430A-A452-18696685F7C7} => key removed successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
    HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
    HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
    C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SDTray => value removed successfully
    HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => value not found.
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value not found.
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SUPERAntiSpyware => value removed successfully
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware => value not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{60A3AA8F-398E-4F33-A426-CBA3CB32C8CB}C:\program files (x86)\smartapp\smartapp.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{14EF0710-5155-430E-B769-A75152E8F4CA}C:\program files (x86)\smartapp\smartapp.exe => value removed successfully
    C:\Windows\System32\GroupPolicy => moved successfully
    C:\Windows\System32\GroupPolicyUsers => moved successfully
    C:\Windows\SysWOW64\GroupPolicy => moved successfully
    C:\Windows\SysWOW64\GroupPolicyUsers => moved successfully
     
    ========= gpupdate /force =========
     
    Updating policy...
     
     
     
    Computer Policy update has completed successfully.
     
    User Policy update has completed successfully.
     
     
     
     
    ========= End of CMD: =========
     
     
    ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
     
    Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
    Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
    Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
     
    ========= End of CMD: =========
     
     
    =========== EmptyTemp: ==========
     
    BITS transfer queue => 7888896 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 116164481 B
    Java, Flash, Steam htmlcache => 348060631 B
    Windows/system/drivers => 2683363 B
    Edge => 131396 B
    Chrome => 544660538 B
    Firefox => 24539608 B
    Opera => 0 B
     
    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 7394 B
    NetworkService => 20575614 B
    MoodyMiss => 989509705 B
    Visitor => 9457 B
     
    RecycleBin => 13980656907 B
    EmptyTemp: => 14.9 GB temporary data Removed.
     
    ================================
     
     
    The system needed a reboot.
     
    ==== End of Fixlog 21:50:32 ====

    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,799 posts
    • MVP

    Any better?


    • 0

    Advertisements


    #11
    missmoody

    missmoody

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    Seeming a lot better. But I haven't installed speedyfox yet. Here are the FRST logs you requested. 

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
    Ran by MoodyMiss (administrator) on LAPTOP-PD9G7JHJ (09-07-2017 22:07:51)
    Running from C:\Users\MoodyMiss\Desktop\Malware Tools
    Loaded Profiles: MoodyMiss (Available Profiles: MoodyMiss & Visitor)
    Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
    () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Andrea Vacondio) C:\Program Files\PDFsam Enhanced 4\creator-ws.exe
    (Andrea Vacondio) C:\Program Files\PDFsam Enhanced\creator-ws.exe
    (ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Lenovo) C:\Program Files\Lenovo\BTlocker\RestartThread.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Lenovo) C:\Program Files\Lenovo\BTlocker\BTDemoService.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Cisco) C:\Users\MoodyMiss\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
    (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\System32\Locator.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
    (Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Lenovo) C:\Users\MoodyMiss\AppData\Local\Apps\2.0\BRYE9YZO.XP7\G2T636RX.C6P\lsb...tion_2d7b41b05b24775e_0001.0006_589ac911618caaca\LSB.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek semiconductor)
    HKLM\...\Run: [BTLocker] => C:\Program Files\Lenovo\BtLocker\BTLocker.exe [677304 2015-07-15] (Lenovo)
    HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-08-30] ()
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
    HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp.)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [PhotoMasterImportAgent] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe [675608 2016-09-22] (CyberLink Corp.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Discord] => C:\Users\MoodyMiss\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Spotify Web Helper] => C:\Users\MoodyMiss\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-24] (Spotify Ltd)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Spotify] => C:\Users\MoodyMiss\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-24] (Spotify Ltd)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [VideoGuardMonitor] => C:\Users\MoodyMiss\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2449160 2017-02-09] (Cisco)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [GoogleChromeAutoLaunch_58B6F8ECAF76F56F8565A106D625FE62] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)
    Startup: C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-07-09]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2015-08-11] ()
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{5611333e-72eb-4eba-8a0b-06ccc90c0d2f}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{c2ee8550-2bc8-4c46-b26a-180a3681a1c8}: [DhcpNameServer] 172.20.10.1
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-07] (Microsoft Corporation)
    DPF: HKLM-x32 {EBB176D2-AF75-4706-832F-4C8448F72757} hxxps://www.shopandscan.com/TNSClickrc.CAB
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
     
    FireFox:
    ========
    FF DefaultProfile: ui4axywz.default
    FF ProfilePath: C:\Users\MoodyMiss\AppData\Roaming\Mozilla\Firefox\Profiles\ui4axywz.default [2017-07-09]
    FF Homepage: Mozilla\Firefox\Profiles\ui4axywz.default -> www.google.com
    FF NetworkProxy: Mozilla\Firefox\Profiles\ui4axywz.default -> type", 0
    FF Extension: (LastPass: Free Password Manager) - C:\Users\MoodyMiss\AppData\Roaming\Mozilla\Firefox\Profiles\ui4axywz.default\Extensions\[email protected] [2017-06-09]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension
    FF Extension: (PDFsam Enhanced Creator) - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension [2016-12-11] [not signed]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-21] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: PDFsam Enhanced -> C:\Program Files (x86)\PDFsam Enhanced\np-previewer.dll [2016-07-06] (Andrea Vacondio)
    FF Plugin-x32: PDFsam Enhanced 4 -> C:\Program Files (x86)\PDFsam Enhanced 4\np-previewer.dll [2017-02-22] (Andrea Vacondio)
     
    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR DefaultSearchKeyword: Default -> lp
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default [2017-07-09]
    CHR Extension: (Google Slides) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-19]
    CHR Extension: (Google Docs) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-19]
    CHR Extension: (Google Drive) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-20]
    CHR Extension: (YouTube) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-19]
    CHR Extension: (Adblock Plus) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
    CHR Extension: (OneTab) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20]
    CHR Extension: (Tidy Sidebar) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2017-02-16]
    CHR Extension: (Flix Plus by Lifehacker) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2017-05-23]
    CHR Extension: (Radioplayer) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2017-05-25]
    CHR Extension: (Google Sheets) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-19]
    CHR Extension: (Facebook™ Chat Privacy) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2016-11-19]
    CHR Extension: (Google Docs Offline) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]
    CHR Extension: (Pinterest Save Button) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-26]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-07-07]
    CHR Extension: (Social Fixer for Facebook) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-07-07]
    CHR Extension: (Cookies) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2017-07-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
    CHR Extension: (Gmail) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-19]
    CHR Extension: (Chrome Media Router) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-09]
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-09]
    CHR HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
    R2 BTDemoService; C:\Program Files\Lenovo\BtLocker\BTDemoService.exe [145336 2015-07-15] (Lenovo)
    S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-06] (Lenovo)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
    R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (Lenovo)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel Corporation)
    R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
    S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-08-24] (Lenovo)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
    R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
    R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
    S3 PDFsam Enhanced; C:\Program Files\PDFsam Enhanced\ws.exe [2322496 2016-07-06] (Andrea Vacondio)
    S3 PDFsam Enhanced 4; C:\Program Files\PDFsam Enhanced 4\ws.exe [1880416 2017-02-22] (Andrea Vacondio)
    S3 PDFsam Enhanced 4 CrashHandler; C:\Program Files\PDFsam Enhanced 4\crash-handler-ws.exe [931680 2017-02-22] (Andrea Vacondio)
    R2 PDFsam Enhanced 4 Creator; C:\Program Files\PDFsam Enhanced 4\creator-ws.exe [739168 2017-02-22] (Andrea Vacondio)
    S3 PDFsam Enhanced CrashHandler; C:\Program Files\PDFsam Enhanced\crash-handler-ws.exe [921664 2016-07-06] (Andrea Vacondio)
    R2 PDFsam Enhanced Creator; C:\Program Files\PDFsam Enhanced\creator-ws.exe [734272 2016-07-06] (Andrea Vacondio)
    R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
    R2 RestartThread; C:\Program Files\Lenovo\BtLocker\RestartThread.exe [35768 2015-07-15] (Lenovo)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
    R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
    S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
    S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-09] (Malwarebytes)
    R1 MpKsl0d48e321; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B40F9846-2F43-4168-A414-5C71CEA3ACE3}\MpKsl0d48e321.sys [44928 2017-07-09] (Microsoft Corporation)
    R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek                                            )
    R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
    R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-11] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-06-27] ()
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
    S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-08] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-08] (Zemana Ltd.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-07-09 21:45 - 2017-07-09 21:45 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\497C65E7.sys
    2017-07-09 19:37 - 2017-07-09 19:37 - 00000085 _____ C:\WINDOWS\wininit.ini
    2017-07-09 16:08 - 2017-07-09 22:07 - 00000000 ____D C:\FRST
    2017-07-09 15:40 - 2017-07-09 16:00 - 00000754 _____ C:\Users\MoodyMiss\Desktop\JRT.txt
    2017-07-09 15:19 - 2017-07-09 15:19 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\252C3DF2.sys
    2017-07-08 21:53 - 2017-07-08 21:52 - 01474450 _____ C:\Users\MoodyMiss\Desktop\Steps Recorder.zip
    2017-07-08 17:39 - 2017-07-09 22:08 - 00083604 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-07-08 17:39 - 2017-07-09 22:08 - 00048563 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-07-08 17:39 - 2017-07-08 17:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2017-07-08 17:39 - 2017-07-08 17:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
    2017-07-08 17:39 - 2017-07-08 17:39 - 00001224 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Zemana
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2017-07-08 11:54 - 2017-07-08 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-07-07 02:21 - 2017-07-07 02:21 - 00022526 _____ C:\Users\MoodyMiss\Downloads\Epping Forest District Council - 07-07-17.html
    2017-07-07 02:21 - 2017-07-07 02:21 - 00000000 ____D C:\Users\MoodyMiss\Downloads\Epping Forest District Council - 07-07-17_files
    2017-07-06 22:33 - 2017-07-06 22:33 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Unity
    2017-07-06 22:31 - 2017-07-06 22:31 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Panoramik
    2017-07-06 18:38 - 2017-07-06 18:38 - 00000000 ____D C:\Users\MoodyMiss\Downloads\Steam - Bookworm
    2017-07-06 17:43 - 2017-07-06 17:43 - 00000000 ___DL C:\Users\MoodyMiss\AppData\LocalLow\PlayReady
    2017-07-06 15:31 - 2017-07-06 15:32 - 19578880 _____ C:\Users\MoodyMiss\Downloads\Turbo Lister - Import to funny-peculiar.tdb
    2017-07-04 21:18 - 2017-07-04 21:18 - 00003352 _____ C:\WINDOWS\System32\Tasks\Restart Snagit
    2017-07-03 12:15 - 2017-07-03 12:16 - 04669440 _____ C:\Users\MoodyMiss\Downloads\SmartApp (1).msi
    2017-06-29 13:50 - 2017-06-29 13:50 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
    2017-06-29 13:50 - 2017-06-29 13:50 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
    2017-06-28 13:09 - 2017-06-28 13:09 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-06-27 17:03 - 2017-06-27 17:03 - 00000000 ____D C:\ProgramData\XDMessagingv4
    2017-06-24 21:14 - 2017-06-24 21:14 - 01450743 _____ C:\Users\MoodyMiss\Downloads\(3) Parts for trampolines - Home - 23-07-17.html
    2017-06-24 21:14 - 2017-06-24 21:14 - 00000000 ____D C:\Users\MoodyMiss\Downloads\(3) Parts for trampolines - Home - 23-07-17_files
    2017-06-24 00:10 - 2017-06-24 00:10 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\NetworkTiles
    2017-06-21 14:56 - 2017-06-21 14:56 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-06-21 14:56 - 2017-06-21 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-06-21 14:54 - 2017-06-21 14:56 - 00000000 ____D C:\Program Files\iTunes
    2017-06-21 14:54 - 2017-06-21 14:54 - 00000000 ____D C:\Program Files\iPod
    2017-06-21 14:41 - 2017-06-21 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2017-06-21 14:39 - 2017-06-21 14:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2017-06-21 14:39 - 2017-06-21 14:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2017-06-19 11:47 - 2017-06-19 11:47 - 00911360 _____ C:\Users\MoodyMiss\Downloads\2014-4_foi022214.xls
    2017-06-18 11:17 - 2017-06-18 11:17 - 00000000 ____D C:\ProgramData\Sophos
    2017-06-18 11:15 - 2017-06-18 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2017-06-18 11:13 - 2017-06-18 11:13 - 00000000 ____D C:\Program Files (x86)\Sophos
    2017-06-18 10:07 - 2017-06-18 10:27 - 00000000 ____D C:\ProgramData\HitmanPro
    2017-06-18 01:34 - 2017-07-09 15:19 - 00000000 ____D C:\AdwCleaner
    2017-06-18 01:19 - 2017-06-18 01:19 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
    2017-06-18 00:13 - 2017-06-27 19:28 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-06-18 00:13 - 2017-06-18 15:29 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-06-18 00:12 - 2017-06-18 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-06-18 00:12 - 2017-06-18 00:12 - 00000000 ____D C:\Program Files\RogueKiller
    2017-06-18 00:09 - 2017-06-18 00:12 - 00293058 _____ C:\TDSSKiller.3.1.0.15_18.06.2017_00.09.39_log.txt
    2017-06-18 00:05 - 2017-06-18 00:05 - 00000562 _____ C:\TDSSKiller.3.1.0.15_18.06.2017_00.05.30_log.txt
    2017-06-17 23:58 - 2017-07-09 22:00 - 00000000 ____D C:\Users\MoodyMiss\Desktop\Malware Tools
    2017-06-17 22:24 - 2017-07-08 11:41 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-06-17 22:23 - 2017-07-09 21:52 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-06-17 22:23 - 2017-07-09 09:30 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-06-17 22:23 - 2017-07-07 20:52 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-06-17 22:23 - 2017-07-07 20:43 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-06-17 22:23 - 2017-07-07 20:43 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-06-17 22:23 - 2017-06-17 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-06-17 22:22 - 2017-06-17 22:22 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-06-17 17:39 - 2017-06-19 16:30 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\NOW TV Player
    2017-06-17 11:23 - 2017-06-17 11:23 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Cisco
    2017-06-17 11:23 - 2017-06-17 11:23 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Cisco
    2017-06-17 11:21 - 2017-06-17 11:21 - 00001205 _____ C:\Users\MoodyMiss\Desktop\NOW TV Player.lnk
    2017-06-17 11:21 - 2017-06-17 11:21 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NOW TV
    2017-06-17 11:20 - 2017-06-17 11:20 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\NOW TV
    2017-06-17 11:15 - 2017-06-17 11:19 - 73149360 _____ (NOW TV ) C:\Users\MoodyMiss\Downloads\NOWTVPlayerInstaller-Full-Windows.exe
    2017-06-14 17:20 - 2017-06-03 10:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2017-06-14 17:20 - 2017-06-03 10:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-06-14 17:20 - 2017-06-03 10:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2017-06-14 17:20 - 2017-06-03 10:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-06-14 17:20 - 2017-06-03 10:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-06-14 17:20 - 2017-06-03 09:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2017-06-14 17:20 - 2017-06-03 09:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2017-06-14 17:20 - 2017-06-03 09:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2017-06-14 17:20 - 2017-06-03 09:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-06-14 17:20 - 2017-05-20 10:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2017-06-14 17:20 - 2017-05-20 09:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2017-06-14 17:20 - 2017-05-20 09:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2017-06-14 17:20 - 2017-05-20 09:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2017-06-14 17:20 - 2017-05-20 09:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2017-06-14 17:20 - 2017-05-20 09:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2017-06-14 17:20 - 2017-05-20 09:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-06-14 17:20 - 2017-05-20 09:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
    2017-06-14 17:20 - 2017-05-20 09:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
    2017-06-14 17:20 - 2017-05-20 09:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
    2017-06-14 17:20 - 2017-05-20 09:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-06-14 17:20 - 2017-05-20 09:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
    2017-06-14 17:20 - 2017-05-20 09:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2017-06-14 17:20 - 2017-05-20 09:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-06-14 17:20 - 2017-05-20 09:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 04544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
    2017-06-14 17:20 - 2017-05-20 09:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-06-14 17:20 - 2017-05-20 09:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2017-06-14 17:20 - 2017-05-20 09:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2017-06-14 17:20 - 2017-05-20 09:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2017-06-14 17:20 - 2017-05-20 09:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2017-06-14 17:20 - 2017-05-20 09:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2017-06-14 17:20 - 2017-05-20 09:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
    2017-06-14 17:19 - 2017-06-03 10:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-06-14 17:19 - 2017-06-03 10:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-06-14 17:19 - 2017-06-03 10:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2017-06-14 17:19 - 2017-06-03 10:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-06-14 17:19 - 2017-06-03 10:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
    2017-06-14 17:19 - 2017-06-03 10:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-06-14 17:19 - 2017-06-03 10:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2017-06-14 17:19 - 2017-06-03 10:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
    2017-06-14 17:19 - 2017-06-03 10:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-06-14 17:19 - 2017-06-03 09:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-06-14 17:19 - 2017-06-03 09:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-06-14 17:19 - 2017-06-03 09:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-06-14 17:19 - 2017-06-03 09:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2017-06-14 17:19 - 2017-06-03 09:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-06-14 17:19 - 2017-06-03 09:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-06-14 17:19 - 2017-06-03 09:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-06-14 17:19 - 2017-06-03 09:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-06-14 17:19 - 2017-06-03 09:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2017-06-14 17:19 - 2017-06-03 09:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-06-14 17:19 - 2017-05-20 09:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2017-06-14 17:19 - 2017-05-20 09:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2017-06-14 17:19 - 2017-05-20 09:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-06-14 17:19 - 2017-05-20 09:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-06-14 17:19 - 2017-05-20 09:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
    2017-06-14 17:19 - 2017-05-20 09:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-06-14 17:19 - 2017-05-20 09:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-06-14 17:19 - 2017-05-20 09:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
    2017-06-14 17:19 - 2017-05-20 09:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
    2017-06-14 17:19 - 2017-05-20 09:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
    2017-06-14 17:19 - 2017-05-20 09:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
    2017-06-14 17:19 - 2017-05-20 09:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2017-06-14 17:19 - 2017-05-20 09:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-06-14 17:19 - 2017-05-20 09:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2017-06-14 17:19 - 2017-05-20 09:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2017-06-14 17:19 - 2017-05-20 09:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2017-06-14 17:19 - 2017-05-20 09:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
    2017-06-14 17:19 - 2017-05-20 09:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
    2017-06-14 17:09 - 2017-06-03 10:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-06-14 17:09 - 2017-06-03 10:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-06-14 17:09 - 2017-06-03 10:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-06-14 17:09 - 2017-06-03 10:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-06-14 17:09 - 2017-06-03 10:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-06-14 17:09 - 2017-06-03 10:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2017-06-14 17:09 - 2017-06-03 10:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2017-06-14 17:09 - 2017-06-03 09:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2017-06-14 17:09 - 2017-06-03 09:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-06-14 17:09 - 2017-06-03 09:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2017-06-14 17:09 - 2017-05-20 07:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
    2017-06-14 17:09 - 2017-05-20 07:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2017-06-14 17:09 - 2017-05-20 07:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
    2017-06-14 17:09 - 2017-05-20 07:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
    2017-06-14 17:09 - 2017-05-20 07:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
    2017-06-14 17:09 - 2017-05-20 07:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
    2017-06-14 17:09 - 2017-05-20 07:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
    2017-06-14 17:09 - 2017-05-20 07:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-06-14 17:09 - 2017-05-20 06:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-06-14 17:09 - 2017-05-20 06:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2017-06-14 17:09 - 2017-05-20 06:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
    2017-06-14 17:09 - 2017-05-20 06:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
    2017-06-14 17:08 - 2017-06-03 11:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2017-06-14 17:08 - 2017-06-03 11:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-06-14 17:08 - 2017-06-03 11:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2017-06-14 17:08 - 2017-06-03 11:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2017-06-14 17:08 - 2017-06-03 11:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-06-14 17:08 - 2017-06-03 11:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2017-06-14 17:08 - 2017-06-03 10:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2017-06-14 17:08 - 2017-06-03 10:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-06-14 17:08 - 2017-06-03 10:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2017-06-14 17:08 - 2017-06-03 10:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2017-06-14 17:08 - 2017-06-03 10:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-06-14 17:08 - 2017-06-03 10:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-06-14 17:08 - 2017-06-03 10:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
    2017-06-14 17:08 - 2017-06-03 10:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
    2017-06-14 17:08 - 2017-06-03 10:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2017-06-14 17:08 - 2017-06-03 10:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2017-06-14 17:08 - 2017-06-03 10:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2017-06-14 17:08 - 2017-06-03 10:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2017-06-14 17:08 - 2017-06-03 10:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
    2017-06-14 17:08 - 2017-06-03 10:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-14 17:08 - 2017-06-03 10:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
    2017-06-14 17:08 - 2017-06-03 10:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2017-06-14 17:08 - 2017-06-03 10:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2017-06-14 17:08 - 2017-06-03 10:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-06-14 17:08 - 2017-06-03 10:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-06-14 17:08 - 2017-06-03 10:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-06-14 17:08 - 2017-06-03 10:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2017-06-14 17:08 - 2017-06-03 09:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-06-14 17:08 - 2017-06-03 09:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2017-06-14 17:08 - 2017-05-20 08:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2017-06-14 17:08 - 2017-05-20 08:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2017-06-14 17:08 - 2017-05-20 07:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2017-06-14 17:08 - 2017-05-20 07:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2017-06-14 17:08 - 2017-05-20 07:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2017-06-14 17:08 - 2017-05-20 07:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-06-14 17:08 - 2017-05-20 07:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-06-14 17:08 - 2017-05-20 07:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-06-14 17:08 - 2017-05-20 07:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
    2017-06-14 17:08 - 2017-05-20 07:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-06-14 17:08 - 2017-05-20 07:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
    2017-06-14 17:08 - 2017-05-20 07:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
    2017-06-14 17:08 - 2017-05-20 07:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
    2017-06-14 17:08 - 2017-05-20 07:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
    2017-06-14 17:08 - 2017-05-20 07:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
    2017-06-14 17:08 - 2017-05-20 07:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
    2017-06-14 17:08 - 2017-05-20 07:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2017-06-14 17:08 - 2017-05-20 06:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-06-14 17:08 - 2017-05-20 06:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
    2017-06-14 17:08 - 2017-05-20 06:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2017-06-14 17:08 - 2017-05-20 06:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2017-06-14 17:08 - 2017-05-20 06:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2017-06-14 17:08 - 2017-05-20 06:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
    2017-06-14 17:08 - 2017-05-20 06:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2017-06-14 17:08 - 2017-05-20 06:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
    2017-06-14 17:08 - 2017-05-20 06:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
    2017-06-14 17:06 - 2017-06-03 11:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-06-14 17:06 - 2017-06-03 11:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-06-14 17:06 - 2017-06-03 11:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2017-06-14 17:06 - 2017-06-03 10:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2017-06-14 17:06 - 2017-06-03 10:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2017-06-14 17:06 - 2017-06-03 10:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-06-14 17:06 - 2017-06-03 09:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2017-06-14 17:05 - 2017-05-20 07:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2017-06-14 17:04 - 2017-05-20 07:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2017-06-14 17:03 - 2017-06-03 11:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-06-14 17:03 - 2017-06-03 11:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-06-14 17:03 - 2017-06-03 11:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2017-06-14 17:03 - 2017-06-03 11:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-06-14 17:03 - 2017-06-03 11:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
    2017-06-14 17:03 - 2017-06-03 10:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-06-14 17:03 - 2017-06-03 10:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2017-06-14 17:03 - 2017-06-03 10:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
    2017-06-14 17:03 - 2017-06-03 10:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-06-14 17:03 - 2017-06-03 10:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-06-14 17:03 - 2017-06-03 09:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-06-14 17:03 - 2017-06-03 09:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2017-06-14 17:03 - 2017-06-03 09:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2017-06-14 17:03 - 2017-06-03 09:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
    2017-06-14 17:03 - 2017-05-20 08:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-06-14 17:03 - 2017-05-20 07:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
    2017-06-14 17:03 - 2017-05-20 07:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
    2017-06-14 17:03 - 2017-05-20 07:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-06-14 17:03 - 2017-05-20 07:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2017-06-14 17:03 - 2017-05-20 07:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2017-06-14 17:03 - 2017-05-20 07:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
    2017-06-14 17:03 - 2017-05-20 07:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-06-14 17:03 - 2017-05-20 07:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-06-14 17:03 - 2017-05-20 07:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2017-06-14 17:03 - 2017-05-20 07:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2017-06-14 17:03 - 2017-05-20 07:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
    2017-06-14 17:03 - 2017-05-20 07:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
    2017-06-14 17:03 - 2017-05-20 07:00 - 05776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
    2017-06-14 17:03 - 2017-05-20 07:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2017-06-14 17:03 - 2017-05-20 07:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2017-06-14 17:03 - 2017-05-20 06:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2017-06-14 17:03 - 2017-05-20 06:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2017-06-14 17:03 - 2017-05-20 06:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-06-14 17:03 - 2017-05-20 06:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2017-06-14 17:03 - 2017-05-20 06:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-06-14 17:03 - 2017-05-20 06:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2017-06-14 17:03 - 2017-05-20 06:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2017-06-14 17:03 - 2017-05-20 06:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-06-14 17:03 - 2017-05-20 06:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-06-14 17:03 - 2017-05-20 06:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
    2017-06-14 17:02 - 2017-06-03 11:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-06-14 16:58 - 2017-06-03 11:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2017-06-14 16:58 - 2017-05-20 08:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-06-14 16:58 - 2017-05-20 07:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-06-14 16:58 - 2017-05-20 07:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2017-06-14 16:58 - 2017-05-20 07:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2017-06-14 16:57 - 2017-06-03 10:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-06-13 12:33 - 2017-06-13 12:33 - 01156922 _____ C:\Users\MoodyMiss\Downloads\Epping Forest S13A 201718 v1.4.pdf
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-07-09 21:58 - 2016-11-25 07:09 - 00139343 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
    2017-07-09 21:53 - 2017-05-15 22:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-07-09 21:53 - 2016-11-20 12:24 - 00000000 __SHD C:\Users\MoodyMiss\IntelGraphicsProfiles
    2017-07-09 21:52 - 2017-05-15 23:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-07-09 21:51 - 2017-03-18 12:40 - 01835008 _____ C:\WINDOWS\system32\config\BBI
    2017-07-09 21:46 - 2016-11-19 20:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-07-09 21:05 - 2016-11-19 21:57 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2017-07-09 19:34 - 2016-11-26 13:18 - 00000000 ____D C:\Program Files (x86)\SmartApp
    2017-07-09 19:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
    2017-07-09 18:08 - 2017-05-15 22:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-07-09 16:11 - 2016-08-30 20:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-07-09 15:47 - 2017-05-15 22:39 - 00000000 ____D C:\Users\MoodyMiss
    2017-07-09 15:45 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-07-09 14:57 - 2017-01-02 04:05 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Skype
    2017-07-09 06:40 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-07-09 04:34 - 2016-11-20 12:24 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Packages
    2017-07-09 04:31 - 2016-12-22 21:36 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\CrashDumps
    2017-07-09 01:09 - 2017-03-11 13:00 - 00000000 ____D C:\Program Files (x86)\Steam
    2017-07-09 00:54 - 2016-11-19 21:58 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\TeamViewer
    2017-07-08 21:37 - 2016-11-30 00:21 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\ElevatedDiagnostics
    2017-07-08 11:54 - 2016-12-01 01:36 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-07-07 21:09 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-07-07 20:42 - 2016-11-19 20:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-07-07 20:33 - 2016-12-18 17:11 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Spotify
    2017-07-07 18:24 - 2016-12-18 17:08 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Spotify
    2017-07-06 17:11 - 2016-11-19 20:54 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Mozilla
    2017-07-04 20:51 - 2016-12-12 02:02 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\discord
    2017-07-04 16:33 - 2017-03-22 00:26 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\PokerStars.UK
    2017-07-03 15:24 - 2017-03-22 00:23 - 00000000 ____D C:\Program Files (x86)\PokerStars.UK
    2017-07-02 20:59 - 2016-12-22 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    2017-06-29 17:36 - 2016-12-05 23:19 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Apple Computer
    2017-06-27 19:34 - 2016-12-05 00:49 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-06-27 19:34 - 2016-12-05 00:49 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-06-23 20:02 - 2016-11-24 14:25 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\vlc
    2017-06-23 19:11 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-06-23 17:17 - 2017-05-14 22:18 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\dvdcss
    2017-06-23 12:42 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
    2017-06-23 09:28 - 2016-06-11 11:58 - 00010720 _____ C:\Users\MoodyMiss\Downloads\Food Diary.xlsx
    2017-06-23 09:23 - 2016-12-05 23:19 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Apple Computer
    2017-06-23 01:51 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-06-22 10:06 - 2017-05-15 23:14 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-06-22 10:06 - 2016-11-20 12:27 - 00002413 _____ C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-06-22 10:06 - 2016-11-20 12:27 - 00000000 ___RD C:\Users\MoodyMiss\OneDrive
    2017-06-21 14:53 - 2016-12-05 23:14 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-06-21 14:39 - 2016-12-05 23:16 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2017-06-18 09:57 - 2017-05-15 22:38 - 01119902 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-06-18 04:24 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
    2017-06-18 01:46 - 2017-03-04 01:01 - 00000000 ___RD C:\Program Files (x86)\Skype
    2017-06-18 01:46 - 2016-11-19 21:22 - 00000000 ____D C:\ProgramData\Skype
    2017-06-17 23:42 - 2015-11-03 20:24 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-06-17 23:38 - 2017-05-15 22:33 - 00381096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-06-17 23:37 - 2016-12-24 20:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-06-17 23:37 - 2016-12-24 20:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\system32\F12
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___RD C:\Program Files\Windows Defender
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-06-14 18:03 - 2016-11-19 21:24 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-06-14 17:42 - 2016-11-19 21:24 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-06-14 17:36 - 2016-12-24 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-06-10 00:23 - 2016-12-04 23:42 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Windows Live
    2017-06-09 23:28 - 2016-11-27 20:45 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\LastPass
     
    ==================== Files in the root of some directories =======
     
    2016-12-10 05:34 - 2016-12-10 05:34 - 0000017 _____ () C:\Users\MoodyMiss\AppData\Local\resmon.resmoncfg
    2017-05-15 22:36 - 2017-05-15 22:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-06-25 05:29
     
    ==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
    Ran by MoodyMiss (administrator) on LAPTOP-PD9G7JHJ (09-07-2017 22:07:51)
    Running from C:\Users\MoodyMiss\Desktop\Malware Tools
    Loaded Profiles: MoodyMiss (Available Profiles: MoodyMiss & Visitor)
    Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
    () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Andrea Vacondio) C:\Program Files\PDFsam Enhanced 4\creator-ws.exe
    (Andrea Vacondio) C:\Program Files\PDFsam Enhanced\creator-ws.exe
    (ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Lenovo) C:\Program Files\Lenovo\BTlocker\RestartThread.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Lenovo) C:\Program Files\Lenovo\BTlocker\BTDemoService.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Cisco) C:\Users\MoodyMiss\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
    (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\System32\Locator.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
    (Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Lenovo) C:\Users\MoodyMiss\AppData\Local\Apps\2.0\BRYE9YZO.XP7\G2T636RX.C6P\lsb...tion_2d7b41b05b24775e_0001.0006_589ac911618caaca\LSB.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek semiconductor)
    HKLM\...\Run: [BTLocker] => C:\Program Files\Lenovo\BtLocker\BTLocker.exe [677304 2015-07-15] (Lenovo)
    HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-08-30] ()
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
    HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp.)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [PhotoMasterImportAgent] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe [675608 2016-09-22] (CyberLink Corp.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Discord] => C:\Users\MoodyMiss\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Spotify Web Helper] => C:\Users\MoodyMiss\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-24] (Spotify Ltd)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Spotify] => C:\Users\MoodyMiss\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-24] (Spotify Ltd)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [VideoGuardMonitor] => C:\Users\MoodyMiss\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2449160 2017-02-09] (Cisco)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [GoogleChromeAutoLaunch_58B6F8ECAF76F56F8565A106D625FE62] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)
    Startup: C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-07-09]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2015-08-11] ()
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{5611333e-72eb-4eba-8a0b-06ccc90c0d2f}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{c2ee8550-2bc8-4c46-b26a-180a3681a1c8}: [DhcpNameServer] 172.20.10.1
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-07] (Microsoft Corporation)
    DPF: HKLM-x32 {EBB176D2-AF75-4706-832F-4C8448F72757} hxxps://www.shopandscan.com/TNSClickrc.CAB
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
     
    FireFox:
    ========
    FF DefaultProfile: ui4axywz.default
    FF ProfilePath: C:\Users\MoodyMiss\AppData\Roaming\Mozilla\Firefox\Profiles\ui4axywz.default [2017-07-09]
    FF Homepage: Mozilla\Firefox\Profiles\ui4axywz.default -> www.google.com
    FF NetworkProxy: Mozilla\Firefox\Profiles\ui4axywz.default -> type", 0
    FF Extension: (LastPass: Free Password Manager) - C:\Users\MoodyMiss\AppData\Roaming\Mozilla\Firefox\Profiles\ui4axywz.default\Extensions\[email protected] [2017-06-09]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension
    FF Extension: (PDFsam Enhanced Creator) - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension [2016-12-11] [not signed]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-21] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: PDFsam Enhanced -> C:\Program Files (x86)\PDFsam Enhanced\np-previewer.dll [2016-07-06] (Andrea Vacondio)
    FF Plugin-x32: PDFsam Enhanced 4 -> C:\Program Files (x86)\PDFsam Enhanced 4\np-previewer.dll [2017-02-22] (Andrea Vacondio)
     
    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR DefaultSearchKeyword: Default -> lp
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default [2017-07-09]
    CHR Extension: (Google Slides) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-19]
    CHR Extension: (Google Docs) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-19]
    CHR Extension: (Google Drive) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-20]
    CHR Extension: (YouTube) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-19]
    CHR Extension: (Adblock Plus) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
    CHR Extension: (OneTab) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20]
    CHR Extension: (Tidy Sidebar) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2017-02-16]
    CHR Extension: (Flix Plus by Lifehacker) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2017-05-23]
    CHR Extension: (Radioplayer) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2017-05-25]
    CHR Extension: (Google Sheets) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-19]
    CHR Extension: (Facebook™ Chat Privacy) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2016-11-19]
    CHR Extension: (Google Docs Offline) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]
    CHR Extension: (Pinterest Save Button) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-26]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-07-07]
    CHR Extension: (Social Fixer for Facebook) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-07-07]
    CHR Extension: (Cookies) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2017-07-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
    CHR Extension: (Gmail) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-19]
    CHR Extension: (Chrome Media Router) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-09]
    CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-09]
    CHR HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
    R2 BTDemoService; C:\Program Files\Lenovo\BtLocker\BTDemoService.exe [145336 2015-07-15] (Lenovo)
    S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-06] (Lenovo)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
    R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (Lenovo)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel Corporation)
    R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
    S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-08-24] (Lenovo)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
    R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
    R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
    S3 PDFsam Enhanced; C:\Program Files\PDFsam Enhanced\ws.exe [2322496 2016-07-06] (Andrea Vacondio)
    S3 PDFsam Enhanced 4; C:\Program Files\PDFsam Enhanced 4\ws.exe [1880416 2017-02-22] (Andrea Vacondio)
    S3 PDFsam Enhanced 4 CrashHandler; C:\Program Files\PDFsam Enhanced 4\crash-handler-ws.exe [931680 2017-02-22] (Andrea Vacondio)
    R2 PDFsam Enhanced 4 Creator; C:\Program Files\PDFsam Enhanced 4\creator-ws.exe [739168 2017-02-22] (Andrea Vacondio)
    S3 PDFsam Enhanced CrashHandler; C:\Program Files\PDFsam Enhanced\crash-handler-ws.exe [921664 2016-07-06] (Andrea Vacondio)
    R2 PDFsam Enhanced Creator; C:\Program Files\PDFsam Enhanced\creator-ws.exe [734272 2016-07-06] (Andrea Vacondio)
    R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
    R2 RestartThread; C:\Program Files\Lenovo\BtLocker\RestartThread.exe [35768 2015-07-15] (Lenovo)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
    R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
    S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
    S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-09] (Malwarebytes)
    R1 MpKsl0d48e321; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B40F9846-2F43-4168-A414-5C71CEA3ACE3}\MpKsl0d48e321.sys [44928 2017-07-09] (Microsoft Corporation)
    R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek                                            )
    R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
    R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-11] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-06-27] ()
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
    S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-08] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-08] (Zemana Ltd.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-07-09 21:45 - 2017-07-09 21:45 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\497C65E7.sys
    2017-07-09 19:37 - 2017-07-09 19:37 - 00000085 _____ C:\WINDOWS\wininit.ini
    2017-07-09 16:08 - 2017-07-09 22:07 - 00000000 ____D C:\FRST
    2017-07-09 15:40 - 2017-07-09 16:00 - 00000754 _____ C:\Users\MoodyMiss\Desktop\JRT.txt
    2017-07-09 15:19 - 2017-07-09 15:19 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\252C3DF2.sys
    2017-07-08 21:53 - 2017-07-08 21:52 - 01474450 _____ C:\Users\MoodyMiss\Desktop\Steps Recorder.zip
    2017-07-08 17:39 - 2017-07-09 22:08 - 00083604 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-07-08 17:39 - 2017-07-09 22:08 - 00048563 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-07-08 17:39 - 2017-07-08 17:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2017-07-08 17:39 - 2017-07-08 17:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
    2017-07-08 17:39 - 2017-07-08 17:39 - 00001224 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Zemana
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
    2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2017-07-08 11:54 - 2017-07-08 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-07-07 02:21 - 2017-07-07 02:21 - 00022526 _____ C:\Users\MoodyMiss\Downloads\Epping Forest District Council - 07-07-17.html
    2017-07-07 02:21 - 2017-07-07 02:21 - 00000000 ____D C:\Users\MoodyMiss\Downloads\Epping Forest District Council - 07-07-17_files
    2017-07-06 22:33 - 2017-07-06 22:33 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Unity
    2017-07-06 22:31 - 2017-07-06 22:31 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Panoramik
    2017-07-06 18:38 - 2017-07-06 18:38 - 00000000 ____D C:\Users\MoodyMiss\Downloads\Steam - Bookworm
    2017-07-06 17:43 - 2017-07-06 17:43 - 00000000 ___DL C:\Users\MoodyMiss\AppData\LocalLow\PlayReady
    2017-07-06 15:31 - 2017-07-06 15:32 - 19578880 _____ C:\Users\MoodyMiss\Downloads\Turbo Lister - Import to funny-peculiar.tdb
    2017-07-04 21:18 - 2017-07-04 21:18 - 00003352 _____ C:\WINDOWS\System32\Tasks\Restart Snagit
    2017-07-03 12:15 - 2017-07-03 12:16 - 04669440 _____ C:\Users\MoodyMiss\Downloads\SmartApp (1).msi
    2017-06-29 13:50 - 2017-06-29 13:50 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
    2017-06-29 13:50 - 2017-06-29 13:50 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
    2017-06-28 13:09 - 2017-06-28 13:09 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-06-27 17:03 - 2017-06-27 17:03 - 00000000 ____D C:\ProgramData\XDMessagingv4
    2017-06-24 21:14 - 2017-06-24 21:14 - 01450743 _____ C:\Users\MoodyMiss\Downloads\(3) Parts for trampolines - Home - 23-07-17.html
    2017-06-24 21:14 - 2017-06-24 21:14 - 00000000 ____D C:\Users\MoodyMiss\Downloads\(3) Parts for trampolines - Home - 23-07-17_files
    2017-06-24 00:10 - 2017-06-24 00:10 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\NetworkTiles
    2017-06-21 14:56 - 2017-06-21 14:56 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-06-21 14:56 - 2017-06-21 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-06-21 14:54 - 2017-06-21 14:56 - 00000000 ____D C:\Program Files\iTunes
    2017-06-21 14:54 - 2017-06-21 14:54 - 00000000 ____D C:\Program Files\iPod
    2017-06-21 14:41 - 2017-06-21 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2017-06-21 14:39 - 2017-06-21 14:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2017-06-21 14:39 - 2017-06-21 14:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2017-06-19 11:47 - 2017-06-19 11:47 - 00911360 _____ C:\Users\MoodyMiss\Downloads\2014-4_foi022214.xls
    2017-06-18 11:17 - 2017-06-18 11:17 - 00000000 ____D C:\ProgramData\Sophos
    2017-06-18 11:15 - 2017-06-18 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2017-06-18 11:13 - 2017-06-18 11:13 - 00000000 ____D C:\Program Files (x86)\Sophos
    2017-06-18 10:07 - 2017-06-18 10:27 - 00000000 ____D C:\ProgramData\HitmanPro
    2017-06-18 01:34 - 2017-07-09 15:19 - 00000000 ____D C:\AdwCleaner
    2017-06-18 01:19 - 2017-06-18 01:19 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
    2017-06-18 00:13 - 2017-06-27 19:28 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-06-18 00:13 - 2017-06-18 15:29 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-06-18 00:12 - 2017-06-18 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-06-18 00:12 - 2017-06-18 00:12 - 00000000 ____D C:\Program Files\RogueKiller
    2017-06-18 00:09 - 2017-06-18 00:12 - 00293058 _____ C:\TDSSKiller.3.1.0.15_18.06.2017_00.09.39_log.txt
    2017-06-18 00:05 - 2017-06-18 00:05 - 00000562 _____ C:\TDSSKiller.3.1.0.15_18.06.2017_00.05.30_log.txt
    2017-06-17 23:58 - 2017-07-09 22:00 - 00000000 ____D C:\Users\MoodyMiss\Desktop\Malware Tools
    2017-06-17 22:24 - 2017-07-08 11:41 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-06-17 22:23 - 2017-07-09 21:52 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-06-17 22:23 - 2017-07-09 09:30 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-06-17 22:23 - 2017-07-07 20:52 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-06-17 22:23 - 2017-07-07 20:43 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-06-17 22:23 - 2017-07-07 20:43 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-06-17 22:23 - 2017-06-17 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-06-17 22:22 - 2017-06-17 22:22 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-06-17 17:39 - 2017-06-19 16:30 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\NOW TV Player
    2017-06-17 11:23 - 2017-06-17 11:23 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Cisco
    2017-06-17 11:23 - 2017-06-17 11:23 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Cisco
    2017-06-17 11:21 - 2017-06-17 11:21 - 00001205 _____ C:\Users\MoodyMiss\Desktop\NOW TV Player.lnk
    2017-06-17 11:21 - 2017-06-17 11:21 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NOW TV
    2017-06-17 11:20 - 2017-06-17 11:20 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\NOW TV
    2017-06-17 11:15 - 2017-06-17 11:19 - 73149360 _____ (NOW TV ) C:\Users\MoodyMiss\Downloads\NOWTVPlayerInstaller-Full-Windows.exe
    2017-06-14 17:20 - 2017-06-03 10:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-06-14 17:20 - 2017-06-03 10:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2017-06-14 17:20 - 2017-06-03 10:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-06-14 17:20 - 2017-06-03 10:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2017-06-14 17:20 - 2017-06-03 10:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-06-14 17:20 - 2017-06-03 10:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-06-14 17:20 - 2017-06-03 09:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2017-06-14 17:20 - 2017-06-03 09:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2017-06-14 17:20 - 2017-06-03 09:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2017-06-14 17:20 - 2017-06-03 09:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-06-14 17:20 - 2017-05-20 10:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2017-06-14 17:20 - 2017-05-20 09:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2017-06-14 17:20 - 2017-05-20 09:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2017-06-14 17:20 - 2017-05-20 09:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2017-06-14 17:20 - 2017-05-20 09:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2017-06-14 17:20 - 2017-05-20 09:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2017-06-14 17:20 - 2017-05-20 09:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-06-14 17:20 - 2017-05-20 09:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
    2017-06-14 17:20 - 2017-05-20 09:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
    2017-06-14 17:20 - 2017-05-20 09:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
    2017-06-14 17:20 - 2017-05-20 09:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-06-14 17:20 - 2017-05-20 09:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
    2017-06-14 17:20 - 2017-05-20 09:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2017-06-14 17:20 - 2017-05-20 09:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-06-14 17:20 - 2017-05-20 09:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 04544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
    2017-06-14 17:20 - 2017-05-20 09:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2017-06-14 17:20 - 2017-05-20 09:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-06-14 17:20 - 2017-05-20 09:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2017-06-14 17:20 - 2017-05-20 09:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2017-06-14 17:20 - 2017-05-20 09:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2017-06-14 17:20 - 2017-05-20 09:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2017-06-14 17:20 - 2017-05-20 09:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2017-06-14 17:20 - 2017-05-20 09:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
    2017-06-14 17:19 - 2017-06-03 10:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-06-14 17:19 - 2017-06-03 10:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-06-14 17:19 - 2017-06-03 10:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2017-06-14 17:19 - 2017-06-03 10:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-06-14 17:19 - 2017-06-03 10:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
    2017-06-14 17:19 - 2017-06-03 10:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-06-14 17:19 - 2017-06-03 10:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2017-06-14 17:19 - 2017-06-03 10:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-14 17:19 - 2017-06-03 10:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
    2017-06-14 17:19 - 2017-06-03 10:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-06-14 17:19 - 2017-06-03 09:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-06-14 17:19 - 2017-06-03 09:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-06-14 17:19 - 2017-06-03 09:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-06-14 17:19 - 2017-06-03 09:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2017-06-14 17:19 - 2017-06-03 09:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-06-14 17:19 - 2017-06-03 09:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-06-14 17:19 - 2017-06-03 09:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-06-14 17:19 - 2017-06-03 09:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-06-14 17:19 - 2017-06-03 09:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2017-06-14 17:19 - 2017-06-03 09:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-06-14 17:19 - 2017-05-20 09:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2017-06-14 17:19 - 2017-05-20 09:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2017-06-14 17:19 - 2017-05-20 09:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-06-14 17:19 - 2017-05-20 09:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-06-14 17:19 - 2017-05-20 09:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2017-06-14 17:19 - 2017-05-20 09:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
    2017-06-14 17:19 - 2017-05-20 09:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-06-14 17:19 - 2017-05-20 09:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-06-14 17:19 - 2017-05-20 09:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
    2017-06-14 17:19 - 2017-05-20 09:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
    2017-06-14 17:19 - 2017-05-20 09:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2017-06-14 17:19 - 2017-05-20 09:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
    2017-06-14 17:19 - 2017-05-20 09:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
    2017-06-14 17:19 - 2017-05-20 09:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2017-06-14 17:19 - 2017-05-20 09:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-06-14 17:19 - 2017-05-20 09:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2017-06-14 17:19 - 2017-05-20 09:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-06-14 17:19 - 2017-05-20 09:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2017-06-14 17:19 - 2017-05-20 09:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2017-06-14 17:19 - 2017-05-20 09:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2017-06-14 17:19 - 2017-05-20 09:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
    2017-06-14 17:19 - 2017-05-20 09:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
    2017-06-14 17:09 - 2017-06-03 10:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-06-14 17:09 - 2017-06-03 10:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-06-14 17:09 - 2017-06-03 10:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-06-14 17:09 - 2017-06-03 10:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-06-14 17:09 - 2017-06-03 10:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-06-14 17:09 - 2017-06-03 10:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2017-06-14 17:09 - 2017-06-03 10:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2017-06-14 17:09 - 2017-06-03 09:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2017-06-14 17:09 - 2017-06-03 09:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-06-14 17:09 - 2017-06-03 09:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2017-06-14 17:09 - 2017-05-20 07:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
    2017-06-14 17:09 - 2017-05-20 07:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2017-06-14 17:09 - 2017-05-20 07:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-06-14 17:09 - 2017-05-20 07:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
    2017-06-14 17:09 - 2017-05-20 07:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
    2017-06-14 17:09 - 2017-05-20 07:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
    2017-06-14 17:09 - 2017-05-20 07:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
    2017-06-14 17:09 - 2017-05-20 07:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
    2017-06-14 17:09 - 2017-05-20 07:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2017-06-14 17:09 - 2017-05-20 07:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-06-14 17:09 - 2017-05-20 06:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-06-14 17:09 - 2017-05-20 06:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2017-06-14 17:09 - 2017-05-20 06:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
    2017-06-14 17:09 - 2017-05-20 06:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
    2017-06-14 17:08 - 2017-06-03 11:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2017-06-14 17:08 - 2017-06-03 11:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-06-14 17:08 - 2017-06-03 11:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2017-06-14 17:08 - 2017-06-03 11:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2017-06-14 17:08 - 2017-06-03 11:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-06-14 17:08 - 2017-06-03 11:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2017-06-14 17:08 - 2017-06-03 10:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2017-06-14 17:08 - 2017-06-03 10:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-06-14 17:08 - 2017-06-03 10:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2017-06-14 17:08 - 2017-06-03 10:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2017-06-14 17:08 - 2017-06-03 10:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-06-14 17:08 - 2017-06-03 10:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-06-14 17:08 - 2017-06-03 10:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
    2017-06-14 17:08 - 2017-06-03 10:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
    2017-06-14 17:08 - 2017-06-03 10:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2017-06-14 17:08 - 2017-06-03 10:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2017-06-14 17:08 - 2017-06-03 10:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2017-06-14 17:08 - 2017-06-03 10:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2017-06-14 17:08 - 2017-06-03 10:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
    2017-06-14 17:08 - 2017-06-03 10:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
    2017-06-14 17:08 - 2017-06-03 10:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
    2017-06-14 17:08 - 2017-06-03 10:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2017-06-14 17:08 - 2017-06-03 10:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2017-06-14 17:08 - 2017-06-03 10:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-06-14 17:08 - 2017-06-03 10:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-06-14 17:08 - 2017-06-03 10:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-06-14 17:08 - 2017-06-03 10:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-06-14 17:08 - 2017-06-03 10:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2017-06-14 17:08 - 2017-06-03 09:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-06-14 17:08 - 2017-06-03 09:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2017-06-14 17:08 - 2017-06-03 09:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-06-14 17:08 - 2017-06-03 09:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2017-06-14 17:08 - 2017-05-20 08:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2017-06-14 17:08 - 2017-05-20 08:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2017-06-14 17:08 - 2017-05-20 07:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2017-06-14 17:08 - 2017-05-20 07:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2017-06-14 17:08 - 2017-05-20 07:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2017-06-14 17:08 - 2017-05-20 07:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2017-06-14 17:08 - 2017-05-20 07:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-06-14 17:08 - 2017-05-20 07:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-06-14 17:08 - 2017-05-20 07:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-06-14 17:08 - 2017-05-20 07:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2017-06-14 17:08 - 2017-05-20 07:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
    2017-06-14 17:08 - 2017-05-20 07:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-06-14 17:08 - 2017-05-20 07:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
    2017-06-14 17:08 - 2017-05-20 07:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
    2017-06-14 17:08 - 2017-05-20 07:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
    2017-06-14 17:08 - 2017-05-20 07:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
    2017-06-14 17:08 - 2017-05-20 07:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
    2017-06-14 17:08 - 2017-05-20 07:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
    2017-06-14 17:08 - 2017-05-20 07:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
    2017-06-14 17:08 - 2017-05-20 07:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2017-06-14 17:08 - 2017-05-20 07:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2017-06-14 17:08 - 2017-05-20 06:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2017-06-14 17:08 - 2017-05-20 06:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2017-06-14 17:08 - 2017-05-20 06:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-06-14 17:08 - 2017-05-20 06:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
    2017-06-14 17:08 - 2017-05-20 06:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2017-06-14 17:08 - 2017-05-20 06:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2017-06-14 17:08 - 2017-05-20 06:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2017-06-14 17:08 - 2017-05-20 06:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2017-06-14 17:08 - 2017-05-20 06:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2017-06-14 17:08 - 2017-05-20 06:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
    2017-06-14 17:08 - 2017-05-20 06:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2017-06-14 17:08 - 2017-05-20 06:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
    2017-06-14 17:08 - 2017-05-20 06:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
    2017-06-14 17:06 - 2017-06-03 11:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-06-14 17:06 - 2017-06-03 11:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-06-14 17:06 - 2017-06-03 11:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2017-06-14 17:06 - 2017-06-03 10:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2017-06-14 17:06 - 2017-06-03 10:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2017-06-14 17:06 - 2017-06-03 10:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-06-14 17:06 - 2017-06-03 09:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2017-06-14 17:05 - 2017-05-20 07:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2017-06-14 17:04 - 2017-05-20 07:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2017-06-14 17:03 - 2017-06-03 11:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-06-14 17:03 - 2017-06-03 11:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-06-14 17:03 - 2017-06-03 11:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2017-06-14 17:03 - 2017-06-03 11:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-06-14 17:03 - 2017-06-03 11:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
    2017-06-14 17:03 - 2017-06-03 10:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-06-14 17:03 - 2017-06-03 10:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2017-06-14 17:03 - 2017-06-03 10:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
    2017-06-14 17:03 - 2017-06-03 10:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-06-14 17:03 - 2017-06-03 10:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-06-14 17:03 - 2017-06-03 09:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-06-14 17:03 - 2017-06-03 09:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2017-06-14 17:03 - 2017-06-03 09:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2017-06-14 17:03 - 2017-06-03 09:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
    2017-06-14 17:03 - 2017-05-20 08:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-06-14 17:03 - 2017-05-20 07:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
    2017-06-14 17:03 - 2017-05-20 07:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
    2017-06-14 17:03 - 2017-05-20 07:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-06-14 17:03 - 2017-05-20 07:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2017-06-14 17:03 - 2017-05-20 07:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2017-06-14 17:03 - 2017-05-20 07:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
    2017-06-14 17:03 - 2017-05-20 07:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-06-14 17:03 - 2017-05-20 07:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-06-14 17:03 - 2017-05-20 07:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2017-06-14 17:03 - 2017-05-20 07:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2017-06-14 17:03 - 2017-05-20 07:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
    2017-06-14 17:03 - 2017-05-20 07:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2017-06-14 17:03 - 2017-05-20 07:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
    2017-06-14 17:03 - 2017-05-20 07:00 - 05776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
    2017-06-14 17:03 - 2017-05-20 07:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2017-06-14 17:03 - 2017-05-20 07:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2017-06-14 17:03 - 2017-05-20 06:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2017-06-14 17:03 - 2017-05-20 06:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2017-06-14 17:03 - 2017-05-20 06:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-06-14 17:03 - 2017-05-20 06:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2017-06-14 17:03 - 2017-05-20 06:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-06-14 17:03 - 2017-05-20 06:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2017-06-14 17:03 - 2017-05-20 06:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2017-06-14 17:03 - 2017-05-20 06:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-06-14 17:03 - 2017-05-20 06:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-06-14 17:03 - 2017-05-20 06:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
    2017-06-14 17:02 - 2017-06-03 11:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-06-14 16:58 - 2017-06-03 11:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2017-06-14 16:58 - 2017-05-20 08:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-06-14 16:58 - 2017-05-20 07:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-06-14 16:58 - 2017-05-20 07:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2017-06-14 16:58 - 2017-05-20 07:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2017-06-14 16:57 - 2017-06-03 10:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-06-13 12:33 - 2017-06-13 12:33 - 01156922 _____ C:\Users\MoodyMiss\Downloads\Epping Forest S13A 201718 v1.4.pdf
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-07-09 21:58 - 2016-11-25 07:09 - 00139343 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
    2017-07-09 21:53 - 2017-05-15 22:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-07-09 21:53 - 2016-11-20 12:24 - 00000000 __SHD C:\Users\MoodyMiss\IntelGraphicsProfiles
    2017-07-09 21:52 - 2017-05-15 23:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-07-09 21:51 - 2017-03-18 12:40 - 01835008 _____ C:\WINDOWS\system32\config\BBI
    2017-07-09 21:46 - 2016-11-19 20:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-07-09 21:05 - 2016-11-19 21:57 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2017-07-09 19:34 - 2016-11-26 13:18 - 00000000 ____D C:\Program Files (x86)\SmartApp
    2017-07-09 19:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
    2017-07-09 18:08 - 2017-05-15 22:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-07-09 16:11 - 2016-08-30 20:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-07-09 15:47 - 2017-05-15 22:39 - 00000000 ____D C:\Users\MoodyMiss
    2017-07-09 15:45 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-07-09 14:57 - 2017-01-02 04:05 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Skype
    2017-07-09 06:40 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-07-09 04:34 - 2016-11-20 12:24 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Packages
    2017-07-09 04:31 - 2016-12-22 21:36 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\CrashDumps
    2017-07-09 01:09 - 2017-03-11 13:00 - 00000000 ____D C:\Program Files (x86)\Steam
    2017-07-09 00:54 - 2016-11-19 21:58 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\TeamViewer
    2017-07-08 21:37 - 2016-11-30 00:21 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\ElevatedDiagnostics
    2017-07-08 11:54 - 2016-12-01 01:36 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-07-07 21:09 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-07-07 20:42 - 2016-11-19 20:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-07-07 20:33 - 2016-12-18 17:11 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Spotify
    2017-07-07 18:24 - 2016-12-18 17:08 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Spotify
    2017-07-06 17:11 - 2016-11-19 20:54 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Mozilla
    2017-07-04 20:51 - 2016-12-12 02:02 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\discord
    2017-07-04 16:33 - 2017-03-22 00:26 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\PokerStars.UK
    2017-07-03 15:24 - 2017-03-22 00:23 - 00000000 ____D C:\Program Files (x86)\PokerStars.UK
    2017-07-02 20:59 - 2016-12-22 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    2017-06-29 17:36 - 2016-12-05 23:19 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Apple Computer
    2017-06-27 19:34 - 2016-12-05 00:49 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-06-27 19:34 - 2016-12-05 00:49 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-06-23 20:02 - 2016-11-24 14:25 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\vlc
    2017-06-23 19:11 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-06-23 17:17 - 2017-05-14 22:18 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\dvdcss
    2017-06-23 12:42 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
    2017-06-23 09:28 - 2016-06-11 11:58 - 00010720 _____ C:\Users\MoodyMiss\Downloads\Food Diary.xlsx
    2017-06-23 09:23 - 2016-12-05 23:19 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Apple Computer
    2017-06-23 01:51 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-06-22 10:06 - 2017-05-15 23:14 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-06-22 10:06 - 2016-11-20 12:27 - 00002413 _____ C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-06-22 10:06 - 2016-11-20 12:27 - 00000000 ___RD C:\Users\MoodyMiss\OneDrive
    2017-06-21 14:53 - 2016-12-05 23:14 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-06-21 14:39 - 2016-12-05 23:16 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2017-06-18 09:57 - 2017-05-15 22:38 - 01119902 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-06-18 04:24 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
    2017-06-18 01:46 - 2017-03-04 01:01 - 00000000 ___RD C:\Program Files (x86)\Skype
    2017-06-18 01:46 - 2016-11-19 21:22 - 00000000 ____D C:\ProgramData\Skype
    2017-06-17 23:42 - 2015-11-03 20:24 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-06-17 23:38 - 2017-05-15 22:33 - 00381096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-06-17 23:37 - 2016-12-24 20:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-06-17 23:37 - 2016-12-24 20:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\system32\F12
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___RD C:\Program Files\Windows Defender
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-06-14 18:03 - 2016-11-19 21:24 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-06-14 17:42 - 2016-11-19 21:24 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-06-14 17:36 - 2016-12-24 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-06-10 00:23 - 2016-12-04 23:42 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Windows Live
    2017-06-09 23:28 - 2016-11-27 20:45 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\LastPass
     
    ==================== Files in the root of some directories =======
     
    2016-12-10 05:34 - 2016-12-10 05:34 - 0000017 _____ () C:\Users\MoodyMiss\AppData\Local\resmon.resmoncfg
    2017-05-15 22:36 - 2017-05-15 22:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-06-25 05:29
     
    ==================== End of FRST.txt ============================
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
    Ran by MoodyMiss (09-07-2017 22:09:40)
    Running from C:\Users\MoodyMiss\Desktop\Malware Tools
    Windows 10 Home Version 1703 (X64) (2017-05-15 22:25:08)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-3099505937-1185706521-667985844-500 - Administrator - Disabled)
    MoodyMiss (S-1-5-21-3099505937-1185706521-667985844-1001 - Administrator - Enabled) => C:\Users\MoodyMiss
    DefaultAccount (S-1-5-21-3099505937-1185706521-667985844-503 - Limited - Disabled)
    Guest (S-1-5-21-3099505937-1185706521-667985844-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3099505937-1185706521-667985844-1003 - Limited - Enabled)
    Visitor (S-1-5-21-3099505937-1185706521-667985844-1004 - Limited - Enabled) => C:\Users\Visitor
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
    Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
    Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
    Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
    Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
    AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
    Big Bang Empire (HKLM\...\Steam App 510660) (Version:  - Playata GmbH)
    Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    BookWorm Deluxe (HKLM\...\Steam App 3370) (Version:  - PopCap Games, Inc.)
    BT Locker (HKLM\...\{ABD07801-AB2B-4C40-A5B0-9D459A328092}_is1) (Version: 1.1.01.42 - Lenovo)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
    Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.01 - Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
    Cisco VideoGuard Player (HKLM-x32\...\{73d6b22b-650b-46d9-93ff-3045da5df3cd}) (Version: 7.3.0.62003 - Cisco Systems, Inc)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    Discord (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
    Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
    Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
    Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
    Everlasting Summer (HKLM\...\Steam App 331470) (Version:  - Soviet Games)
    Fallout Shelter (HKLM\...\Steam App 588430) (Version:  - Bethesda Game Studios)
    Family Tree Maker 2014 (HKLM\...\{6948B4FD-92E3-4069-B9E2-9216E1347DA3}) (Version: 22.0.1474 - Software MacKiev)
    Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version:  - Panoramik Inc)
    Frontpage Express version 2002 (HKLM-x32\...\{980FDD7A-F25D-4B22-BD85-195D411A4251}_is1) (Version: 2002 - Microsoft)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
    Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
    IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
    IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
    Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
    Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
    Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation)
    iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
    JackpotLiner (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\JackpotLiner) (Version:  - )
    Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
    K-Lite Codec Pack 12.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.7.5 - KLCP)
    Lenovo Business Vantage (HKLM-x32\...\{BAAE4B9C-8D26-44AF-BCE8-181C8F4A8D5B}_is1) (Version: 3.0.2.3 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
    Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
    Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.5.5720.01 - CyberLink Corp.)
    Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden
    Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
    Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
    Lenovo Service Bridge (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)
    Lenovo Solution Center (HKLM\...\{558E50EE-5E2D-479A-A455-8A826191583B}) (Version: 3.3.004.00 - Lenovo)
    Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
    LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
    LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
    Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
    Manager (HKLM-x32\...\{3802F563-BAD7-47F3-AF91-ED1C9467B224}) (Version: 3.0.7.25771 - ANDREA VACONDIO) Hidden
    Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
    Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
    Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
    Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
    Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 54.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-GB)) (Version: 54.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
    MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
    Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
    NOW TV Player 2.0.1.0 (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\com.bskyb.nowtvplayer_is1) (Version: 2.0.1.0 - NOW TV)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
    PDFsam Basic (HKLM-x32\...\{910EA44E-8446-405D-BFE1-82F562F847D0}) (Version: 3.30.0.0 - Andrea Vacondio)
    PDFsam Enhanced (HKLM-x32\...\PDFsam Enhanced) (Version: 3.0.31.29080 - Copyright 2016 Andrea Vacondio)
    PDFsam Enhanced 4 (HKLM-x32\...\PDFsam Enhanced 4) (Version: 4.0.3.32301 - Copyright 2017 Andrea Vacondio)
    PDFsam Enhanced 4 Asian Fonts Pack (HKLM\...\{B196CA8F-9E0B-4313-B869-D70ABBF39D65}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Convert Module (HKLM\...\{2703396F-9F8D-4B33-9505-EC9790843796}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Create Module (HKLM\...\{B1F90D78-911F-478A-807E-C11F549F54F0}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Edit Module (HKLM\...\{5738E844-1029-4CEF-A31C-E1825431EC5B}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Forms Module (HKLM\...\{C54F9BD4-9C60-4B72-A8D2-30B4D003F348}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Insert Module (HKLM\...\{EFE05902-4CD7-448E-9504-45FD34983C48}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 OCR Module (HKLM\...\{AE52B43E-540F-4144-895D-D84477ADBAD8}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Review Module (HKLM\...\{8CE14103-AA20-4F03-A119-5DA176ECFC1C}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 Secure Module (HKLM\...\{F9B225E5-3A68-4DAB-95E0-13B32DE69277}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced 4 View Module (HKLM\...\{DF4F9D60-BF67-4BA3-8847-899F6A3C157E}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
    PDFsam Enhanced Asian Fonts Pack (HKLM\...\{817881FA-BD07-4A50-8F77-DA9AA6009093}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Convert Module (HKLM\...\{C3946663-4609-4158-A3AD-B9BFB16496F1}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Create Module (HKLM\...\{F790A93F-B881-4316-BDB4-D02783850695}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Edit Module (HKLM\...\{C584AD88-AFC9-4030-B391-49C0D04F6F1A}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Forms Module (HKLM\...\{3CAC256B-9C84-44F4-AC26-50B07FEA56B6}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Insert Module (HKLM\...\{A06D8CE0-76AA-4968-AC8B-221BE5128646}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced OCR Module (HKLM\...\{B83B283F-87BB-4C61-8F50-E45EDD0C7C8C}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Review Module (HKLM\...\{35AF9861-0E3C-4C81-AFCC-73461EBC00B7}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced Secure Module (HKLM\...\{3B633A35-AE66-4AC3-B4A1-D2ED2594D368}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PDFsam Enhanced View Module (HKLM\...\{972049F9-650B-4430-82ED-6080470D27BA}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden
    PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
    PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
    Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
    RogueKiller version 12.11.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.1.0 - Adlice Software)
    Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
    Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    Secure [email protected] (HKLM-x32\...\{1F307FB4-E514-4695-8054-FFD32478302B}) (Version: 3.34.2839.0 - Valassis)
    SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.1 - Lenovo)
    Shopandscan (HKLM-x32\...\{0AE44DE7-5B32-4151-8272-0FA6DAF800E8}) (Version: 1.0.0 - Kantar WorldPanel)
    Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
    Snagit 13 (HKLM-x32\...\{2D2045B7-AF91-409C-87F6-99E263CDC13F}) (Version: 13.0.3 - TechSmith Corporation) Hidden
    Snagit 13 (HKLM-x32\...\{5acd453a-fa98-417a-b893-31468cbdd0e5}) (Version: 13.0.3.7115 - TechSmith Corporation)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
    Spotify (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
    Tap Adventure: Time Travel (HKLM\...\Steam App 596650) (Version:  - Avallon Alliance)
    Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
    Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
    Tixati (HKLM-x32\...\tixati) (Version:  - )
    Transformice (HKLM\...\Steam App 335240) (Version:  - Atelier 801)
    Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
    TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
    Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
    User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
    Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
    vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
    WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
    Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
    Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports  (06/02/2008 2.0.5.5) (HKLM\...\245A139F08D3D69654D8822673D0B5EBFB63EF38) (Version: 06/02/2008 2.0.5.5 - OPTO ELECTRONICS CO.,LTD)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
    xplorer² lite 32 bit (HKLM-x32\...\xplorer2l) (Version: 3.2.0.2 - Zabkat)
    Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()
    ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers01: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (Cyberlink)
    ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
    ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2014-05-19] (Nitro PDF)
    ContextMenuHandlers01: [PDFsamEnhanced4_ManagerExt] -> {6641FF9D-C10F-4B6A-B25E-9978121F33FF} => C:\Program Files\PDFsam Enhanced 4\creator-context-menu.dll [2017-02-22] (Andrea Vacondio)
    ContextMenuHandlers01: [PDFsamEnhanced_ManagerExt] -> {9ADBE344-48D8-4317-8CD7-13DA9095B33B} => C:\Program Files\PDFsam Enhanced\creator-context-menu.dll [2016-07-06] (Andrea Vacondio)
    ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
    ContextMenuHandlers01: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)
    ContextMenuHandlers01: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation)
    ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
    ContextMenuHandlers02: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (Cyberlink)
    ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
    ContextMenuHandlers04: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)
    ContextMenuHandlers04: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation)
    ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Intel Corporation)
    ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()
    ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers06: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} =>  -> No File
    ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {15653CA7-22F1-486E-B19D-2429F8D425E6} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-09-11] (CyberLink Corp.)
    Task: {1880A59D-AC0D-4A22-8C23-2BE29805C180} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
    Task: {1E93F5D1-514B-417B-A64E-C50059B40681} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo)
    Task: {1F9E9E02-1E7A-4AB8-839B-3F51CECC758F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-07] (Microsoft Corporation)
    Task: {2D11EAEE-AAC8-4E81-8C65-EBE89E7B1F9C} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-08-24] (Lenovo)
    Task: {2E9F9B7F-B88F-43B5-A244-B87FB358A78B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
    Task: {37BFBFFD-3764-4710-A959-86DB6A7C95CF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3593faad-79e1-431b-8365-4e72ef92b484 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
    Task: {38A561DA-58C0-4752-BEA4-0EE9A6CE04E0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6040606f-1845-467a-a2a3-3d6bdf8fe93e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
    Task: {3E563827-996E-41FC-B2CE-6F6C0D5C919C} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
    Task: {424AF48A-9555-40F6-ADD4-2012D6025198} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
    Task: {485EA9F5-9BAD-4849-81B1-B7DAB7A6B8CA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3099505937-1185706521-667985844-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
    Task: {4A502CD5-5C96-47E9-991E-DA348B1536DD} - System32\Tasks\Restart Snagit => C:\Program Files (x86)\TechSmith\Snagit 13\snagit32.exe [2016-11-03] (TechSmith Corporation)
    Task: {50BE0FB9-2FD1-4189-8930-88900DE49AA8} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-09-06] (TechSmith Corporation)
    Task: {586EC27B-7F39-4980-A250-BA1E6C62E9E5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-07] (Lenovo)
    Task: {59554F6C-0943-4DAB-9F41-1D93AF75B008} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
    Task: {609C19DD-4239-4D4A-A5B3-3644B8ABB1B9} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
    Task: {651B6C4A-111C-43F8-862C-EFA22A6FC080} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f8de029d-c6f0-40cb-ad1b-615dcbf1af44 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
    Task: {75B63EB5-E544-4DD2-A1AD-CAE4B83EA5CD} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-08-24] ()
    Task: {857C58BB-48E8-4F94-893E-F0E67D61F4FF} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-12-20] ()
    Task: {9B2BBBE0-7848-4C2F-89AB-97E22D0C73D0} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-09-22] (CyberLink Corp.)
    Task: {9D094F3A-31DC-44AB-940E-FC3C830F8976} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
    Task: {B19C3485-BE5C-4A18-A709-759CE120168D} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
    Task: {B5B8C3F4-3A61-4B2B-A3BE-1B3C44091BD8} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-09-25] ()
    Task: {CAFCE55B-DD8B-4A3F-B63A-CAC356AEEDB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-19] (Google Inc.)
    Task: {CBAB3062-C700-45D9-84FE-9ED60BB5A2F0} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-09-25] ()
    Task: {D2061CB0-93A8-41A3-B44B-A8C0B724B395} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-19] (Google Inc.)
    Task: {E3B8A737-253C-4AE4-8F08-8C402503E6C4} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
    Task: {EE5E9AF1-F9E7-42C2-A78F-68A3F99BC4C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
     
    ==================== Shortcuts & WMI ========================
     
    (The entries could be listed to be restored or removed.)
     
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-05-19 13:27 - 2014-05-19 13:27 - 00417800 _____ () c:\program files\nitro\pro 9\nitro_updateservice.exe
    2017-03-18 21:58 - 2017-03-18 21:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2016-08-30 20:23 - 2017-07-07 07:08 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2017-07-08 17:39 - 2017-07-08 17:39 - 00155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
    2017-03-18 21:59 - 2017-03-19 03:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-05-03 04:39 - 2017-04-23 22:28 - 00401912 _____ () C:\WINDOWS\system32\igfxTray.exe
    2016-08-30 21:56 - 2015-02-09 04:18 - 00124440 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    2016-08-30 20:31 - 2016-08-30 20:31 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    2016-08-30 20:31 - 2016-08-30 20:31 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
    2017-06-27 19:34 - 2017-06-23 04:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
    2017-06-27 19:34 - 2017-06-23 04:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
    2016-08-30 20:36 - 2014-07-04 05:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
    2014-07-04 20:35 - 2014-07-04 20:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
    2017-07-09 21:54 - 2017-07-09 21:54 - 00098816 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32api.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00110080 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\pywintypes27.dll
    2017-07-09 21:54 - 2017-07-09 21:54 - 00364544 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\pythoncom27.dll
    2017-07-09 21:54 - 2017-07-09 21:54 - 00320512 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32com.shell.shell.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00914432 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\_hashlib.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 01176576 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\wx._core_.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00806400 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\wx._gdi_.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00816128 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\wx._windows_.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 01067008 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\wx._controls_.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00733184 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\wx._misc_.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00682496 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\pysqlite2._sqlite.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00088064 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\_ctypes.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00686080 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\unicodedata.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00119808 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32file.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00108544 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32security.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00007168 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\hashobjs_ext.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00017920 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\thumbnails_ext.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00088064 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\usb_ext.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00012800 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\common.time34.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00018432 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32event.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00167936 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32gui.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00046080 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\_socket.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 01303552 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\_ssl.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00128512 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\_elementtree.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00127488 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\pyexpat.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00038912 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32inet.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00036864 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\_psutil_windows.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00524248 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\windows._lib_cacheinvalidation.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00011264 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32crypt.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00123392 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\wx._wizard.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00077312 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\wx._html2.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00027648 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\_multiprocessing.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00020480 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\_yappi.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00035840 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32process.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00078848 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\wx._animate.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00024064 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32pipe.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00010240 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\select.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00025600 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32pdh.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00017408 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32profile.pyd
    2017-07-09 21:54 - 2017-07-09 21:54 - 00022528 ____R () C:\Users\MoodyMiss\AppData\Local\Temp\_MEI96762\win32ts.pyd
    2017-01-27 10:30 - 2016-09-22 07:24 - 00884504 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\Kernel\Boomerang\UNO.dll
    2017-01-27 10:27 - 2016-09-22 07:11 - 00081920 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ctypes.pyd
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
    AlternateDataStreams: C:\Windows:nlsPreferences [386]
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Control Panel\Desktop\\Wallpaper -> 
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    HKLM\...\StartupApproved\Run: => "BTLocker"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Discord"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "PhotoMasterImportAgent"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "iCloudServices"
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [UDP Query User{C523F6ED-096B-475A-A96F-4A6569C7524B}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{18B79870-47AA-448F-B1EA-A53DD52769D5}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{FC378638-F3F2-43A5-8619-7A4CBF9CF7E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
    FirewallRules: [{157B1891-94BE-4233-932D-D6919EE3FC0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
    FirewallRules: [{9BD41384-7161-4D4D-A9A4-7F105B444AD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Bang Empire\Big Bang Empire.exe
    FirewallRules: [{BD93136A-6C6E-46DA-B270-B41570402D69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Bang Empire\Big Bang Empire.exe
    FirewallRules: [{4637A8C0-7CB4-4CB9-AA44-6818AE8B5830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
    FirewallRules: [{39798A39-477F-4A46-A493-6A155FCC477B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
    FirewallRules: [{93327FEA-B932-4A83-AA43-2037599271A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
    FirewallRules: [{7ABDC41F-4CDF-4DDB-A5A8-4A64D5ECC6E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
    FirewallRules: [{DF9CFA7F-3B32-43DD-BBC6-AC8DDE269D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
    FirewallRules: [{24E2C04F-BCC5-4947-A61A-7E6263DB1DD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
    FirewallRules: [{809DD42A-E467-48C9-87F0-E88A1AA2DE8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tap Adventure Time Travel\TapAdventure.exe
    FirewallRules: [{AB35B7B2-8856-4B5F-81FE-268712E2AA6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tap Adventure Time Travel\TapAdventure.exe
    FirewallRules: [{5489D42D-701C-410C-9C47-21AF7D2D99D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe
    FirewallRules: [{FD3AD805-A2A8-43CE-97BD-A173DB02C544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe
    FirewallRules: [{D00CBAC4-3B2E-443C-91BC-F9448F95811C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
    FirewallRules: [UDP Query User{9BA926EC-A108-40BA-908D-D82BB6832067}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe
    FirewallRules: [TCP Query User{595ECB4D-B6F6-465D-8F25-079F1CC599E2}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe
    FirewallRules: [{35EA6F1C-1C9D-4602-8354-CAE09FA18F90}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{4E8898FA-7FA8-4EB9-AD58-217B2C1090FE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{2FEE6E92-F25D-4EBB-9C95-54986E24590B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1CA6CACC-B1BA-4DA2-9E95-B0FA8DEDD685}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{079EF1EA-3010-4338-A8BC-346B233416EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{911BB808-3C04-430F-9E53-0FB190B3DF41}] => (Allow) LPort=8298
    FirewallRules: [UDP Query User{ED823690-8181-4DE3-A826-69C7863688EA}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
    FirewallRules: [TCP Query User{887F5358-031F-4F72-A876-924F1E5C0A1F}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
    FirewallRules: [UDP Query User{859291AC-BF16-4402-A40A-AA75E1A5B481}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{8188D74C-6D7E-4F0C-B9B5-451C96BE3DD6}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{37F2BD7C-5A26-42C2-81F2-151F6ED6D634}] => (Allow) LPort=1900
    FirewallRules: [{2D94A0B4-9DC1-4432-A9AC-D5723C8C8B34}] => (Allow) LPort=2869
    FirewallRules: [{7EEBBDEA-6D28-4816-8180-0A1034F7D806}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{6BE5269A-B295-480C-8C99-833F3ED25F5D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
    FirewallRules: [{B8554D56-1362-4103-BAF5-31CB177927C9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
    FirewallRules: [{92A6AD71-E00B-4B62-97EF-5C0CCB20DB35}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{19563F32-4408-46C2-BE41-C0DFC825B698}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C6A45646-BB54-40BA-85D4-899CDAC6EE62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{722DB0CF-9497-4EA6-AE11-8FFD73EFEB2C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{D5DB6196-28BE-4F62-846A-9D36A0000305}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{7F0B7BA5-7512-41CC-A5F8-D81CBC40D74A}] => (Allow) %systemroot%\system32\alg.exe
    FirewallRules: [{6320F4AD-D49D-432D-8F1C-18E1F58A8B54}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{4FC8B6CF-EFFA-4E05-B237-EF8EA2F18D17}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{1667C0E4-AACE-4C86-AFE4-6115075B999A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{513C7487-8756-4F9C-AD66-E195AD25FB39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{6FD41AD0-7D02-4BDC-AAA4-74999B5171A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{E0944258-B37B-4D3D-B685-8DF7877A59AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C581090D-D655-4A61-8FC3-7E2951461E08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [TCP Query User{FA3BBC96-D05A-4B22-B670-7DD39CA3C039}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
    FirewallRules: [UDP Query User{41C54473-73A3-4EE3-91E8-A24A8EC56638}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
     
    ==================== Restore Points =========================
     
    27-06-2017 03:27:17 Scheduled Checkpoint
    27-06-2017 19:29:05 JRT Pre-Junkware Removal
    03-07-2017 12:18:34 Installed SmartApp
    09-07-2017 15:36:35 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (07/09/2017 09:59:25 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
    Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
     
     
    System errors:
    =============
    Error: (07/09/2017 09:57:19 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-PD9G7JHJ)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
     and APPID 
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
     to the user LAPTOP-PD9G7JHJ\MoodyMiss SID (S-1-5-21-3099505937-1185706521-667985844-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 09:57:19 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-PD9G7JHJ)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
     and APPID 
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
     to the user LAPTOP-PD9G7JHJ\MoodyMiss SID (S-1-5-21-3099505937-1185706521-667985844-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 09:53:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
    The service did not respond to the start or control request in a timely fashion.
     
    Error: (07/09/2017 09:53:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
     
    Error: (07/09/2017 09:52:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 09:52:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
     
    Error: (07/09/2017 09:52:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the ZAMSvc service to connect.
     
    Error: (07/09/2017 09:52:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ClickToRunSvc service failed to start due to the following error: 
    The service did not respond to the start or control request in a timely fashion.
     
    Error: (07/09/2017 09:52:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the ClickToRunSvc service to connect.
     
    Error: (07/09/2017 09:52:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The CldFlt service failed to start due to the following error: 
    The request is not supported.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
    Percentage of memory in use: 44%
    Total physical RAM: 8105.84 MB
    Available physical RAM: 4519.34 MB
    Total Virtual: 17321.84 MB
    Available Virtual: 13486.71 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows) (Fixed) (Total:689.64 GB) (Free:588.27 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.34 GB) NTFS
    Drive e: (UPD1_607677) (CDROM) (Total:7.12 GB) (Free:0 GB) UDF
    Drive f: (Data) (Fixed) (Total:195.31 GB) (Free:80.6 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 037C6746)
     
    Partition: GPT.
     
    ==================== End of Addition.txt ============================

    • 0

    #12
    missmoody

    missmoody

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    After installing Speedyfox and following your instructions it took 4.93 seconds to load my homepage. 

     

    Here is the process explorer log. 

     

     

    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    System Idle Process 72.50 52 K 8 K 0
    TeamViewer.exe 9.60 81,476 K 109,896 K 7812 TeamViewer 12 TeamViewer GmbH (Verified) TeamViewer GmbH
    TeamViewer_Desktop.exe 3.25 364,640 K 352,480 K 11100 TeamViewer 12 TeamViewer GmbH (Verified) TeamViewer GmbH
    audiodg.exe 3.11 20,836 K 27,132 K 4844 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
    procexp64.exe 3.03 36,740 K 74,780 K 3608 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    TeamViewer_Service.exe 2.58 21,132 K 31,860 K 3872 TeamViewer 12 TeamViewer GmbH (Verified) TeamViewer GmbH
    System 1.40 144 K 1,536 K 4
    Interrupts 1.35 0 K 0 K n/a Hardware Interrupts and DPCs
    MsMpEng.exe 0.85 152,772 K 140,784 K 3928 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
    SpeechRuntime.exe 0.70 18,008 K 27,200 K 8528 Speech Runtime Executable Microsoft Corporation (Verified) Microsoft Windows
    dwm.exe 0.44 52,796 K 73,644 K 1060 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    chrome.exe 0.24 134,632 K 194,516 K 11416 Google Chrome Google Inc. (Verified) Google Inc
    PhotoMasterWorker.exe 0.17 45,080 K 51,292 K 14052 Lenovo Photo Master Update CyberLink Corp. (Verified) CyberLink Corp.
    FRST64.exe 0.16 26,652 K 55,816 K 14236 Farbar Recovery Scan Tool Farbar (No signature was present in the subject) Farbar
    csrss.exe 0.15 2,328 K 5,384 K 704 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
    explorer.exe 0.13 51,756 K 113,364 K 7900 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    CNMNSST.exe 0.07 1,800 K 8,732 K 8464 Canon IJ Network Scanner Selector EX CANON INC. (Verified) Canon Inc.
    googledrivesync.exe 0.06 65,912 K 81,360 K 10604 Google Drive Google (Verified) Google Inc
    NisSrv.exe 0.05 11,424 K 4,536 K 8704 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
    Lenovo.Modern.ImController.PluginHost.SettingsApp.exe 0.03 29,780 K 51,268 K 4936 Lenovo.Modern.ImController.PluginHost Lenovo Group Limited (Verified) Lenovo
    AppleMobileDeviceService.exe 0.02 4,116 K 13,732 K 3332 MobileDeviceService Apple Inc. (Verified) Apple Inc.
    CiscoVideoGuardMonitor.exe 0.02 2,656 K 10,228 K 9760 CiscoVideoGuardMonitor Cisco (Verified) Cisco Video Technologies Israel Ltd.
    IAStorDataMgrSvc.exe 0.01 32,248 K 45,760 K 3900 IAStorDataSvc Intel Corporation (Verified) Intel Corporation - Rapid Storage Technology
    svchost.exe 0.01 5,248 K 14,264 K 5508 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    LSB.exe < 0.01 66,868 K 2,056 K 624 Lenovo Service Bridge Lenovo (Verified) LENOVO (UNITED STATES) INC.
    EvtEng.exe < 0.01 4,668 K 13,844 K 3436 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
    OfficeClickToRun.exe < 0.01 31,416 K 53,412 K 8580 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
    FMAPP.exe < 0.01 2,016 K 9,956 K 3400 FMAPP Application (Verified) Fortemedia Inc.
    lsass.exe < 0.01 5,664 K 14,596 K 848 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
    chrome.exe < 0.01 79,944 K 88,872 K 11816 Google Chrome Google Inc. (Verified) Google Inc
    CNQMUPDT.EXE < 0.01 24,232 K 26,512 K 10864 Canon Quick Menu Updater CANON INC. (Verified) Canon Inc.
    svchost.exe < 0.01 85,184 K 90,732 K 3836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    GDCAgent.exe < 0.01 4,976 K 14,752 K 9168 GDCAgent Lenovo (Verified) LENOVO
    CLMLSvc_P2G8.exe < 0.01 2,688 K 11,528 K 10080 CyberLink MediaLibrary Service CyberLink (Verified) CyberLink Corp.
    svchost.exe < 0.01 2,484 K 8,312 K 708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    WUDFHost.exe < 0.01 2,424 K 9,912 K 1408 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 11,536 K 17,992 K 3496 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    tv_w32.exe < 0.01 1,424 K 7,084 K 5740 TeamViewer 12 TeamViewer GmbH (Verified) TeamViewer GmbH
    tv_x64.exe < 0.01 1,540 K 6,872 K 7552 TeamViewer 12 TeamViewer GmbH (Verified) TeamViewer GmbH
    svchost.exe < 0.01 11,280 K 25,356 K 1000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe < 0.01 2,648 K 9,416 K 13744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    Nitro_UpdateService.exe < 0.01 1,928 K 8,196 K 3520 (Verified) Nitro PDF Software
    SynTPEnh.exe < 0.01 5,848 K 20,032 K 9632 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
    svchost.exe < 0.01 9,796 K 18,924 K 2320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    MBAMService.exe < 0.01 18,340 K 41,840 K 3468 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
    creator-ws.exe < 0.01 2,368 K 11,196 K 3588 PDFsam Enhanced 4 Andrea Vacondio (Verified) ANDREA VACONDIO
    creator-ws.exe < 0.01 2,360 K 11,140 K 3620 PDFsam Enhanced Andrea Vacondio (Verified) ANDREA VACONDIO
    ZeroConfigService.exe 4,580 K 16,968 K 4008 Intel® PROSet/Wireless Zero Configure Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
    WUDFHost.exe 1,544 K 6,192 K 1868 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
    wmpnetwk.exe 7,580 K 24,224 K 6504 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe 4,124 K 13,848 K 5148 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe 4,924 K 13,188 K 8700 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    WmiApSrv.exe 1,336 K 6,412 K 8584 WMI Performance Reverse Adapter Microsoft Corporation (Verified) Microsoft Windows
    wlanext.exe 4,624 K 16,088 K 2960 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
    WINWORD.EXE 76,188 K 134,848 K 12672 Microsoft Word Microsoft Corporation (Verified) Microsoft Corporation
    winlogon.exe 2,300 K 9,532 K 792 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
    wininit.exe 1,396 K 6,260 K 688 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
    utility.exe 2,192 K 10,072 K 9548 Lenovo Utility (Verified) LENOVO
    UploaderService.exe 2,348 K 10,432 K 3888 TechSmith Uploader Service TechSmith Corporation (Verified) TechSmith Corporation
    unsecapp.exe 1,352 K 6,436 K 4900 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
    taskhostw.exe 8,408 K 19,132 K 5756 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
    SynTPHelper.exe 1,484 K 7,052 K 5420 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
    svchost.exe 6,264 K 11,932 K 616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 5,920 K 18,432 K 4624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,160 K 9,340 K 2576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,992 K 15,264 K 2844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,372 K 9,120 K 2892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 13,180 K 13,592 K 2028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 6,252 K 21,060 K 6732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 5,848 K 23,116 K 3780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,532 K 12,664 K 2944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,492 K 11,956 K 2604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,708 K 18,972 K 3956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,520 K 6,096 K 2612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,152 K 13,668 K 3824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 6,652 K 21,676 K 3420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,284 K 16,452 K 3880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,836 K 10,692 K 1432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,204 K 7,300 K 1720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,168 K 9,596 K 6140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,836 K 6,844 K 3548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 14,968 K 24,568 K 1460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,052 K 11,788 K 7100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,244 K 10,020 K 2016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,964 K 7,656 K 2076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,432 K 7,408 K 2120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 5,216 K 9,220 K 1968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,732 K 6,900 K 4664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,924 K 11,076 K 3568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,640 K 6,716 K 6092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,068 K 7,804 K 2592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,096 K 11,660 K 2472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,316 K 10,488 K 1152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 4,316 K 11,568 K 2364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,120 K 8,448 K 10000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 6,528 K 26,964 K 6712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,528 K 10,304 K 1536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,324 K 8,016 K 1108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,312 K 14,636 K 7452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 6,100 K 15,488 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,532 K 6,240 K 2212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,984 K 7,644 K 1520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,900 K 7,540 K 2200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,684 K 12,364 K 3392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,520 K 11,468 K 6216 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 908 K 3,708 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,376 K 5,860 K 1092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,064 K 9,212 K 1296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,736 K 6,844 K 1592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,564 K 6,380 K 1696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,940 K 8,300 K 1808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,020 K 8,124 K 1860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,272 K 5,504 K 2084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,168 K 8,640 K 2356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 3,840 K 8,284 K 3556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,272 K 5,644 K 3904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,280 K 5,300 K 4572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,740 K 6,812 K 5276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,640 K 6,500 K 5932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,956 K 8,584 K 5240 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,968 K 11,056 K 6080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,368 K 5,976 K 8156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,116 K 9,720 K 9264 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,632 K 5,624 K 9404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 2,696 K 11,344 K 7304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    svchost.exe 1,936 K 8,700 K 4492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
    sqlwriter.exe 2,004 K 7,568 K 3772 SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
    spoolsv.exe 9,268 K 22,892 K 3036 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    splwow64.exe 2,892 K 10,588 K 8756 Print driver host for applications Microsoft Corporation (Verified) Microsoft Windows
    smss.exe 484 K 1,176 K 408 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
    smartscreen.exe 13,452 K 31,204 K 11836 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
    sihost.exe 6,332 K 23,004 K 1444 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
    ShellExperienceHost.exe Suspended 35,292 K 72,492 K 7948 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
    services.exe 4,904 K 10,268 K 828 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
    SecurityHealthService.exe 3,816 K 13,960 K 3736 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
    SearchUI.exe Suspended 48,972 K 90,076 K 7532 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
    SearchIndexer.exe 28,588 K 24,460 K 3944 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    RuntimeBroker.exe 11,040 K 32,040 K 2480 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
    RTFTrack.exe 14,660 K 10,260 K 9412 RTFTrack Realtek semiconductor (Verified) Realtek Semiconductor Corp
    RestartThread.exe 768 K 3,180 K 3756 Service program to restart BTDemoservice Lenovo (Verified) LENOVO
    RemindersServer.exe Suspended 9,596 K 20,488 K 8200 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
    RegSrvc.exe 1,908 K 9,212 K 3724 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
    RAVCpl64.exe 4,120 K 13,792 K 7548 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    RAVBg64.exe 5,764 K 13,984 K 8404 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    RAVBg64.exe 5,772 K 14,004 K 9276 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    RAVBg64.exe 5,780 K 14,016 K 8412 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    procexp.exe 3,184 K 10,876 K 8268 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    PresentationFontCache.exe 25,472 K 18,372 K 724 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
    PDVD12Serv.exe 1,568 K 436 K 1200 PowerDVD Service CyberLink Corp. (Verified) CyberLink Corp.
    PDFsam Manager.exe 3,684 K 13,676 K 3648 Messenger service ANDREA VACONDIO (Verified) ANDREA VACONDIO
    ONENOTEM.EXE 2,552 K 2,368 K 10008 Send to OneNote Tool Microsoft Corporation (Verified) Microsoft Corporation
    notepad.exe 3,220 K 17,884 K 12152 Notepad Microsoft Corporation (Verified) Microsoft Windows
    NLSSRV32.EXE 848 K 3,468 K 3536 This service enables products that use the Nalpeiron Licensing System Nalpeiron Ltd. (Verified) Nitro PDF Software
    NitroPDFDriverService9x64.exe 1,296 K 5,668 K 3484 Nitro PDF Spool Service Nitro PDF Software (Verified) Nitro PDF Software
    MSASCuiL.exe 1,956 K 9,704 K 4180 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
    Memory Compression 128 K 8,056 K 4304
    mbamtray.exe 13,252 K 20,892 K 8176 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
    LSCNotify.exe 1,544 K 328 K 10072 Lenovo Solution Center Notifications Lenovo (Verified) LENOVO
    Locator.exe 596 K 2,460 K 9228 Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
    Lenovo.Modern.ImController.PluginHost.Device.exe 34,124 K 56,972 K 13280 Lenovo.Modern.ImController.PluginHost Lenovo Group Limited (Verified) Lenovo
    Lenovo.Modern.ImController.exe 33,844 K 50,268 K 3428 Lenovo.Modern.ImController Lenovo Group Limited (Verified) Lenovo
    jusched.exe 2,060 K 11,992 K 9964 Java Update Scheduler Oracle Corporation (Verified) Oracle America
    jucheck.exe 3,088 K 14,460 K 10868 Java Update Checker Oracle Corporation (Verified) Oracle America
    igfxTray.exe 3,032 K 11,844 K 3616 (Verified) Intel® pGFX
    igfxHK.exe 2,772 K 11,128 K 6516 igfxHK Module Intel Corporation (Verified) Intel® pGFX
    igfxEM.exe 3,544 K 13,308 K 288 igfxEM Module Intel Corporation (Verified) Intel® pGFX
    igfxCUIService.exe 2,088 K 8,872 K 1948 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
    ibtsiva.exe 924 K 4,016 K 3412 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
    IAStorIcon.exe 25,296 K 32,312 K 11024 IAStorIcon Intel Corporation (Verified) Intel Corporation - Rapid Storage Technology
    googledrivesync.exe 1,536 K 4,484 K 9676 Google Drive Google (Verified) Google Inc
    GoogleCrashHandler64.exe 1,632 K 260 K 964 Google Crash Handler Google Inc. (Verified) Google Inc
    GoogleCrashHandler.exe 1,660 K 252 K 7292 Google Crash Handler Google Inc. (Verified) Google Inc
    fontdrvhost.exe 2,668 K 6,620 K 988 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
    fontdrvhost.exe 1,648 K 3,804 K 980 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
    dasHost.exe 7,788 K 18,724 K 2040 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe 1,692 K 4,888 K 592 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
    conhost.exe 1,280 K 5,572 K 2988 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
    CNQMMAIN.EXE 60,128 K 31,904 K 5408 Canon Quick Menu CANON INC. (Verified) Canon Inc.
    chrome.exe 42,488 K 53,892 K 11760 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 25,432 K 35,512 K 13880 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 29,564 K 39,536 K 11376 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 151,428 K 154,836 K 11380 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 25,960 K 36,372 K 11372 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 30,328 K 39,684 K 11792 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 29,092 K 39,740 K 8496 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 52,836 K 67,012 K 11660 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 2,272 K 10,508 K 11384 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 2,196 K 11,044 K 11408 Google Chrome Google Inc. (Verified) Google Inc
    BTDemoService.exe 2,228 K 8,628 K 7460 Service program for BT Locker Lenovo (Verified) LENOVO

    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,799 posts
    • MVP

    Are you controling this via TeamViewer?  It's using a lot of CPU

     

    TeamViewer.exe 9.60 81,476 K 109,896 K 7812 TeamViewer 12 TeamViewer GmbH (Verified) TeamViewer GmbH
    TeamViewer_Desktop.exe 3.25 364,640 K 352,480 K 11100 TeamViewer 12 TeamViewer GmbH (Verified) TeamViewer GmbH
     
    TeamViewer_Service.exe 2.58 21,132 K 31,860 K 3872 TeamViewer 12 TeamViewer GmbH (Verified) TeamViewer GmbH
     
    Under 5 seconds is pretty good.
     
    How is your browser working now?  

    • 0

    #14
    missmoody

    missmoody

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    Yes, I've been helping out my girlfriend via TeamViewer as she's unwell. It seems vastly improved.. We both really appreciate all your help. 


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,799 posts
    • MVP
    Time to clean up:
     
    To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
     
    DeleteQuarantine:
     
    Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
     
    If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
     
    If you use Chrome/Firefox then get the Ublock Origin  Add-on from https://www.ublock.org/.  For IE go to adblockplus.org  and get the add-on.  (It's actually a program for IE)
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
     
    To prevent a relatively new phishing attack:  In Firefox, type:
     
    about:config
     
    in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in 
     
    puny
     
    You should only get one option:
    network.IDN_show_punycode
    We want it to say True but by default it is False so double click on it to toggle from False to True.
    Close and restart firefox.
     
    To test it you can go to:
     
     
    If the value is false you will see https://www.apple.cominstead of the correct value
     
     
    If you are a Facebook user get the FB Purity extension for your browser:
    This will stop all of the suggested pages and ads so that Facebook loads much quicker.
     
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

    • 0






    Similar Topics


    Also tagged with one or more of these keywords: Browser

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP