Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Browser is super slow - PUM.Optional.ProxyHijacker detected

Started by missmoody , Jul 09 2017 04:09 AM

Browser

Please log in to reply

#1
missmoody

Posted 09 July 2017 - 04:09 AM

Member

Member
17 posts

Hello,

My browser is ridiculously slow and almost unusable at the moment. I've run many scans with various programs and the only one that's found anything is Malwarebytes: PUM.Optional.ProxyHijacker

Malwarebytes quarantines it but after removing it, rebooting, and rescanning, it reappears.

I would really appreciate any help you can give me.

#2
RKinner

Posted 09 July 2017 - 07:38 AM

Malware Expert

Expert
24,624 posts

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Check the Addition.txt box

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
missmoody

Posted 09 July 2017 - 08:34 AM

Member

Topic Starter
Member
17 posts

Here's the first log.

# AdwCleaner v6.047 - Logfile created 09/07/2017 at 15:19:34

# Updated on 19/05/2017 by Malwarebytes

# Database : 2017-05-19.1 [Local]

# Operating System : Windows 10 Home (X64)

# Username : MoodyMiss - LAPTOP-PD9G7JHJ

# Running from : C:\Users\MoodyMiss\Desktop\Malware Tools\AdwCleaner.exe

# Mode: Clean

# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm

***** [ Files ] *****

[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg

[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg

[-] File deleted: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage

[-] File deleted: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: faoigfclahgbjjjaopddafnnapmeppnc

[-] [C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gngocbkfmikdgphklgmmehbjjlfgdemm

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3436 Bytes] - [27/06/2017 19:38:48]

C:\AdwCleaner\AdwCleaner[C2].txt - [1736 Bytes] - [09/07/2017 15:19:34]

C:\AdwCleaner\AdwCleaner[S0].txt - [5337 Bytes] - [18/06/2017 01:56:58]

C:\AdwCleaner\AdwCleaner[S1].txt - [3668 Bytes] - [27/06/2017 19:34:59]

C:\AdwCleaner\AdwCleaner[S2].txt - [2401 Bytes] - [09/07/2017 15:14:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2028 Bytes] ##########

#4
missmoody

Posted 09 July 2017 - 09:00 AM

Member

Topic Starter
Member
17 posts

Here's the log of the second scan.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.3 (04.10.2017)

Operating System: Windows 10 Home x64

Ran by MoodyMiss (Administrator) on 09/07/2017 at 15:36:31.63

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\WINDOWS\wininit.ini (File)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_58B6F8ECAF76F56F8565A106D625FE62 (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09/07/2017 at 15:40:35.72

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#5
missmoody

Posted 09 July 2017 - 09:39 AM

Member

Topic Starter
Member
17 posts

Here are the FRST logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017

Ran by MoodyMiss (administrator) on LAPTOP-PD9G7JHJ (09-07-2017 16:08:55)

Running from C:\Users\MoodyMiss\Desktop\Malware Tools

Loaded Profiles: MoodyMiss (Available Profiles: MoodyMiss & Visitor)

Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel Corporation) C:\Windows\System32\ibtsiva.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Andrea Vacondio) C:\Program Files\PDFsam Enhanced\creator-ws.exe

() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Andrea Vacondio) C:\Program Files\PDFsam Enhanced 4\creator-ws.exe

(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Lenovo) C:\Program Files\Lenovo\BTlocker\RestartThread.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe

(Lenovo) C:\Program Files\Lenovo\BTlocker\BTDemoService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe

() C:\Windows\System32\igfxTray.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek semiconductor) C:\Windows\RTFTrack.exe

() C:\Program Files\Lenovo\LenovoUtility\utility.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Cisco) C:\Users\MoodyMiss\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE

(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe

(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Microsoft Corporation) C:\Windows\System32\Locator.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Lenovo) C:\Users\MoodyMiss\AppData\Local\Apps\2.0\BRYE9YZO.XP7\G2T636RX.C6P\lsb...tion_2d7b41b05b24775e_0001.0006_589ac911618caaca\LSB.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartApp.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek semiconductor)

HKLM\...\Run: [BTLocker] => C:\Program Files\Lenovo\BtLocker\BTLocker.exe [677304 2015-07-15] (Lenovo)

HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-08-30] ()

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-08-11] (Synaptics Incorporated)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp.)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [PhotoMasterImportAgent] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe [675608 2016-09-22] (CyberLink Corp.)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Discord] => C:\Users\MoodyMiss\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Spotify Web Helper] => C:\Users\MoodyMiss\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-24] (Spotify Ltd)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Spotify] => C:\Users\MoodyMiss\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-24] (Spotify Ltd)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [VideoGuardMonitor] => C:\Users\MoodyMiss\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2449160 2017-02-09] (Cisco)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-12] (SUPERAntiSpyware)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Run: [GoogleChromeAutoLaunch_58B6F8ECAF76F56F8565A106D625FE62] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)

Startup: C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-07-09]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2015-08-11] ()

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3099505937-1185706521-667985844-1001] => Proxy is enabled.

ProxyServer: [S-1-5-21-3099505937-1185706521-667985844-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{5611333e-72eb-4eba-8a0b-06ccc90c0d2f}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{c2ee8550-2bc8-4c46-b26a-180a3681a1c8}: [DhcpNameServer] 172.20.10.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE

SearchScopes: HKU\S-1-5-21-3099505937-1185706521-667985844-1001 -> DefaultScope {F7C2DF14-BBE7-41FA-8823-81F664D37420} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-07] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-21] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-21] (Oracle Corporation)

DPF: HKLM-x32 {EBB176D2-AF75-4706-832F-4C8448F72757} hxxps://www.shopandscan.com/TNSClickrc.CAB

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)

FireFox:

========

FF DefaultProfile: ui4axywz.default

FF DefaultProfile: okk8xxud.default

FF ProfilePath: C:\Users\MoodyMiss\AppData\Roaming\Mozilla\Firefox\Profiles\ui4axywz.default [2017-07-06]

FF Homepage: Mozilla\Firefox\Profiles\ui4axywz.default -> www.google.com

FF NetworkProxy: Mozilla\Firefox\Profiles\ui4axywz.default -> type", 0

FF Extension: (LastPass: Free Password Manager) - C:\Users\MoodyMiss\AppData\Roaming\Mozilla\Firefox\Profiles\ui4axywz.default\Extensions\[email protected] [2017-06-09]

FF ProfilePath: C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default [2017-04-19]

FF Extension: (Czech (CZ) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Deutsch (DE) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (English (US) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Español (España) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Finnish Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Français Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Galego (España) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Hebrew (IL) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Magyar (HU) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Italiano (IT) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Japanese Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Korean (KR) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Nederlands (NL) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Polski Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Russian (RU) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Slovenski jezik Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (српски (sr) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Svenska (SE) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\MoodyMiss\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\okk8xxud.default\Extensions\[email protected] [2017-04-07] [not signed]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension

FF Extension: (PDFsam Enhanced Creator) - C:\Program Files\PDFsam Enhanced\resources\pdfsamenhancedfirefoxextension [2016-12-11] [not signed]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)

FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-21] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-21] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: PDFsam Enhanced -> C:\Program Files (x86)\PDFsam Enhanced\np-previewer.dll [2016-07-06] (Andrea Vacondio)

FF Plugin-x32: PDFsam Enhanced 4 -> C:\Program Files (x86)\PDFsam Enhanced 4\np-previewer.dll [2017-02-22] (Andrea Vacondio)

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2017-07-09] <==== ATTENTION (Points to *.cfg file)

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2017-07-09] <==== ATTENTION

Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxp://www.google.com/

CHR DefaultSearchKeyword: Default -> lp

CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default [2017-07-09]

CHR Extension: (Google Slides) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-19]

CHR Extension: (Google Docs) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-19]

CHR Extension: (Google Drive) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-20]

CHR Extension: (YouTube) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-19]

CHR Extension: (Adblock Plus) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]

CHR Extension: (OneTab) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20]

CHR Extension: (Tidy Sidebar) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2017-02-16]

CHR Extension: (Flix Plus by Lifehacker) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2017-05-23]

CHR Extension: (Radioplayer) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2017-05-25]

CHR Extension: (Google Sheets) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-19]

CHR Extension: (Facebook™ Chat Privacy) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2016-11-19]

CHR Extension: (Google Docs Offline) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]

CHR Extension: (Pinterest Save Button) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-26]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-07-07]

CHR Extension: (Social Fixer for Facebook) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-07-07]

CHR Extension: (Cookies) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2017-07-09]

CHR Extension: (Chrome Web Store Payments) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]

CHR Extension: (Gmail) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-19]

CHR Extension: (Chrome Media Router) - C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]

CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-03]

CHR Profile: C:\Users\MoodyMiss\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-05]

CHR HKU\S-1-5-21-3099505937-1185706521-667985844-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)

R2 BTDemoService; C:\Program Files\Lenovo\BtLocker\BTDemoService.exe [145336 2015-07-15] (Lenovo)

S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-06] (Lenovo)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)

R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (Lenovo)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)

R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel Corporation)

R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)

S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-08-24] (Lenovo)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()

R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)

R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()

S3 PDFsam Enhanced; C:\Program Files\PDFsam Enhanced\ws.exe [2322496 2016-07-06] (Andrea Vacondio)

S3 PDFsam Enhanced 4; C:\Program Files\PDFsam Enhanced 4\ws.exe [1880416 2017-02-22] (Andrea Vacondio)

S3 PDFsam Enhanced 4 CrashHandler; C:\Program Files\PDFsam Enhanced 4\crash-handler-ws.exe [931680 2017-02-22] (Andrea Vacondio)

R2 PDFsam Enhanced 4 Creator; C:\Program Files\PDFsam Enhanced 4\creator-ws.exe [739168 2017-02-22] (Andrea Vacondio)

S3 PDFsam Enhanced CrashHandler; C:\Program Files\PDFsam Enhanced\crash-handler-ws.exe [921664 2016-07-06] (Andrea Vacondio)

R2 PDFsam Enhanced Creator; C:\Program Files\PDFsam Enhanced\creator-ws.exe [734272 2016-07-06] (Andrea Vacondio)

R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)

R2 RestartThread; C:\Program Files\Lenovo\BtLocker\RestartThread.exe [35768 2015-07-15] (Lenovo)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]

S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)

R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)

S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)

R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-09] (Malwarebytes)

R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)

R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-05-21] (Realtek Semiconductor Corp.)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )

R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()

R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)

R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-11] (Synaptics Incorporated)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-06-27] ()

S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-08] (Zemana Ltd.)

R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-08] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-09 16:08 - 2017-07-09 16:08 - 00000000 ____D C:\FRST

2017-07-09 15:40 - 2017-07-09 16:00 - 00000754 _____ C:\Users\MoodyMiss\Desktop\JRT.txt

2017-07-09 15:19 - 2017-07-09 15:19 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\252C3DF2.sys

2017-07-08 21:53 - 2017-07-08 21:52 - 01474450 _____ C:\Users\MoodyMiss\Desktop\Steps Recorder.zip

2017-07-08 21:27 - 2017-07-09 01:13 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2017-07-08 17:39 - 2017-07-09 16:09 - 00132155 _____ C:\WINDOWS\ZAM.krnl.trace

2017-07-08 17:39 - 2017-07-09 16:09 - 00100762 _____ C:\WINDOWS\ZAM_Guard.krnl.trace

2017-07-08 17:39 - 2017-07-08 17:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys

2017-07-08 17:39 - 2017-07-08 17:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys

2017-07-08 17:39 - 2017-07-08 17:39 - 00001224 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk

2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Zemana

2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware

2017-07-08 17:39 - 2017-07-08 17:39 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware

2017-07-08 11:54 - 2017-07-08 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2017-07-07 02:21 - 2017-07-07 02:21 - 00022526 _____ C:\Users\MoodyMiss\Downloads\Epping Forest District Council - 07-07-17.html

2017-07-07 02:21 - 2017-07-07 02:21 - 00000000 ____D C:\Users\MoodyMiss\Downloads\Epping Forest District Council - 07-07-17_files

2017-07-06 22:33 - 2017-07-06 22:33 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Unity

2017-07-06 22:31 - 2017-07-06 22:31 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Panoramik

2017-07-06 18:38 - 2017-07-06 18:38 - 00000000 ____D C:\Users\MoodyMiss\Downloads\Steam - Bookworm

2017-07-06 17:43 - 2017-07-06 17:43 - 00000000 ___DL C:\Users\MoodyMiss\AppData\LocalLow\PlayReady

2017-07-06 15:31 - 2017-07-06 15:32 - 19578880 _____ C:\Users\MoodyMiss\Downloads\Turbo Lister - Import to funny-peculiar.tdb

2017-07-04 21:18 - 2017-07-04 21:18 - 00003352 _____ C:\WINDOWS\System32\Tasks\Restart Snagit

2017-07-03 17:13 - 2017-07-09 15:59 - 00004430 _____ C:\WINDOWS\System32\Tasks\SmartAppLiveUpdater

2017-07-03 12:27 - 2017-07-09 15:57 - 00003376 _____ C:\WINDOWS\System32\Tasks\SmartAppMonitor

2017-07-03 12:15 - 2017-07-03 12:16 - 04669440 _____ C:\Users\MoodyMiss\Downloads\SmartApp (1).msi

2017-06-29 16:11 - 2017-06-29 16:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2017-06-29 16:11 - 2017-06-29 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2017-06-29 13:50 - 2017-06-29 13:50 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk

2017-06-29 13:50 - 2017-06-29 13:50 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk

2017-06-28 13:09 - 2017-06-28 13:09 - 00000000 ____D C:\Program Files\Common Files\AV

2017-06-28 10:51 - 2017-06-28 10:51 - 00001467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking

2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2017-06-28 10:50 - 2017-06-28 14:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2017-06-28 10:50 - 2017-06-28 13:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2017-06-28 10:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe

2017-06-27 17:03 - 2017-06-27 17:03 - 00000000 ____D C:\ProgramData\XDMessagingv4

2017-06-24 21:14 - 2017-06-24 21:14 - 01450743 _____ C:\Users\MoodyMiss\Downloads\(3) Parts for trampolines - Home - 23-07-17.html

2017-06-24 21:14 - 2017-06-24 21:14 - 00000000 ____D C:\Users\MoodyMiss\Downloads\(3) Parts for trampolines - Home - 23-07-17_files

2017-06-24 00:10 - 2017-06-24 00:10 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\NetworkTiles

2017-06-21 14:56 - 2017-06-21 14:56 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk

2017-06-21 14:56 - 2017-06-21 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2017-06-21 14:54 - 2017-06-21 14:56 - 00000000 ____D C:\Program Files\iTunes

2017-06-21 14:54 - 2017-06-21 14:54 - 00000000 ____D C:\Program Files\iPod

2017-06-21 14:41 - 2017-06-21 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2017-06-21 14:39 - 2017-06-21 14:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple

2017-06-21 14:39 - 2017-06-21 14:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2017-06-19 11:47 - 2017-06-19 11:47 - 00911360 _____ C:\Users\MoodyMiss\Downloads\2014-4_foi022214.xls

2017-06-18 15:38 - 2017-06-23 09:17 - 00000540 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b286fd-36f1-4a80-9cc9-08c2ff95bd4e.job

2017-06-18 15:38 - 2017-06-18 15:38 - 00003696 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d7b286fd-36f1-4a80-9cc9-08c2ff95bd4e

2017-06-18 15:38 - 2017-06-18 15:38 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\SUPERAntiSpyware.com

2017-06-18 15:37 - 2017-06-18 15:37 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2017-06-18 11:17 - 2017-06-18 11:17 - 00000000 ____D C:\ProgramData\Sophos

2017-06-18 11:15 - 2017-06-18 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos

2017-06-18 11:13 - 2017-06-18 11:13 - 00000000 ____D C:\Program Files (x86)\Sophos

2017-06-18 10:07 - 2017-06-18 10:27 - 00000000 ____D C:\ProgramData\HitmanPro

2017-06-18 01:34 - 2017-07-09 15:19 - 00000000 ____D C:\AdwCleaner

2017-06-18 01:19 - 2017-06-18 01:19 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll

2017-06-18 00:13 - 2017-06-27 19:28 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys

2017-06-18 00:13 - 2017-06-18 15:29 - 00000000 ____D C:\ProgramData\RogueKiller

2017-06-18 00:12 - 2017-06-18 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller

2017-06-18 00:12 - 2017-06-18 00:12 - 00000000 ____D C:\Program Files\RogueKiller

2017-06-18 00:09 - 2017-06-18 00:12 - 00293058 _____ C:\TDSSKiller.3.1.0.15_18.06.2017_00.09.39_log.txt

2017-06-18 00:05 - 2017-06-18 00:05 - 00000562 _____ C:\TDSSKiller.3.1.0.15_18.06.2017_00.05.30_log.txt

2017-06-17 23:58 - 2017-07-09 16:08 - 00000000 ____D C:\Users\MoodyMiss\Desktop\Malware Tools

2017-06-17 22:24 - 2017-07-08 11:41 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys

2017-06-17 22:23 - 2017-07-09 15:49 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-06-17 22:23 - 2017-07-09 09:30 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys

2017-06-17 22:23 - 2017-07-07 20:52 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2017-06-17 22:23 - 2017-07-07 20:43 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2017-06-17 22:23 - 2017-07-07 20:43 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2017-06-17 22:23 - 2017-06-17 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2017-06-17 22:22 - 2017-06-17 22:22 - 00000000 ____D C:\Program Files\Malwarebytes

2017-06-17 17:39 - 2017-06-19 16:30 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\NOW TV Player

2017-06-17 11:23 - 2017-06-17 11:23 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Cisco

2017-06-17 11:23 - 2017-06-17 11:23 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Cisco

2017-06-17 11:21 - 2017-06-17 11:21 - 00001205 _____ C:\Users\MoodyMiss\Desktop\NOW TV Player.lnk

2017-06-17 11:21 - 2017-06-17 11:21 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NOW TV

2017-06-17 11:20 - 2017-06-17 11:20 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\NOW TV

2017-06-17 11:15 - 2017-06-17 11:19 - 73149360 _____ (NOW TV ) C:\Users\MoodyMiss\Downloads\NOWTVPlayerInstaller-Full-Windows.exe

2017-06-14 17:20 - 2017-06-03 10:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll

2017-06-14 17:20 - 2017-06-03 10:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-06-14 17:20 - 2017-06-03 10:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-06-14 17:20 - 2017-06-03 10:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll

2017-06-14 17:20 - 2017-06-03 10:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-06-14 17:20 - 2017-06-03 10:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll

2017-06-14 17:20 - 2017-06-03 10:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll

2017-06-14 17:20 - 2017-06-03 10:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-06-14 17:20 - 2017-06-03 09:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2017-06-14 17:20 - 2017-06-03 09:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2017-06-14 17:20 - 2017-06-03 09:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2017-06-14 17:20 - 2017-06-03 09:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2017-06-14 17:20 - 2017-05-20 10:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2017-06-14 17:20 - 2017-05-20 09:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2017-06-14 17:20 - 2017-05-20 09:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2017-06-14 17:20 - 2017-05-20 09:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2017-06-14 17:20 - 2017-05-20 09:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

2017-06-14 17:20 - 2017-05-20 09:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2017-06-14 17:20 - 2017-05-20 09:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll

2017-06-14 17:20 - 2017-05-20 09:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll

2017-06-14 17:20 - 2017-05-20 09:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll

2017-06-14 17:20 - 2017-05-20 09:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll

2017-06-14 17:20 - 2017-05-20 09:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2017-06-14 17:20 - 2017-05-20 09:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll

2017-06-14 17:20 - 2017-05-20 09:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2017-06-14 17:20 - 2017-05-20 09:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe

2017-06-14 17:20 - 2017-05-20 09:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2017-06-14 17:20 - 2017-05-20 09:17 - 04544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe

2017-06-14 17:20 - 2017-05-20 09:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll

2017-06-14 17:20 - 2017-05-20 09:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2017-06-14 17:20 - 2017-05-20 09:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2017-06-14 17:20 - 2017-05-20 09:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll

2017-06-14 17:20 - 2017-05-20 09:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2017-06-14 17:20 - 2017-05-20 09:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll

2017-06-14 17:20 - 2017-05-20 09:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll

2017-06-14 17:20 - 2017-05-20 09:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2017-06-14 17:20 - 2017-05-20 09:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll

2017-06-14 17:19 - 2017-06-03 10:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-06-14 17:19 - 2017-06-03 10:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2017-06-14 17:19 - 2017-06-03 10:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2017-06-14 17:19 - 2017-06-03 10:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-06-14 17:19 - 2017-06-03 10:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll

2017-06-14 17:19 - 2017-06-03 10:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-06-14 17:19 - 2017-06-03 10:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2017-06-14 17:19 - 2017-06-03 10:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

2017-06-14 17:19 - 2017-06-03 10:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-06-14 17:19 - 2017-06-03 10:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll

2017-06-14 17:19 - 2017-06-03 10:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll

2017-06-14 17:19 - 2017-06-03 10:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-06-14 17:19 - 2017-06-03 09:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2017-06-14 17:19 - 2017-06-03 09:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-06-14 17:19 - 2017-06-03 09:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-06-14 17:19 - 2017-06-03 09:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe

2017-06-14 17:19 - 2017-06-03 09:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll

2017-06-14 17:19 - 2017-06-03 09:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-06-14 17:19 - 2017-06-03 09:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-06-14 17:19 - 2017-06-03 09:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-06-14 17:19 - 2017-06-03 09:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2017-06-14 17:19 - 2017-06-03 09:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2017-06-14 17:19 - 2017-05-20 09:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2017-06-14 17:19 - 2017-05-20 09:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2017-06-14 17:19 - 2017-05-20 09:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2017-06-14 17:19 - 2017-05-20 09:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2017-06-14 17:19 - 2017-05-20 09:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2017-06-14 17:19 - 2017-05-20 09:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2017-06-14 17:19 - 2017-05-20 09:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2017-06-14 17:19 - 2017-05-20 09:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2017-06-14 17:19 - 2017-05-20 09:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2017-06-14 17:19 - 2017-05-20 09:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2017-06-14 17:19 - 2017-05-20 09:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll

2017-06-14 17:19 - 2017-05-20 09:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2017-06-14 17:19 - 2017-05-20 09:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll

2017-06-14 17:19 - 2017-05-20 09:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll

2017-06-14 17:19 - 2017-05-20 09:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll

2017-06-14 17:19 - 2017-05-20 09:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2017-06-14 17:19 - 2017-05-20 09:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll

2017-06-14 17:19 - 2017-05-20 09:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

2017-06-14 17:19 - 2017-05-20 09:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll

2017-06-14 17:19 - 2017-05-20 09:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll

2017-06-14 17:19 - 2017-05-20 09:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll

2017-06-14 17:19 - 2017-05-20 09:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2017-06-14 17:19 - 2017-05-20 09:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll

2017-06-14 17:19 - 2017-05-20 09:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2017-06-14 17:19 - 2017-05-20 09:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2017-06-14 17:19 - 2017-05-20 09:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2017-06-14 17:19 - 2017-05-20 09:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll

2017-06-14 17:19 - 2017-05-20 09:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll

2017-06-14 17:19 - 2017-05-20 09:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll

2017-06-14 17:19 - 2017-05-20 09:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2017-06-14 17:19 - 2017-05-20 09:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

2017-06-14 17:19 - 2017-05-20 09:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll

2017-06-14 17:19 - 2017-05-20 09:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll

2017-06-14 17:19 - 2017-05-20 09:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll

2017-06-14 17:09 - 2017-06-03 10:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-06-14 17:09 - 2017-06-03 10:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-06-14 17:09 - 2017-06-03 10:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-06-14 17:09 - 2017-06-03 10:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-06-14 17:09 - 2017-06-03 10:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe

2017-06-14 17:09 - 2017-06-03 10:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2017-06-14 17:09 - 2017-06-03 10:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2017-06-14 17:09 - 2017-06-03 09:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2017-06-14 17:09 - 2017-06-03 09:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-06-14 17:09 - 2017-06-03 09:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2017-06-14 17:09 - 2017-05-20 07:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys

2017-06-14 17:09 - 2017-05-20 07:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe

2017-06-14 17:09 - 2017-05-20 07:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2017-06-14 17:09 - 2017-05-20 07:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll

2017-06-14 17:09 - 2017-05-20 07:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll

2017-06-14 17:09 - 2017-05-20 07:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll

2017-06-14 17:09 - 2017-05-20 07:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll

2017-06-14 17:09 - 2017-05-20 07:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys

2017-06-14 17:09 - 2017-05-20 07:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll

2017-06-14 17:09 - 2017-05-20 07:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll

2017-06-14 17:09 - 2017-05-20 07:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll

2017-06-14 17:09 - 2017-05-20 07:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2017-06-14 17:09 - 2017-05-20 07:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll

2017-06-14 17:09 - 2017-05-20 07:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe

2017-06-14 17:09 - 2017-05-20 06:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2017-06-14 17:09 - 2017-05-20 06:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll

2017-06-14 17:09 - 2017-05-20 06:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll

2017-06-14 17:09 - 2017-05-20 06:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll

2017-06-14 17:08 - 2017-06-03 11:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys

2017-06-14 17:08 - 2017-06-03 11:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-06-14 17:08 - 2017-06-03 11:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll

2017-06-14 17:08 - 2017-06-03 11:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys

2017-06-14 17:08 - 2017-06-03 11:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-06-14 17:08 - 2017-06-03 11:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll

2017-06-14 17:08 - 2017-06-03 10:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe

2017-06-14 17:08 - 2017-06-03 10:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-06-14 17:08 - 2017-06-03 10:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll

2017-06-14 17:08 - 2017-06-03 10:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2017-06-14 17:08 - 2017-06-03 10:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2017-06-14 17:08 - 2017-06-03 10:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-06-14 17:08 - 2017-06-03 10:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll

2017-06-14 17:08 - 2017-06-03 10:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll

2017-06-14 17:08 - 2017-06-03 10:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll

2017-06-14 17:08 - 2017-06-03 10:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2017-06-14 17:08 - 2017-06-03 10:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-06-14 17:08 - 2017-06-03 10:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-06-14 17:08 - 2017-06-03 10:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe

2017-06-14 17:08 - 2017-06-03 10:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll

2017-06-14 17:08 - 2017-06-03 10:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll

2017-06-14 17:08 - 2017-06-03 10:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE

2017-06-14 17:08 - 2017-06-03 10:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2017-06-14 17:08 - 2017-06-03 10:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll

2017-06-14 17:08 - 2017-06-03 10:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll

2017-06-14 17:08 - 2017-06-03 10:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-06-14 17:08 - 2017-06-03 10:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2017-06-14 17:08 - 2017-06-03 10:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-06-14 17:08 - 2017-06-03 10:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-06-14 17:08 - 2017-06-03 10:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe

2017-06-14 17:08 - 2017-06-03 09:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-06-14 17:08 - 2017-06-03 09:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2017-06-14 17:08 - 2017-06-03 09:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-06-14 17:08 - 2017-06-03 09:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2017-06-14 17:08 - 2017-06-03 09:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2017-06-14 17:08 - 2017-06-03 09:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll

2017-06-14 17:08 - 2017-06-03 09:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2017-06-14 17:08 - 2017-06-03 09:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll

2017-06-14 17:08 - 2017-05-20 08:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2017-06-14 17:08 - 2017-05-20 08:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2017-06-14 17:08 - 2017-05-20 07:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2017-06-14 17:08 - 2017-05-20 07:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

2017-06-14 17:08 - 2017-05-20 07:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2017-06-14 17:08 - 2017-05-20 07:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2017-06-14 17:08 - 2017-05-20 07:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2017-06-14 17:08 - 2017-05-20 07:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2017-06-14 17:08 - 2017-05-20 07:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2017-06-14 17:08 - 2017-05-20 07:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2017-06-14 17:08 - 2017-05-20 07:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2017-06-14 17:08 - 2017-05-20 07:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2017-06-14 17:08 - 2017-05-20 07:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2017-06-14 17:08 - 2017-05-20 07:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2017-06-14 17:08 - 2017-05-20 07:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2017-06-14 17:08 - 2017-05-20 07:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll

2017-06-14 17:08 - 2017-05-20 07:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll

2017-06-14 17:08 - 2017-05-20 07:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys

2017-06-14 17:08 - 2017-05-20 07:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll

2017-06-14 17:08 - 2017-05-20 07:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll

2017-06-14 17:08 - 2017-05-20 07:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe

2017-06-14 17:08 - 2017-05-20 07:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll

2017-06-14 17:08 - 2017-05-20 07:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll

2017-06-14 17:08 - 2017-05-20 07:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2017-06-14 17:08 - 2017-05-20 07:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2017-06-14 17:08 - 2017-05-20 07:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2017-06-14 17:08 - 2017-05-20 07:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll

2017-06-14 17:08 - 2017-05-20 07:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll

2017-06-14 17:08 - 2017-05-20 07:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2017-06-14 17:08 - 2017-05-20 07:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll

2017-06-14 17:08 - 2017-05-20 07:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2017-06-14 17:08 - 2017-05-20 07:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll

2017-06-14 17:08 - 2017-05-20 06:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2017-06-14 17:08 - 2017-05-20 06:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2017-06-14 17:08 - 2017-05-20 06:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2017-06-14 17:08 - 2017-05-20 06:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll

2017-06-14 17:08 - 2017-05-20 06:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

2017-06-14 17:08 - 2017-05-20 06:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll

2017-06-14 17:08 - 2017-05-20 06:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll

2017-06-14 17:08 - 2017-05-20 06:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll

2017-06-14 17:08 - 2017-05-20 06:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2017-06-14 17:08 - 2017-05-20 06:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe

2017-06-14 17:08 - 2017-05-20 06:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2017-06-14 17:08 - 2017-05-20 06:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll

2017-06-14 17:08 - 2017-05-20 06:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll

2017-06-14 17:08 - 2017-05-20 06:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2017-06-14 17:08 - 2017-05-20 06:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2017-06-14 17:08 - 2017-05-20 06:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll

2017-06-14 17:08 - 2017-05-20 06:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll

2017-06-14 17:08 - 2017-05-20 06:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll

2017-06-14 17:08 - 2017-05-20 06:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2017-06-14 17:08 - 2017-05-20 06:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll

2017-06-14 17:08 - 2017-05-20 06:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll

2017-06-14 17:08 - 2017-05-20 06:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll

2017-06-14 17:08 - 2017-05-20 06:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll

2017-06-14 17:06 - 2017-06-03 11:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-06-14 17:06 - 2017-06-03 11:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2017-06-14 17:06 - 2017-06-03 11:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2017-06-14 17:06 - 2017-06-03 10:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2017-06-14 17:06 - 2017-06-03 10:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

2017-06-14 17:06 - 2017-06-03 10:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-06-14 17:06 - 2017-06-03 09:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe

2017-06-14 17:05 - 2017-05-20 07:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys

2017-06-14 17:04 - 2017-05-20 07:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2017-06-14 17:03 - 2017-06-03 11:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-06-14 17:03 - 2017-06-03 11:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-06-14 17:03 - 2017-06-03 11:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll

2017-06-14 17:03 - 2017-06-03 11:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-06-14 17:03 - 2017-06-03 11:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll

2017-06-14 17:03 - 2017-06-03 10:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll

2017-06-14 17:03 - 2017-06-03 10:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll

2017-06-14 17:03 - 2017-06-03 10:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe

2017-06-14 17:03 - 2017-06-03 10:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-06-14 17:03 - 2017-06-03 10:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2017-06-14 17:03 - 2017-06-03 09:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2017-06-14 17:03 - 2017-06-03 09:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2017-06-14 17:03 - 2017-06-03 09:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2017-06-14 17:03 - 2017-06-03 09:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe

2017-06-14 17:03 - 2017-05-20 08:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-06-14 17:03 - 2017-05-20 07:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys

2017-06-14 17:03 - 2017-05-20 07:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll

2017-06-14 17:03 - 2017-05-20 07:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2017-06-14 17:03 - 2017-05-20 07:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2017-06-14 17:03 - 2017-05-20 07:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll

2017-06-14 17:03 - 2017-05-20 07:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll

2017-06-14 17:03 - 2017-05-20 07:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2017-06-14 17:03 - 2017-05-20 07:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll

2017-06-14 17:03 - 2017-05-20 07:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll

2017-06-14 17:03 - 2017-05-20 07:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll

2017-06-14 17:03 - 2017-05-20 07:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll

2017-06-14 17:03 - 2017-05-20 07:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll

2017-06-14 17:03 - 2017-05-20 07:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll

2017-06-14 17:03 - 2017-05-20 07:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll

2017-06-14 17:03 - 2017-05-20 07:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll

2017-06-14 17:03 - 2017-05-20 07:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll

2017-06-14 17:03 - 2017-05-20 07:00 - 05776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe

2017-06-14 17:03 - 2017-05-20 07:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2017-06-14 17:03 - 2017-05-20 07:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll

2017-06-14 17:03 - 2017-05-20 06:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2017-06-14 17:03 - 2017-05-20 06:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll

2017-06-14 17:03 - 2017-05-20 06:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2017-06-14 17:03 - 2017-05-20 06:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll

2017-06-14 17:03 - 2017-05-20 06:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2017-06-14 17:03 - 2017-05-20 06:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll

2017-06-14 17:03 - 2017-05-20 06:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll

2017-06-14 17:03 - 2017-05-20 06:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2017-06-14 17:03 - 2017-05-20 06:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2017-06-14 17:03 - 2017-05-20 06:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll

2017-06-14 17:02 - 2017-06-03 11:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll

2017-06-14 16:58 - 2017-06-03 11:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys

2017-06-14 16:58 - 2017-05-20 08:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2017-06-14 16:58 - 2017-05-20 07:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2017-06-14 16:58 - 2017-05-20 07:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys

2017-06-14 16:58 - 2017-05-20 07:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys

2017-06-14 16:57 - 2017-06-03 10:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2017-06-13 12:33 - 2017-06-13 12:33 - 01156922 _____ C:\Users\MoodyMiss\Downloads\Epping Forest S13A 201718 v1.4.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-09 15:56 - 2016-11-25 07:09 - 00135819 _____ C:\WINDOWS\system32\InstallUtil.InstallLog

2017-07-09 15:50 - 2017-05-15 22:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2017-07-09 15:50 - 2016-11-20 12:24 - 00000000 __SHD C:\Users\MoodyMiss\IntelGraphicsProfiles

2017-07-09 15:48 - 2017-05-15 23:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-07-09 15:48 - 2017-03-18 12:40 - 01835008 _____ C:\WINDOWS\system32\config\BBI

2017-07-09 15:47 - 2017-05-15 22:39 - 00000000 ____D C:\Users\MoodyMiss

2017-07-09 15:45 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2017-07-09 15:42 - 2016-08-30 20:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2017-07-09 15:31 - 2016-11-19 20:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2017-07-09 15:26 - 2016-11-19 21:57 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2017-07-09 14:57 - 2017-01-02 04:05 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Skype

2017-07-09 06:40 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-07-09 04:34 - 2016-11-20 12:24 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Packages

2017-07-09 04:31 - 2016-12-22 21:36 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\CrashDumps

2017-07-09 02:47 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF

2017-07-09 01:09 - 2017-03-11 13:00 - 00000000 ____D C:\Program Files (x86)\Steam

2017-07-09 00:54 - 2016-11-19 21:58 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\TeamViewer

2017-07-08 21:37 - 2016-11-30 00:21 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\ElevatedDiagnostics

2017-07-08 18:03 - 2017-05-15 22:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-07-08 11:54 - 2016-12-01 01:36 - 00000000 ____D C:\ProgramData\Malwarebytes

2017-07-07 21:09 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps

2017-07-07 20:42 - 2016-11-19 20:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-07-07 20:33 - 2016-12-18 17:11 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Spotify

2017-07-07 18:24 - 2016-12-18 17:08 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Spotify

2017-07-06 17:11 - 2016-11-19 20:54 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\Mozilla

2017-07-04 20:51 - 2016-12-12 02:02 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\discord

2017-07-04 16:33 - 2017-03-22 00:26 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\PokerStars.UK

2017-07-03 17:13 - 2017-01-12 13:35 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Verto Analytics

2017-07-03 15:24 - 2017-03-22 00:23 - 00000000 ____D C:\Program Files (x86)\PokerStars.UK

2017-07-03 12:21 - 2016-11-26 13:18 - 00000000 ____D C:\Program Files (x86)\SmartApp

2017-07-02 20:59 - 2016-12-22 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith

2017-06-29 17:36 - 2016-12-05 23:19 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\Apple Computer

2017-06-27 19:34 - 2016-12-05 00:49 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-06-27 19:34 - 2016-12-05 00:49 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-06-23 20:02 - 2016-11-24 14:25 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\vlc

2017-06-23 19:11 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-06-23 17:17 - 2017-05-14 22:18 - 00000000 ____D C:\Users\MoodyMiss\AppData\Roaming\dvdcss

2017-06-23 12:42 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF

2017-06-23 09:28 - 2016-06-11 11:58 - 00010720 _____ C:\Users\MoodyMiss\Downloads\Food Diary.xlsx

2017-06-23 09:23 - 2016-12-05 23:19 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Apple Computer

2017-06-23 01:51 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2017-06-22 10:06 - 2017-05-15 23:14 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

2017-06-22 10:06 - 2016-11-20 12:27 - 00002413 _____ C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2017-06-22 10:06 - 2016-11-20 12:27 - 00000000 ___RD C:\Users\MoodyMiss\OneDrive

2017-06-21 14:53 - 2016-12-05 23:14 - 00000000 ____D C:\Program Files\Common Files\Apple

2017-06-21 14:39 - 2016-12-05 23:16 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2017-06-18 15:15 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy

2017-06-18 09:57 - 2017-05-15 22:38 - 01119902 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-06-18 04:24 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache

2017-06-18 01:46 - 2017-03-04 01:01 - 00000000 ___RD C:\Program Files (x86)\Skype

2017-06-18 01:46 - 2016-11-19 21:22 - 00000000 ____D C:\ProgramData\Skype

2017-06-17 23:42 - 2015-11-03 20:24 - 00000000 __RHD C:\Users\Public\AccountPictures

2017-06-17 23:38 - 2017-05-15 22:33 - 00381096 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-06-17 23:37 - 2016-12-24 20:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2017-06-17 23:37 - 2016-12-24 20:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12

2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\system32\F12

2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ___RD C:\Program Files\Windows Defender

2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe

2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\appraiser

2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\ShellExperiences

2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2017-06-17 23:35 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2017-06-14 18:03 - 2016-11-19 21:24 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-06-14 17:42 - 2016-11-19 21:24 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-06-14 17:36 - 2016-12-24 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2017-06-10 00:23 - 2016-12-04 23:42 - 00000000 ____D C:\Users\MoodyMiss\AppData\Local\Windows Live

2017-06-09 23:28 - 2016-11-27 20:45 - 00000000 ____D C:\Users\MoodyMiss\AppData\LocalLow\LastPass

==================== Files in the root of some directories =======

2016-12-10 05:34 - 2016-12-10 05:34 - 0000017 _____ () C:\Users\MoodyMiss\AppData\Local\resmon.resmoncfg

2017-05-15 22:36 - 2017-05-15 22:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:

====================

2017-06-18 00:13 - 2017-03-18 21:57 - 1930320 _____ (Microsoft Corporation) C:\Users\MoodyMiss\AppData\Local\Temp\dllnt_dump.dll

2017-05-15 23:40 - 2017-06-18 01:42 - 58684896 _____ (Skype Technologies S.A.) C:\Users\MoodyMiss\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-25 05:29

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017

Ran by MoodyMiss (09-07-2017 16:11:21)

Running from C:\Users\MoodyMiss\Desktop\Malware Tools

Windows 10 Home Version 1703 (X64) (2017-05-15 22:25:08)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3099505937-1185706521-667985844-500 - Administrator - Disabled)

MoodyMiss (S-1-5-21-3099505937-1185706521-667985844-1001 - Administrator - Enabled) => C:\Users\MoodyMiss

DefaultAccount (S-1-5-21-3099505937-1185706521-667985844-503 - Limited - Disabled)

Guest (S-1-5-21-3099505937-1185706521-667985844-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3099505937-1185706521-667985844-1003 - Limited - Enabled)

Visitor (S-1-5-21-3099505937-1185706521-667985844-1004 - Limited - Enabled) => C:\Users\Visitor

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)

Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden

Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)

Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)

Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden

AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden

Big Bang Empire (HKLM\...\Steam App 510660) (Version: - Playata GmbH)

Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

BookWorm Deluxe (HKLM\...\Steam App 3370) (Version: - PopCap Games, Inc.)

BT Locker (HKLM\...\{ABD07801-AB2B-4C40-A5B0-9D459A328092}_is1) (Version: 1.1.01.42 - Lenovo)

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)

Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.01 - Canon Inc.)

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)

Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)

Cisco VideoGuard Player (HKLM-x32\...\{73d6b22b-650b-46d9-93ff-3045da5df3cd}) (Version: 7.3.0.62003 - Cisco Systems, Inc)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

Discord (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)

Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)

Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden

Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)

Everlasting Summer (HKLM\...\Steam App 331470) (Version: - Soviet Games)

Fallout Shelter (HKLM\...\Steam App 588430) (Version: - Bethesda Game Studios)

Family Tree Maker 2014 (HKLM\...\{6948B4FD-92E3-4069-B9E2-9216E1347DA3}) (Version: 22.0.1474 - Software MacKiev)

Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version: - Panoramik Inc)

Frontpage Express version 2002 (HKLM-x32\...\{980FDD7A-F25D-4B22-BD85-195D411A4251}_is1) (Version: 2002 - Microsoft)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)

Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)

IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )

IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )

Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)

Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation)

iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)

JackpotLiner (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\JackpotLiner) (Version: - )

Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

K-Lite Codec Pack 12.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.7.5 - KLCP)

Lenovo Business Vantage (HKLM-x32\...\{BAAE4B9C-8D26-44AF-BCE8-181C8F4A8D5B}_is1) (Version: 3.0.2.3 - Lenovo)

Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)

Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)

Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.5.5720.01 - CyberLink Corp.)

Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden

Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)

Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)

Lenovo Service Bridge (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)

Lenovo Solution Center (HKLM\...\{558E50EE-5E2D-479A-A455-8A826191583B}) (Version: 3.3.004.00 - Lenovo)

Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)

LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden

LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)

Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)

Manager (HKLM-x32\...\{3802F563-BAD7-47F3-AF91-ED1C9467B224}) (Version: 3.0.7.25771 - ANDREA VACONDIO) Hidden

Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)

Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)

Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)

Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)

Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)

Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)

Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)

Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 54.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-GB)) (Version: 54.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)

MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden

Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden

Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)

NOW TV Player 2.0.1.0 (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\com.bskyb.nowtvplayer_is1) (Version: 2.0.1.0 - NOW TV)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden

PDFsam Basic (HKLM-x32\...\{910EA44E-8446-405D-BFE1-82F562F847D0}) (Version: 3.30.0.0 - Andrea Vacondio)

PDFsam Enhanced 4 Asian Fonts Pack (HKLM\...\{B196CA8F-9E0B-4313-B869-D70ABBF39D65}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Convert Module (HKLM\...\{2703396F-9F8D-4B33-9505-EC9790843796}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Create Module (HKLM\...\{B1F90D78-911F-478A-807E-C11F549F54F0}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Edit Module (HKLM\...\{5738E844-1029-4CEF-A31C-E1825431EC5B}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Forms Module (HKLM\...\{C54F9BD4-9C60-4B72-A8D2-30B4D003F348}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Insert Module (HKLM\...\{EFE05902-4CD7-448E-9504-45FD34983C48}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 OCR Module (HKLM\...\{AE52B43E-540F-4144-895D-D84477ADBAD8}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Review Module (HKLM\...\{8CE14103-AA20-4F03-A119-5DA176ECFC1C}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 Secure Module (HKLM\...\{F9B225E5-3A68-4DAB-95E0-13B32DE69277}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced 4 View Module (HKLM\...\{DF4F9D60-BF67-4BA3-8847-899F6A3C157E}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden

PDFsam Enhanced Asian Fonts Pack (HKLM\...\{817881FA-BD07-4A50-8F77-DA9AA6009093}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden

PDFsam Enhanced Convert Module (HKLM\...\{C3946663-4609-4158-A3AD-B9BFB16496F1}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden

PDFsam Enhanced Create Module (HKLM\...\{F790A93F-B881-4316-BDB4-D02783850695}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden

PDFsam Enhanced Edit Module (HKLM\...\{C584AD88-AFC9-4030-B391-49C0D04F6F1A}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden

PDFsam Enhanced Forms Module (HKLM\...\{3CAC256B-9C84-44F4-AC26-50B07FEA56B6}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden

PDFsam Enhanced Insert Module (HKLM\...\{A06D8CE0-76AA-4968-AC8B-221BE5128646}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden

PDFsam Enhanced OCR Module (HKLM\...\{B83B283F-87BB-4C61-8F50-E45EDD0C7C8C}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden

PDFsam Enhanced Review Module (HKLM\...\{35AF9861-0E3C-4C81-AFCC-73461EBC00B7}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden

PDFsam Enhanced Secure Module (HKLM\...\{3B633A35-AE66-4AC3-B4A1-D2ED2594D368}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden

PDFsam Enhanced View Module (HKLM\...\{972049F9-650B-4430-82ED-6080470D27BA}) (Version: 3.1.14.28668 - Andrea Vacondio) Hidden

PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version: - PokerStars.uk)

PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden

Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)

Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29088 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)

RogueKiller version 12.11.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.1.0 - Adlice Software)

Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden

Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden

Secure Print@Home (HKLM-x32\...\{1F307FB4-E514-4695-8054-FFD32478302B}) (Version: 3.34.2839.0 - Valassis)

SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.1 - Lenovo)

Shopandscan (HKLM-x32\...\{0AE44DE7-5B32-4151-8272-0FA6DAF800E8}) (Version: 1.0.0 - Kantar WorldPanel)

Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)

SmartApp (HKLM-x32\...\{74C732EB-DE42-4EAD-985F-5C45837D0951}) (Version: 3.7.0 - SmartApp)

Snagit 13 (HKLM-x32\...\{2D2045B7-AF91-409C-87F6-99E263CDC13F}) (Version: 13.0.3 - TechSmith Corporation) Hidden

Snagit 13 (HKLM-x32\...\{5acd453a-fa98-417a-b893-31468cbdd0e5}) (Version: 13.0.3.7115 - TechSmith Corporation)

Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)

Spotify (HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)

Tap Adventure: Time Travel (HKLM\...\Steam App 596650) (Version: - Avallon Alliance)

Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden

TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)

Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden

Tixati (HKLM-x32\...\tixati) (Version: - )

Transformice (HKLM\...\Steam App 335240) (Version: - Atelier 801)

Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)

TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden

TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden

Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden

User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)

Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden

vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden

WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden

WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden

Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)

Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports (06/02/2008 2.0.5.5) (HKLM\...\245A139F08D3D69654D8822673D0B5EBFB63EF38) (Version: 06/02/2008 2.0.5.5 - OPTO ELECTRONICS CO.,LTD)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

xplorer² lite 32 bit (HKLM-x32\...\xplorer2l) (Version: 3.2.0.2 - Zabkat)

Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3099505937-1185706521-667985844-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()

ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers01: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll -> No File

ContextMenuHandlers01: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (Cyberlink)

ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)

ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2014-05-19] (Nitro PDF)

ContextMenuHandlers01: [PDFsamEnhanced4_ManagerExt] -> {6641FF9D-C10F-4B6A-B25E-9978121F33FF} => C:\Program Files\PDFsam Enhanced 4\creator-context-menu.dll [2017-02-22] (Andrea Vacondio)

ContextMenuHandlers01: [PDFsamEnhanced_ManagerExt] -> {9ADBE344-48D8-4317-8CD7-13DA9095B33B} => C:\Program Files\PDFsam Enhanced\creator-context-menu.dll [2016-07-06] (Andrea Vacondio)

ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)

ContextMenuHandlers01: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)

ContextMenuHandlers01: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)

ContextMenuHandlers01: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)

ContextMenuHandlers01: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation)

ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)

ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

ContextMenuHandlers02: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (Cyberlink)

ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)

ContextMenuHandlers04: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)

ContextMenuHandlers04: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2016-11-03] (TechSmith Corporation)

ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Intel Corporation)

ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()

ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers06: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll -> No File

ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

ContextMenuHandlers06: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)

ContextMenuHandlers06: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)

ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)

ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15653CA7-22F1-486E-B19D-2429F8D425E6} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-09-11] (CyberLink Corp.)

Task: {1C89891E-6EB0-4D59-826D-2BCFA4CED2DF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)

Task: {1E93F5D1-514B-417B-A64E-C50059B40681} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo)

Task: {1F9E9E02-1E7A-4AB8-839B-3F51CECC758F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-07] (Microsoft Corporation)

Task: {2D11EAEE-AAC8-4E81-8C65-EBE89E7B1F9C} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-08-24] (Lenovo)

Task: {2E9F9B7F-B88F-43B5-A244-B87FB358A78B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)

Task: {37BFBFFD-3764-4710-A959-86DB6A7C95CF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3593faad-79e1-431b-8365-4e72ef92b484 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)

Task: {38A561DA-58C0-4752-BEA4-0EE9A6CE04E0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6040606f-1845-467a-a2a3-3d6bdf8fe93e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)

Task: {3E563827-996E-41FC-B2CE-6F6C0D5C919C} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32

Task: {424AF48A-9555-40F6-ADD4-2012D6025198} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"

Task: {485EA9F5-9BAD-4849-81B1-B7DAB7A6B8CA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3099505937-1185706521-667985844-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\MoodyMiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms

Task: {4A502CD5-5C96-47E9-991E-DA348B1536DD} - System32\Tasks\Restart Snagit => C:\Program Files (x86)\TechSmith\Snagit 13\snagit32.exe [2016-11-03] (TechSmith Corporation)

Task: {50BE0FB9-2FD1-4189-8930-88900DE49AA8} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-09-06] (TechSmith Corporation)

Task: {54C3B6C7-845F-4C58-8927-B5835F416159} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)

Task: {5617B5C1-B149-4DEC-B0BA-8F24949C15B4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)

Task: {586EC27B-7F39-4980-A250-BA1E6C62E9E5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-07] (Lenovo)

Task: {609C19DD-4239-4D4A-A5B3-3644B8ABB1B9} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService

Task: {651B6C4A-111C-43F8-862C-EFA22A6FC080} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f8de029d-c6f0-40cb-ad1b-615dcbf1af44 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)

Task: {71632588-B665-48CE-8B30-6A35FABC73AC} - System32\Tasks\SUPERAntiSpyware Scheduled Task d7b286fd-36f1-4a80-9cc9-08c2ff95bd4e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

Task: {75B63EB5-E544-4DD2-A1AD-CAE4B83EA5CD} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-08-24] ()

Task: {7779FF88-471B-4D54-9CAC-884C85338789} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2017-07-03] (Verto Analytics Inc.)

Task: {857C58BB-48E8-4F94-893E-F0E67D61F4FF} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-12-20] ()

Task: {9B2BBBE0-7848-4C2F-89AB-97E22D0C73D0} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-09-22] (CyberLink Corp.)

Task: {A691F463-19C6-4652-AACC-3B1F3A332B06} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

Task: {B19C3485-BE5C-4A18-A709-759CE120168D} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe

Task: {B246D950-89B5-46EB-B2A8-1B0F2CD07CA7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()

Task: {B5054CC3-8B33-4146-89F3-BB1B56CD3FB9} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2017-07-03] (Verto Analytics Inc.)

Task: {B5B8C3F4-3A61-4B2B-A3BE-1B3C44091BD8} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-09-25] ()

Task: {CAFCE55B-DD8B-4A3F-B63A-CAC356AEEDB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-19] (Google Inc.)

Task: {CBAB3062-C700-45D9-84FE-9ED60BB5A2F0} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-09-25] ()

Task: {D2061CB0-93A8-41A3-B44B-A8C0B724B395} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-19] (Google Inc.)

Task: {DB837A80-6619-4B6C-AD4A-ED9C7E9E248C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)

Task: {E3B8A737-253C-4AE4-8F08-8C402503E6C4} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)

Task: {F9816FAD-B6E2-4F46-A0E0-FCA7D480DE65} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d7b286fd-36f1-4a80-9cc9-08c2ff95bd4e.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-05-19 13:27 - 2014-05-19 13:27 - 00417800 _____ () c:\program files\nitro\pro 9\nitro_updateservice.exe

2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2017-03-18 21:58 - 2017-03-18 21:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2016-08-30 20:23 - 2017-07-07 07:08 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

2017-07-08 17:39 - 2017-07-08 17:39 - 00155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll

2017-03-18 21:59 - 2017-03-19 03:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-05-03 04:39 - 2017-04-23 22:28 - 00401912 _____ () C:\WINDOWS\system32\igfxTray.exe

2016-08-30 21:56 - 2015-02-09 04:18 - 00124440 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

2016-08-30 20:31 - 2016-08-30 20:31 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe

2016-08-30 20:31 - 2016-08-30 20:31 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll

2017-06-27 19:34 - 2017-06-23 04:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll

2017-06-27 19:34 - 2017-06-23 04:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll

2017-06-28 10:50 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2017-06-28 10:50 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2017-06-28 10:50 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2017-06-28 10:50 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2017-06-28 10:50 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2016-08-30 20:36 - 2014-07-04 05:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll

2014-07-04 20:35 - 2014-07-04 20:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

2016-08-30 20:21 - 2017-06-20 04:08 - 00272072 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\IEAWSDC.DLL

2017-01-27 10:30 - 2016-09-22 07:24 - 00884504 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\Kernel\Boomerang\UNO.dll

2017-01-27 10:27 - 2016-09-22 07:11 - 00081920 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ctypes.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "BTLocker"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"

HKLM\...\StartupApproved\Run32: => "SDTray"

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Discord"

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "PhotoMasterImportAgent"

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Spotify"

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Spotify Web Helper"

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "iCloudServices"

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

HKU\S-1-5-21-3099505937-1185706521-667985844-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{C523F6ED-096B-475A-A96F-4A6569C7524B}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{18B79870-47AA-448F-B1EA-A53DD52769D5}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe

FirewallRules: [{FC378638-F3F2-43A5-8619-7A4CBF9CF7E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe

FirewallRules: [{157B1891-94BE-4233-932D-D6919EE3FC0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe

FirewallRules: [{9BD41384-7161-4D4D-A9A4-7F105B444AD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Bang Empire\Big Bang Empire.exe

FirewallRules: [{BD93136A-6C6E-46DA-B270-B41570402D69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Big Bang Empire\Big Bang Empire.exe

FirewallRules: [{4637A8C0-7CB4-4CB9-AA44-6818AE8B5830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe

FirewallRules: [{39798A39-477F-4A46-A493-6A155FCC477B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe

FirewallRules: [{93327FEA-B932-4A83-AA43-2037599271A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe

FirewallRules: [{7ABDC41F-4CDF-4DDB-A5A8-4A64D5ECC6E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe

FirewallRules: [{DF9CFA7F-3B32-43DD-BBC6-AC8DDE269D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe

FirewallRules: [{24E2C04F-BCC5-4947-A61A-7E6263DB1DD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe

FirewallRules: [{809DD42A-E467-48C9-87F0-E88A1AA2DE8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tap Adventure Time Travel\TapAdventure.exe

FirewallRules: [{AB35B7B2-8856-4B5F-81FE-268712E2AA6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tap Adventure Time Travel\TapAdventure.exe

FirewallRules: [{5489D42D-701C-410C-9C47-21AF7D2D99D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe

FirewallRules: [{FD3AD805-A2A8-43CE-97BD-A173DB02C544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe

FirewallRules: [{D00CBAC4-3B2E-443C-91BC-F9448F95811C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe

FirewallRules: [UDP Query User{9BA926EC-A108-40BA-908D-D82BB6832067}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe

FirewallRules: [TCP Query User{595ECB4D-B6F6-465D-8F25-079F1CC599E2}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.901.0_x86__4n2hpmxwrvr6p\kodi.exe

FirewallRules: [{35EA6F1C-1C9D-4602-8354-CAE09FA18F90}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{4E8898FA-7FA8-4EB9-AD58-217B2C1090FE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{2FEE6E92-F25D-4EBB-9C95-54986E24590B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{1CA6CACC-B1BA-4DA2-9E95-B0FA8DEDD685}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{079EF1EA-3010-4338-A8BC-346B233416EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{911BB808-3C04-430F-9E53-0FB190B3DF41}] => (Allow) LPort=8298

FirewallRules: [UDP Query User{ED823690-8181-4DE3-A826-69C7863688EA}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe

FirewallRules: [TCP Query User{887F5358-031F-4F72-A876-924F1E5C0A1F}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe

FirewallRules: [UDP Query User{859291AC-BF16-4402-A40A-AA75E1A5B481}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{8188D74C-6D7E-4F0C-B9B5-451C96BE3DD6}C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\MoodyMiss\appdata\roaming\spotify\spotify.exe

FirewallRules: [{FFBB136A-7864-401E-975A-548E78B415D7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{B4ED3D1E-BFDE-49AE-91B0-E7492D34669A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{118FCFBD-BEE4-4087-AEF4-A1C4F82A15E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{4325B474-A0A7-4467-B673-4DF39051D83B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{37F2BD7C-5A26-42C2-81F2-151F6ED6D634}] => (Allow) LPort=1900

FirewallRules: [{2D94A0B4-9DC1-4432-A9AC-D5723C8C8B34}] => (Allow) LPort=2869

FirewallRules: [{7EEBBDEA-6D28-4816-8180-0A1034F7D806}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{6BE5269A-B295-480C-8C99-833F3ED25F5D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe

FirewallRules: [{B8554D56-1362-4103-BAF5-31CB177927C9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe

FirewallRules: [{92A6AD71-E00B-4B62-97EF-5C0CCB20DB35}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{19563F32-4408-46C2-BE41-C0DFC825B698}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{C6A45646-BB54-40BA-85D4-899CDAC6EE62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{722DB0CF-9497-4EA6-AE11-8FFD73EFEB2C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{D5DB6196-28BE-4F62-846A-9D36A0000305}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{7F0B7BA5-7512-41CC-A5F8-D81CBC40D74A}] => (Allow) %systemroot%\system32\alg.exe

FirewallRules: [{6320F4AD-D49D-432D-8F1C-18E1F58A8B54}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{4FC8B6CF-EFFA-4E05-B237-EF8EA2F18D17}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [TCP Query User{60A3AA8F-398E-4F33-A426-CBA3CB32C8CB}C:\program files (x86)\smartapp\smartapp.exe] => (Allow) C:\program files (x86)\smartapp\smartapp.exe

FirewallRules: [UDP Query User{14EF0710-5155-430E-B769-A75152E8F4CA}C:\program files (x86)\smartapp\smartapp.exe] => (Allow) C:\program files (x86)\smartapp\smartapp.exe

FirewallRules: [{1667C0E4-AACE-4C86-AFE4-6115075B999A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{513C7487-8756-4F9C-AD66-E195AD25FB39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{6FD41AD0-7D02-4BDC-AAA4-74999B5171A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{E0944258-B37B-4D3D-B685-8DF7877A59AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{C581090D-D655-4A61-8FC3-7E2951461E08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [TCP Query User{FA3BBC96-D05A-4B22-B670-7DD39CA3C039}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe

FirewallRules: [UDP Query User{41C54473-73A3-4EE3-91E8-A24A8EC56638}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

27-06-2017 03:27:17 Scheduled Checkpoint

27-06-2017 19:29:05 JRT Pre-Junkware Removal

03-07-2017 12:18:34 Installed SmartApp

09-07-2017 15:36:35 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (07/09/2017 01:23:28 PM) (Source: Windows Search Service) (EventID: 3083) (User: )

Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (07/09/2017 12:19:28 PM) (Source: Windows Search Service) (EventID: 3083) (User: )

Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (07/09/2017 11:47:28 AM) (Source: Windows Search Service) (EventID: 3083) (User: )

Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (07/09/2017 11:31:28 AM) (Source: Windows Search Service) (EventID: 3083) (User: )

Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (07/09/2017 11:23:28 AM) (Source: Windows Search Service) (EventID: 3083) (User: )

Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (07/09/2017 11:19:28 AM) (Source: Windows Search Service) (EventID: 3083) (User: )

Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (07/09/2017 11:16:18 AM) (Source: Windows Search Service) (EventID: 3083) (User: )

Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (07/09/2017 10:04:21 AM) (Source: Windows Search Service) (EventID: 3083) (User: )

Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (07/09/2017 05:48:21 AM) (Source: Windows Search Service) (EventID: 3083) (User: )

Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).

Error: (07/09/2017 04:30:55 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.15063.0, time stamp: 0x9ce1da64

Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb

Exception code: 0xc0000005

Fault offset: 0x000000000003bbef

Faulting process id: 0x2464

Faulting application start time: 0x01d2f84fdf970b51

Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: dd474ead-4af6-4d49-966a-7b2705ce67c6

Faulting package full name:

Faulting package-relative application ID:

System errors:

=============

Error: (07/09/2017 03:50:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Error: (07/09/2017 03:50:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (07/09/2017 03:50:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

and APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/09/2017 03:50:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

and APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

Error: (07/09/2017 03:49:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The ClickToRunSvc service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Error: (07/09/2017 03:49:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the ClickToRunSvc service to connect.

Error: (07/09/2017 03:48:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The SDWSCService service failed to start due to the following error:

A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/09/2017 03:48:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The CldFlt service failed to start due to the following error:

The request is not supported.

Error: (07/09/2017 03:26:36 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-PD9G7JHJ)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user LAPTOP-PD9G7JHJ\MoodyMiss SID (S-1-5-21-3099505937-1185706521-667985844-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (07/09/2017 03:22:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

CodeIntegrity:

===================================

Date: 2017-07-09 16:09:58.782

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-09 16:09:58.779

Date: 2017-07-09 16:09:58.742

Date: 2017-07-09 16:09:58.738

Date: 2017-07-09 16:08:13.893

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-07-09 16:08:13.889

Date: 2017-07-09 16:06:21.216

Date: 2017-07-09 16:06:21.213

Date: 2017-07-09 15:55:25.291

Date: 2017-07-09 15:55:25.288

==================== Memory info ===========================

Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz

Percentage of memory in use: 45%

Total physical RAM: 8105.84 MB

Available physical RAM: 4389.21 MB

Total Virtual: 17321.84 MB

Available Virtual: 13103.61 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:689.64 GB) (Free:573.08 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.34 GB) NTFS

Drive e: (UPD1_607677) (CDROM) (Total:7.12 GB) (Free:0 GB) UDF

Drive f: (Data) (Fixed) (Total:195.31 GB) (Free:80.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 037C6746)

Partition: GPT.

==================== End of Addition.txt ============================

#6
RKinner

Posted 09 July 2017 - 11:56 AM

Malware Expert

Expert
24,624 posts

Uninstall:

Bonjour (Your version is not for win 10. You will get a new one if you reinstall iTunes or other Apple software)

SmartApp

Spybot S & D. Remove any immunizations before uninstalling.

SuperAntiSpyware

Reboot.

Do a new FRST scan with Addition.txt checked and post both logs.

#7
missmoody

Posted 09 July 2017 - 01:01 PM

Member

Topic Starter
Member
17 posts

Here are the FRST Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017

Ran by MoodyMiss (administrator) on LAPTOP-PD9G7JHJ (09-07-2017 19:46:56)

Running from C:\Users\MoodyMiss\Desktop\Malware Tools

Loaded Profiles: MoodyMiss (Available Profiles: MoodyMiss & Visitor)

Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel Corporation) C:\Windows\System32\ibtsiva.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe

() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Andrea Vacondio) C:\Program Files\PDFsam Enhanced 4\creator-ws.exe

(Andrea Vacondio) C:\Program Files\PDFsam Enhanced\creator-ws.exe

(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Lenovo) C:\Program Files\Lenovo\BTlocker\RestartThread.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Lenovo) C:\Program Files\Lenovo\BTlocker\BTDemoService.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe